Product Documentation

Configuring General Security Options

Oct 20, 2015

You can configure security in the Options dialog box to customize the security features of the service. By default, when Secure Device is included in the license, it is automatically activated during installation, with a strong level of security. You can change the following parameters:

  • Enforce SSLForces devices to communicate using an SSL transport. All HTTP requests from devices will be rejected.
  • Strong Authentication. Enabling Strong Authentication generates a Strong ID for devices that is then used as a second factor of authentication during the enrollment process.
  • Strong ID Valid Once. Allows Strong ID passcodes to only be used once. When the Strong ID is used once to generate a device certificate, it cannot be reused. The evice has to be revoked and reauthorized.
  • Certificate Renewal. Sets the renewal time frame for certificates used in Strong Authentication mode. The 0 option disables the certificate renewal process.
  • Always Add Device. Allows automatic registration of devices into Device Manager even when Secure Device is activated.
  • Block Rooted Android and iOS Enrollment. Enabling this function will block rooted or jailbroken devices from enrolling.
  • 8 Char Strong ID. Enables a Strong ID character string that is limited to 8 characters.
  • SHP Console for Users. Enables or Disables the Self-Help Console for user management of devices.
  • XDM/SHP console max inactive interval. The time (in minutes) between client requests before the server will invalidate a session. 0 means that a session will never time out.
  • iOS agent auto logout (minutes). Length of time before an iOS agent user is logged due to inactivity.
  • Enable client cert authentication for iOS. If enabled, iOS enrollment agent will use certificate authentication. If disabled, iOS enrollment agent uses session based authentication.

To enable Strong ID

Strong ID is a form of two-factor authentication used to provide an extra layer of extra security when enrolling a device.

  1. Enable Strong ID from the Options menu on the Security tab in the Device Manager web console. Citrix also recommends that you enable 8 Char Strong ID. At this point, no devices will be able to enroll until the device serial number or IMEI is known.
  2. Add the devices manually (or import) from the Devices tab using the device serial number or IMEI, which will generate a Strong ID for the device.
  3. When a user is ready to enroll, the user needs to call their administrator and give their Serial/IMEI, so the administrator can provide the Strong ID from the device properties.