Symantec Access Management

  • Private Community

  • 1.  Device Identification - at enrolment/external callout

    Broadcom Employee
    Posted Dec 07, 2017 04:38 AM

    We have a customer use case requiring the identification of a device based on whether they are company owned or personal devices.

     

    They would like to be able to control authentication based on this information (essentially restricting authentication from personal devices)

     

    AA can build a device ID, but could we identify a device before we've seen it based on information that we gather? Potentially then scoring this against an external database of known devices? These devices have x.509 certs to identify them

     

    Thanks

    Grant



  • 2.  Re: Device Identification - at enrolment/external callout
    Best Answer

    Broadcom Employee
    Posted Dec 07, 2017 02:38 PM

    You may be able to restrict users from personal devices by adding IP range in Trusted IP lists. You will find this in "manage List Data ans category Mappings" under "RIsk authentication configuration"

     

    The product can only capture the machine finger print and deviceID of a machine. 

    When a device will access for the first time its deviceID will be null, based on this you can configure the Unknown DeviceID rule to DENY. But this will deny all the users that are logging in for the first time.