Device Classification with Infinipoint

Infinipoint DIaaS controls device status in Netskope via the Netskope’s Device Classification. Infinipoint reports the compliance state of the device by creating a file artifact when the device is managed and compliant, and removes the file artifact when the device is non-compliant.

Netskope Device Classification	Infinipoint Device Compliance	File Artifact (Configurable, defined in Netskope’s “Device Classification”)
Managed	Compliant (and Managed by Infinipoint)	Windows: C:\Program Files\ Infinipoint\data\policy\comply   Mac: /Library/infp/data/policy/comply
Unmanaged	Non-compliant (And Not-managed by Infinipoint)	(Disk artifact does not exist)

Prerequisites

To complete this integration, you need:

• A Netskope tenant.
• An Infinipoint tenant.
• A few Windows/OSX machines running the Infinipoint clients.

Get the Client Installer

1. Download the clients from the console from the left panel.

   

2. Go to System > Tenant Settings > Infinipoint Deployments.

   

3. Choose the Windows/OSX client installer, download it, and double-click on the installer on the target machine.

Define Infinipoint Policy Compliance

1. In the Left panel, select Policy > Compliance Settings.

   

2. Click Edit and select these Actions Netskope Managed/Unmanaged per the OS.

   

These actions will signal Netskope when the device changes its compliance state.

Create an Infinipoint Policy

1. From the left panel choose Policy > Policies.

   

2. Click Create basic policy and follow the Policy Wizard.

   

3. Choose any policy items from the catalog.

   

4. Click Save and Continue in the right bottom.
5. Select targets to apply the policy. In this example, targets are applied to all Windows machines.

   

6. Click Save and Continue.
7. Check Treat any policy item noncompliance as asset noncompliance.

   

   This will change the device state to non-compliance (or Unmanaged) when any policy item is not satisfied.

8. Click Publish to deploy the policy on the devices.

Create a Device Classification

1. In your Netskope tenant, go to Settings > Manage > Device Classification and click New Device Classification Rule.
   • Windows Rule, File Check: C:\Program Files\Infinipoint\data\policy\comply
   • Mac Rule, File Check: /Library/infp/data/policy/comply
2. Use Netskope rules to control access according to Managed/Unmanaged Device status.
   • Full Access to Managed Devices
   • Restricted Access to Unmanaged Devices

Create a User Notification Template and Policies

1. In your Netskope tenant, go to Policies > Templates > User Notification.
2. Define a template that will pop-up when the device is Unmanaged.
3. Specify in the Message section the following: Please visit Infinipoint portal to fix your device https://self-service.infinipoint.io.

   

4. Create a Managed Device policy.

   

   The following is an example for All users devices, if the device is managed, it will be allowed to access any cloud service.

5. Create an Unmanaged Device policy.

   This is an example of a specific user + device.

   

   If the user ewexler@infinipoint.io is using Unmanaged device, it won’t be allowed to do specific network operations on his Google Drive.

Attach the sample Template that was defined above so the user gets a notification to navigate to the self-service portal in order to resolve issues.