Security

is this possible?

This client would like to identify if the device belong to the company or not and then do an action for example if the laptop is from the company give him all the privileges, if its not then no.

 

I know you can  identify user, and if the user is using a laptop and also if the same user is using a smatphone, and putting differnet roles to both of them

 

But what about if i got this situation

The company has a few company smartphones, that belong to them, and they would like to identify if the:

smartphone belong to the compnay

Who is using it

And depending on both take an action i mean if it belong to the company and its a high executive, give him all access.

If its a smartphone of the company and belong to sales, give him this access

 

if it belong to the user, and he is a high executive, give him this access

and so on.

 

Is this possible?

They can check for machine authentication for the laptops to check domain membership for windows devices. For mobile devices, they can either onboard them, or put the Mac addresses of company owned mobile devices into a static host list and then check the calling-station-Id (Mac addresses) of devices to see if they belong to that static host list.

Certificates would be the best route. You can use a different CA for corporate device.


Thanks,
Tim

Thank you guys!!

Tim Question

When you say use a differnt CA for corporate

Are you suggesting of having one CA for coporate devices and one CA for non corporate devices?

 

Cheers

Carlos

Yes that's a common scenario. You could either use two different Onboard CAs or an Onboard CA for BYOD and an ADCS CA for corporate.


Thanks,
Tim