Device Classification with Infinipoint
Device Classification with Infinipoint
Infinipoint DIaaS controls device status in Netskope via the Netskope’s Device Classification. Infinipoint reports the compliance state of the device by creating a file artifact when the device is managed and compliant, and removes the file artifact when the device is non-compliant.
Netskope Device Classification | Infinipoint Device Compliance | File Artifact (Configurable, defined in Netskope’s “Device Classification”) |
Managed | Compliant (and Managed by Infinipoint) | Windows: C:\Program Files\ Infinipoint\data\policy\comply Mac: /Library/infp/data/policy/comply |
Unmanaged | Non-compliant (And Not-managed by Infinipoint) | (Disk artifact does not exist) |
Prerequisites
To complete this integration, you need:
- A Netskope tenant.
- An Infinipoint tenant.
- A few Windows/OSX machines running the Infinipoint clients.
Get the Client Installer
- Download the clients from the console from the left panel.
- Go to System > Tenant Settings > Infinipoint Deployments.
- Choose the Windows/OSX client installer, download it, and double-click on the installer on the target machine.
Define Infinipoint Policy Compliance
- In the Left panel, select Policy > Compliance Settings.
- Click Edit and select these Actions Netskope Managed/Unmanaged per the OS.
These actions will signal Netskope when the device changes its compliance state.
Create an Infinipoint Policy
- From the left panel choose Policy > Policies.
- Click Create basic policy and follow the Policy Wizard.
- Choose any policy items from the catalog.
- Click Save and Continue in the right bottom.
- Select targets to apply the policy. In this example, targets are applied to all Windows machines.
- Click Save and Continue.
- Check Treat any policy item noncompliance as asset noncompliance.
This will change the device state to non-compliance (or Unmanaged) when any policy item is not satisfied.
- Click Publish to deploy the policy on the devices.
Create a Device Classification
- In your Netskope tenant, go to Settings > Manage > Device Classification and click New Device Classification Rule.
- Windows Rule, File Check: C:\Program Files\Infinipoint\data\policy\comply
- Mac Rule, File Check: /Library/infp/data/policy/comply
- Use Netskope rules to control access according to Managed/Unmanaged Device status.
- Full Access to Managed Devices
- Restricted Access to Unmanaged Devices
Create a User Notification Template and Policies
- In your Netskope tenant, go to Policies > Templates > User Notification.
- Define a template that will pop-up when the device is Unmanaged.
- Specify in the Message section the following: Please visit Infinipoint portal to fix your device https://self-service.infinipoint.io.
- Create a Managed Device policy.
The following is an example for All users devices, if the device is managed, it will be allowed to access any cloud service.
- Create an Unmanaged Device policy.
This is an example of a specific user + device.
If the user ewexler@infinipoint.io is using Unmanaged device, it won’t be allowed to do specific network operations on his Google Drive.
Attach the sample Template that was defined above so the user gets a notification to navigate to the self-service portal in order to resolve issues.