Device Access Management Framework

The device access management framework leverages mobile device management (MDM) services so that you can use familiar Ivanti Connect Secure client policies to enforce security objectives based on your device classification scheme: device status is MDM enrollment complete or incomplete; device status is MDM-policy compliant or non-compliant; device is employee owned or company owned; device platform is iOS, Android, or neither; and so forth.

In this framework, the MDM is a device authorization server, and MDM record attributes are the basis for granular access policy determinations. For example, you can implement policies that allow devices that have a clean MDM posture assessment and are compliant with MDM policies to access the network, but deny access to servers when you want to prevent downloads to employee-owned devices or to a particular platform that might be vulnerable. To do this, you use the device attributes and status maintained by the MDM in Ivanti Secure Access Client role-mapping rules, and specify the device-attribute-based roles in familiar Ivanti Secure Access Client policies.

The framework simply extends the user access management framework realm configuration to include use of device attributes as a factor in role mapping rules. The following figure illustrates the similarities.

The following figure depicts the User Access Management Framework and Device Access Management Framework:

 

For details about the deployment and configuration, refer to the ICS Integration with MDM Servers Deployment Guide available on the https://www.ivanti.com/support/product-documentation site.