After you set up the mobile cloud security solution, software on the mobile device redirects HTTP/HTTPS traffic to Skyhigh Security WSGS for filtering.
- In Skyhigh CASB, the administrator configures the mobile cloud security solution by:
- Uploading the customer CA certificate, whose private key is used to sign the device certificates
- Specifying the names of the fields that identify the user name and user group in the device certificates
IMPORTANT: You must upload the CA certificate before configuring the MDM solution.
- In the administrator interface of the MDM solution, the administrator:
- Configures an identity certificate profile for the device.
- Configures the VPN profile which references the identity certificate profile.
- When the user logs on to the device and registers it with the MDM server, the software:
- Signs the identity or device certificate with the CA certificate.
- Downloads the signed certificate and VPN profile to the device.
- After the following steps are completed, the software on the device starts redirecting HTTP/HTTPS traffic to Skyhigh Security WSGS through the VPN gateway.
- The device uses the signed certificate to authenticate to the VPN gateway.
- The VPN gateway creates a secure VPN tunnel with the device.
- WSGS filters the HTTP/HTTPS traffic, allowing or blocking web requests according to your policy.