Skip to main content

Welcome to Skyhigh Security!

Skyhigh Security

Configuring Skyhigh Mobile Cloud Security

Configuring Skyhigh Mobile Cloud Security involves integrating with an MDM (such as AirWatch, MobileIron, or InTune) and configuring a VPN profile before traffic is filtered.

Step 1: Configure SMCS

  1. Log in to Skyhigh CASB and go to Settings > Infrastructure > Web Gateway Setup.
  2. Click Configure to the right of Skyhigh Mobile Cloud Security.

  3. In the Skyhigh Mobile Cloud Security Deployment page, you'll upload and manage customer CA certificates and choose user groups to assign to each cert. Click Upload.

  4. Select and upload a custom CA certificate. The certificate's private key is used to sign the device certificates.
  5. Specify the names of the fields that identify the User name and an optional User Group in the device certificates.

NOTE: You can test the device certificate authentication with the uploaded CA by clicking Upload and Test.

Step 2: Configure MDM

  1. In your organization's MDM solution, configure an identity certificate profile. 
  2. Configure the VPN profile which references the identity certificate profile. When the user logs on to the device and registers it, the MDM signs the identity or device certificate with the CA certificate and downloads the signed certificate and VPN profile to the device.
  3. The device uses the signed certificate to authenticate to the VPN gateway. The VPN gateway creates a secure VPN tunnel with the device. Skyhigh Security WGCS filters the HTTP/HTTPS traffic, allowing or blocking web requests according to Cloud Application Control policies.

After the steps are completed, the software on the device starts redirecting HTTP/HTTPS traffic to WGCS through the VPN gateway.

  • Was this article helpful?