Configuring Skyhigh Mobile Cloud Security Client involves integrating with an MDM (such as AirWatch, MobileIron, or InTune) and configuring a VPN profile before traffic is filtered.
Step 1: Configure MCSC
- Log in to Skyhigh CASB and go to Settings > Integrations > McAfee.
- On the McAfee Integrations page, click Web Security Gateway Service.
- Click Edit to the right of Skyhigh Mobile Cloud Security Client.
- In the Skyhigh Mobile Cloud Security Client Deployment page, you'll upload and manage customer CA certificates and choose user groups to assign to each cert. Click Upload.
- Select and upload a custom CA certificate. The certificate's private key is used to sign the device certificates.
- Specify the names of the fields that identify the User name and an optional User Group in the device certificates.
NOTE: You can test the device certificate authentication with the uploaded CA by clicking Upload and Test.
Step 2: Configure MDM
- In your organization's MDM solution, configure an identity certificate profile.
- Configure the VPN profile which references the identity certificate profile. When the user logs on to the device and registers it, the MDM signs the identity or device certificate with the CA certificate and downloads the signed certificate and VPN profile to the device.
- The device uses the signed certificate to authenticate to the VPN gateway. The VPN gateway creates a secure VPN tunnel with the device. Skyhigh Security WGCS filters the HTTP/HTTPS traffic, allowing or blocking web requests according to Cloud Application Control policies.
After the steps are completed, the software on the device starts redirecting HTTP/HTTPS traffic to WSGS through the VPN gateway.