How-To's
This section covers general information about Infinipoint system and products.
The following topics are discussed below:
Additional topics in the How-To section include:
Definition of terms commonly used in our product and documentation
Assets - Devices (desktops or laptops computers, mobile devices etc.).
Managed Assets - devices governed by Infinipoint client.
Unmanaged Assets - Devices not controlled by Infinipoint.
Client - Software that resides in a user’s desktop computer, laptop computer, or mobile device, which connects the user with Infinipoint servers.
DIaaS – Device-Identity-as-a-Service offering, is Infinipoint flagship service, enabling controlled access based on the user’s device security status.
Grace Period - The time period user will be able to access desired application without compliance.
Ownership - Device ownership is an assigned association between the user and a specific device. This association occurs during the initial login, independently of the title ownership of the device (whoever paid for it). Ownership classification can be either corporate or personal/private.
Pinning - A pinned device can only be used by its designated owner. Enforcing pinning on users will blocks users who are not using devices that they own.
Policy - An access restriction placed by the administrator to provide a secure environment for the organization. The policies have specific objectives and can notify users and/or admins of pending issues, or enforce compliance.
Single-Sign-On (SSO) Authentication - A method that allows users to sign in using one set of credentials to connect to multiple independent software systems.
Remediation - Actions taken to make the device compliant with policies.
Rule - A configurations of chosen policies or actions with their specified targets.
Ruleset - The order of priorities with which the different rules are verifying compliance.
Target - The user/ group of users / devices that the policy will act upon.
Tenant - A large group of users classified as a single entity within the company’s servers. For example: Company X is a Tenant on Infinipoint servers.
Waterfall - Refers to the building, setting up, or the functionality of the ruleset. The waterfall describes the order the rules will apply, the default rule being the last one.
Common Abbreviations:
2FA - Two Factors Authentication - also called Multi-Factor Authentication
BYOD - Bring Your Own Device - Common practice where employees use their personal devices to work.
DIaaS - Device Identity as a Service
SSO - Single-Sign-On
Policies
Types of policies
There are two types of policies:
User Policy - Policies dealing with issues associated with specific users or groups, and their respective credentials to access the organizational systems.
Device policy - Policies with direct association to specific targets (devices)
How to Create a User Policy
To create a User policy, at the Infinipoint console, at the sidebar, select Device Identity > User Compliance, and click the Policies tab.
At the top right corner of the screen, click Create Policy to open the different options.
Choose from Built in or Custom policy
For Built in Policy
a. Name policy and select the Grace period you allow access to users without resolving the compliance issue(s).
b. Select form a range of items, allowing or disallowing user remediation, and Save.
For Custom Policy
a. Name policy and select the Grace period you allow access to users without resolving the compliance issue(s).
b. Select and edit items based on scripts or queries, and Save.
User Policy gets activated as part of a rule. The rule will have selected targets for the policies to act on.
How to Create a Device Policy
To create a Device Policy, at the Infinipoint console, at the sidebar, select Policy > Policies.
At the top right corner of the screen, click Create Policy to open the different options.
Choose from Built in or Custom policy
For Built in Policy
a. Name policy and select the desired Enforcement level.
b. Select form a range of items, allowing or disallowing user remediation.
c. Select targets.
d. Activate policy by clicking the Publish button, or click Save and Close for later deployment.
For Custom Policy
a. Name policy and select the desired Enforcement level.
b. Select and edit items based on scripts or queries.
c. Select targets.
d. Activate policy by clicking the Publish button, or click Save and Close for later deployment.
How to create rules
A Rule is a compliment of one or more policies, with assigned targets.
At the Infinipoint console, at the sidebar, select Device Identity > User Compliance
At the upper left corner, click the Add sign:
a. Name the describe the new rule.
b. Select user policies you want to be included or choose Device Compliance policies.
c. Select targets from available Users, Groups and Domains.
d. Select the related IdP(s).
Note: When choosing targets, selecting include will place the policy/rule on the specified target, while selecting exclude will let the selected target bypass the rule.
Ruleset Management
The Ruleset determines the order in which the rules will be applied to different users. Policies within a specific rule are triggered the first time the target is identified.
Therefore, users that belongs to multiple groups, will only be affected by policies that are placed at first rule that will target them. For example: User X is a contractor working for the HR dept. He belongs to the “Contractors” group as well as “HR” group. Rule #1 relates to contractors, is above Rule #2 which relates to HR. User X will only have Rule #1 activated.
You can drag the rules to rearrange them, so that in this example, Rule #2 (HR) will be on top and therefore, user X will trigger only the policies related to HR and not those related to the Contractors group.
Any change to the ruleset, automatically creates a Draft Ruleset, which becomes the new Current Ruleset once you click Publish.