Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1125
Views
0
Helpful
6
Replies

How to exclude mobile devices from authentication

vince.steiner
Level 1
Level 1

‎04-01-2013 12:21 PM

So i have a default identity policy that takes the identity of a user from an AD agent, i have also set up NTLM transparent authentication in case AD agent can not identify the user.

it works well on our windows domain attached PCs but there is a problem with mobile devices (ipads, iphones, droids, etc) every time they want to use the browser, app, people are being asked to put their credentials.

is there a way of excluding all of these mobile devices from this NTLM authentication? this is on ASA CX, i have an option to add a identity policy above this one, but how can i add mobile devices as a source?

Thanks

Labels:
0 Helpful
6 Replies 6

alessandro.s
Level 1
Level 1

‎04-01-2013 02:37 PM

Hi gregory,
If i'm not missing something there's no way to discriminate mobile users to exempt it from authentication. I think you need to create a Specific vlan for mobile users then create an identity specifying the new subnet and exempt it from authentication.

Hope this helps

Regards


Sent from Cisco Technical Support iPhone App

0 Helpful

Ken Stieers
VIP
VIP

‎04-01-2013 02:42 PM

Your other option, if the ASA CX allows it, is to create an identity for the User-Agent strings that the mobile devices use and not require authentication for those strings...   Its doable on the WSA, but I don't know about the CX...

0 Helpful

vince.steiner
Level 1
Level 1
In response to Ken Stieers

‎04-02-2013 07:36 AM

I tried that, and i can create user/device agent based object, but somehow i can not use it a s a source, i can only use network, IP range as a source.

0 Helpful

alessandro.s
Level 1
Level 1
In response to vince.steiner

‎04-02-2013 08:20 AM

If you was able to create user/device agent that identify mobile users so you can crate an identity based on user agents.

When you add an identity, in the lower left-side corner click on "advanced" then click on "None Selected" line next to "User Agents" . Then you can add your Custom User Agents strings in the list.

Regards

0 Helpful

vince.steiner
Level 1
Level 1
In response to alessandro.s

‎04-04-2013 06:18 AM

I can create a source object group based by  User agent object , but then the problem is that in the actual policy i can only add network sources as a sources, not this source object based on user agent identity i created.

i can add screenshots if needed, i this WSA may be more advanced that ASA CX

0 Helpful

alessandro.s
Level 1
Level 1
In response to vince.steiner

‎04-04-2013 07:50 AM

Hi Gregory,

please add screenshot so i can better understand the problem.

Thanks.

Regards

0 Helpful
Customers Also Viewed These Support Documents