With Skyhigh Cloud Connector you can use device IDs from Active Directory to verify if a device is managed or not. Active Directory Integration enables you to secure mobile-cloud usage while allowing users to remain productive. This integration can also force two-factor authentication, which is especially useful if an employee logs into a CSP from a public, unsecured network.
When a user logs in, Skyhigh CASB checks if the device is managed. If the device is managed, the device ID is checked against the AD certificate. If the certificate is valid, the user is allowed to access the target CSP or is redirected to SSO, depending on your policies.
If a cert is invalid, the device is considered to be unmanaged. How unmanaged devices are handled depends on your organization's access policy.
Your organization needs the following for this integration:
- Cloud Connector configured to poll device information for enrolled devices from Active Directory.
- Skyhigh CASB Reverse Proxy.
- Preconfigured CSPs.
- Access Policies (see Step 1).
Create a Cloud Access Policy
To leverage AD device information, you will need to set up a Cloud Access Policy that directs Skyhigh CASB what to do with unmanaged devices. Set the action to Register Device. This forces users to register their device before accessing CSPs.
Set up a Custom Portal
If you haven't already, customize your organization's portal so users are asked to log in to SSO (if wanted) or if you would like any other text to be displayed. You will also want to set up Device Certificates for users.