Skip to main content
Skyhigh Security

Directory Services Integration

With Skyhigh Cloud Connector you can use device IDs from Active Directory to verify if a device is managed or not. Active Directory Integration enables you to secure mobile-cloud usage while allowing users to remain productive. This integration can also force two-factor authentication, which is especially useful if an employee logs into a CSP from a public, unsecured network.

When a user logs in, Skyhigh CASB checks if the device is managed. If the device is managed, the device ID is checked against the AD certificate. If the certificate is valid, the user is allowed to access the target CSP or is redirected to SSO, depending on your policies. 

If a cert is invalid, the device is considered to be unmanaged. How unmanaged devices are handled depends on your organization's access policy. 

Prerequisites

Your organization needs the following for this integration:

  • Cloud Connector configured to poll device information for enrolled devices from Active Directory.
  • Skyhigh CASB Reverse Proxy.
  • Preconfigured CSPs.
  • Access Policies (see Step 1).

Create a Cloud Access Policy

To leverage AD device information, you will need to set up a Cloud Access Policy that directs Skyhigh CASB what to do with unmanaged devices. Set the action to Register Device. This forces users to register their device before accessing CSPs.

clipboard_ec844bb7684504f88961e43e0a77caf83

Set up a Custom Portal

If you haven't already, customize your organization's portal so users are asked to log in to SSO (if wanted) or if you would like any other text to be displayed. You will also want to set up Device Certificates for users.

AccessControlPolicies_DeviceMgmt_DeviceCerts.png

  • Was this article helpful?