Secure Mobile Access 100 10.2 Administration Guide

Table of Contents

Configuring EPC Device Profiles

Create device profiles to configure authentication guidelines for users or groups of users based on various global, group, or user attributes. For example, you can select groups that use an Antivirus program or users with a specific Windows version.

Two kinds of profiles are available: Allow profiles and Deny profiles. Allow profiles identify attributes of the client’s network that must be present before a user is authenticated, and Deny profiles identify attributes of the network that cannot be present. If multiple profiles are defined for a group or user, connection to the SMA appliance is granted only when a client’s environment fulfills all Allow profiles for the group or user and does not fulfill any Deny profiles.

The End Point Control > Device Profiles page lists all device profiles and identifies the platform where the profile can be used. This page also contains buttons that allow you to add, edit, or delete profiles. Hover the mouse over an icon or button to identify it.

To create a device profile

  1. On the End Point Control > Device Profiles page, click Add Device profile.

  2. In the Name field, type the name that is used to identify the profile.
  3. In the Description field, optionally type a brief description of the profile that helps identify the profile.
  4. Select whether the profile is being created for Windows, Mac, Linux, iOS, or Windows & Android Phone clients.
  5. Click + to add the device profile.
  6. Use the Type drop-down menu to select the attribute used to select users. The options are Antivirus program, Antimalware, Personal firewall program, Client certificate, Application, Directory name, File name, registry entry details, Domain, Version, Equipment ID, and Windows Patches. You should select the remaining fields on this page, as the fields vary based on your selection of the type.
  7. Click Add to current attribute. Repeat 5 & 6 for each attribute that should be included in the profile.
  8. You can optionally enter a custom message that shows the user the EPC check has failed. The Administrator could enter text to indicate how to fix the issue or the reason the policy failed.
  9. To complete the profile, click Accept at the upper right of the page.

  10. To edit the Device profile click on the edit.

  11. Click Submit on the lower right to save your changes.