Mobile Access Control
- Two-factor authentication by matching device and user
- Self-service access portal for registering device and for managing login
- Administrative tools for access control and device approval
- Multiple enrollment options
- No storage of Active Directory credentials on mobile device
Strong Email Authentication Without Compromising Your Network
Connecting smartphones from public WiFi networks (e.g., Internet café, airports) to your corporate network introduces a critical security issue - the corporate credentials are stored and used on the mobile device and therefore could be easily hacked or stolen. Most of us will install the coolest new mobile app without really knowing whether it comes from a reliable source.
The low level of device security raises two issues:
- Your Active Directory username and password can be hacked and used to provide access to many core business applications.
- Even if only mail is published to an external network- a hacker can use your credentials to receive your mails with anyone else noticing.
For these reasons, securing access control is essential.
Two-Factor Authentication and Active Directory Protection
Mobile Access Control offers several important features to solve this problem:
- Two Factor Authentication- uses the smart phone as something you have and the password as something you know.
- Custom login- protects corporate password by defining custom login credentials exclusively for ActiveSync (AD credentialsare not storedon mobile device)
- Access portal- supports two-step registration of users as well as administration tasks, such as approving devices, blocking users and tracking the registration process.
Strong identification of device
Unlike other solutions in the market, Mobile Access Control does not depend only on device ID (IMEI) for identifying the device, but generates an application key that is set on the device during the registration process. This ensures that the user and mobile device to be synchronized always match. This is an important feature because device ID can be easily faked. Some devices allow the user to manually change the device ID sent by the device. Another reason is that corporate phones provided in bulk using a replication process often all have the same device ID.
Device Registration Options
Mobile Access Control supports various enrollment options:
- Automatic Registration- Device is registered the first time a user syncs via ActiveSync Protector. Once registered,ActiveSync Protectorthen verifies during subsequent synchronizations that the sync operation is in fact performed from the registered device. Any attempt to sync with the user's credentials from a different device will be blocked.
- Two Step Registration- This option employs a tighter security approach that requires the user to first register on a dedicated Access Portal and then synchronize within a short period of time (defined in portal configuration) in order to complete registration. Authentication can be performed against the user's AD credentials or by using custom credentials that the user creates on the Access Portal (different than their AD credentials). The custom login option offers a higher level of security, as well as supporting organizations that use smartcards for network access rather than username/password credentials.