Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Current »

General Overview

 

This is a general overview, for detailed information please advise our full article.

 

Our MDM solution with Skype for Business is applied during the sign-in process where we validate the device id against the MDM provider using an additional app during the sign-in process which is processed by our reverse proxy that stands in front of the Lync-discover request.

 

To distill it further our solution works in two parts:

1. Client-side -The user has the Sphershield app on the device which is being prompt during the sign-in process and sends a request with the device ID.

 

  1. Server-side - The sign-in request is being intercepted by our reverse proxy, which blocks or allows the sign-in process by comparing the device id to the list of the devices and users by the MDM provider.

We are able to integrate with the provider directly by pulling the list of devices from the MDM API by a process designated for asynchronous operations we call the Maintenance Service(you can read more about the maintenance service in the following article).

 

 When is S4B on the mobile logged out/blocked exactly?

During the sign-in process

 

Where is the Maintenance Service located and its role?

The Maintenance Service is an independent service we usually deploy along with the server that hosts the Access Portal. its main job is to perform asynchronous operations that relate to the database.

 

When does a device become out of compliance?

The Maintenance Service pull the device list multiply times a day(based on user configuration) which afterward get compared

 


What happens when a device becomes non-compliant? 

The device unable to sign-in 

 

Does the user need to have the SkypeShield App open on the mobile device?

The app is only required during the sign-in process and the user is redirected automatically from the S4B mobile app.

We have an option between requiring the SphereShield App for every sign-in or just for the first sign-in

 

How exactly is this done?

 

We deploy a server that operates as a reverse proxy (named bastion) and he is able to redirect the mobile client to the SphereShield app

 

#7162

 

  1. What does the product offer and how
    Our  product allows to add an additional factor to the authentication based on the Device UUID which integrates  with the following MDM solutions and verifies they are not out of compliance:

    1. MobileIron

    2. Maas360

    3. Air Watch

    4. Citrix XenApp

  2. What are the components involved

  3. general description of the way we integrate with MDM but you can read further details in the following link:
    Our MDM solution work in two parts:

    1. Server-side - We pull the list of devices and their status from the MDM provider and use it when verifying device registration

    2. Client-side - An app installed on the managed devices which is used along with the sign-in process and send the UUID along with the regular sign-in process.

 

The verification itself is being handled by the LAC filter on the Bastion server and the list of devices is being pulled regularly by the Maintenance Service which is typically installed on the Access Portal.

The following table allows quick summation of the different approaches you can use when deploying our integration with MDM providers and can be found in this article

 

 

  • No labels