Enabling authentication profiles for device verification through an MDM system

To enable SafeLinx Server to enforce device verification through an MDM service, associate one or more MDM profiles with an authentication profile. After a client device authenticates successfully through the primary authentication method, SafeLinx Server sends device information to the MDM service. The MDM service then checks whether the device is registered and whether it complies with configured policies.

After you enable MDM integration for an authentication profile, by default only IBM Connections, IBM Connections Chat (formerly Sametime), and IBM Verse are supported. To configure support for other HTTP client applications and devices, see the How to handle unmanaged devices section of Configuring an MDM profile for more information.

Authentication profiles with which you associate an MDM profile can be used by HTTP access services only. If you configure other resources to use the same authentication profile, such as a Virtual Private Network (VPN) service, its clients are unable to connect.

To enable an MDM profile for a SafeLinx Server authentication profile:

  1. In the SafeLinx Administrator Resources pane, expand the OU in which the authentication profile is defined, right-click Authentication profile, and click Open.
  2. In the Authentication profile window, select the authentication profile that you want to configure and click Properties.
  3. Click MDM.
  4. In MDM Integration, select the name of the MDM profile that you want to use with the authentication profile.
  5. Click OK.

    You can assign multiple MDM profiles to a single authentication profile. Secondary MDM profiles are used for failover. Thus, if SafeLinx Server fails to receive a response from the MDM server that is configured in the first profile, it tries the next profile. Failover applies to locally installed MDM servers. It is not applicable to cloud-based MDM systems.