Device Trust: Workspace One and Okta

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] [Music] you [Music] hello everyone today I'm gonna demonstrate the device trust mechanism and integration between VMware workspace one and opt identity services this device stress mechanism is provide us user access to corporate information capre application in this case to only manage mobile devices so in our use case here in this video we're gonna show slack is as our sensitive corporate information that we need to protect we own we only gonna provide access to slack to manage mobile devices you can do this to PC or Mac OS as well but for the interest of this video are gonna demonstrate on a Yusuke of an iOS device a BYOD device a brand new employee to join the company and try to access slack and how the conditional access work from octa as well as V I am access as well as a workspace one you am so as you can see here on my screen the hub app is not manage my device is not manage right now today I'm start the company my identity John Anderson so as you can see here I already have slack pre downloaded as a BYOD I use slack right with other without a vendor or for my personal usage my device not managed you can see the hub app earlier I'm gonna try to sign in my IT told me that hey you have a slack account you can or my friend told me my coworker told me that so I'm going to try to gain access to cooperate slack at ESI so I crunching my email address I'm gonna type in the slack tendon of my company right this is a corporate tenant when I try to sign in because the slack is federal right with octa it's gonna ask me to sign into octa with my identity you can see here briefly it's ticking over to Vav IDM access to valuate this divided Parcher but I don't know that as the end user we don't know this so we just go with the flow here type in my credentials try to gain access to slack with a device that not being managed so this is a scion policy this is a conditional access for from octa Scion policy from octal you can implement a many other player layer of conditional access but for the interest I'm just gonna do MFA make sure I am Who I am right now so in conjunction with octa after routing the rules to VI of vmware access it recognized my devices Hey do you use your device manage my workspace one you am look likes my device not manage but i'm gonna go ahead and do this try to see if i have to enroll into workspace one uem so I'm just kind of type in random something here see you've recognized me for our organization you can I can disable the weapon Roman right so at this time you say hey to enroll this device Li download install and run the workspace one intelligent huh so it's configurable yeah so it's kind of take me to the App Store to get me download this enrollment an intelligent hub because Irene downloaded ahead of time so here it is for the interests of video now I integrated the octa group to VMware acts being where workspace one um so it's recognized me when IT sent me up its automated push me at my account to - let me enroll however for the interests of this video as well I'm not gonna show that is this is splits backed above an end user they don't know this so they're just gonna go ahead and type in their email address here so it's recognized me I'm allowed to enroll the next step is to authenticate so this isn't a feature from works wave one you am this is a BYOD scenario is recommend it recognized on my devices BYOD its give information what they collect and what did not collect you can see here it's not collect any personal email personal photos any personal text message and only interested in a protected work information device information work app and diagnostic as such but uh yeah it's anybody that be worried that skeptical to bring their device to work this information will help them so the next step here is iOS enrollment into the workspace one you am very straightforward British standardized here I know what exactly what to do so I'm gonna continue continue with the enrollment process so we're gonna installing the management profile from um so once I'm done this there's a lot of information gonna pop up here explain further but the hub app on top left corner of the screen you see the hub you can go back there to finish the enrollment process app management change so basically this message is hey your company gonna deploy app to your device I integrated Apple business manager volume purchase program so all these corporate app is coming down to the device are not attached to the user personal Apple ID at all but hop app right now finish the enrollment is evaluate the compliant of my devices the devices not jailbroken the device is managed and not lost touch with the servers last 30-day so that this device only being met is managed at all time okay so I'm done dear Roman right my interest here is to gain access to slack there's a lot of prom going to come down to my device but I gotta jump ahead and try to set up slack this will be a lot of prom can I interrupt it but just just for your information I'm gonna jump ahead to slack so I tried to sign after again this time because my device man and see it would recognize my device manage just make sure I am Who I am try to access ed this is conditional access Mamata there we go my device managed is allow me to access corporate information corporate app that we need to protect the reason why isn't it to be managed because then we can impose policy from uem the row of you am then deploy down IT policies such as protecting slack information to get outside of the personal device information ray its evaluate the device Parcher if you device for our complying it remove the access to slack but talking about that let's demonstrate the OP boarding process so today John Anderson is done for the done with accompany his last day today this is the 5:00 p.m. right now you can see here on slack I have a personal personal mobile pros slack channel and ESI technology is our corporate account so the uploading process has it work is at slack integrate with octa octo gonna deactivate automatically his account ways Wow so let's see how's it work so I'm going to access after and I'm going to deactivate John Anderson account or delete or I can do this in Active Directory is Singh with author and after does that but are gonna deactivate his account right now so I can access slack here and deactivate so the moment that the company is deactivate a user account and you can see there it's gone right as soon a moment is deactivate my account the access to slack cooperate sensitive information is remove as well so and it's also a good thing here it's leaving the BYOD information intact so the user doesn't lose it you can convey don't do not remove slack application as well right in top of the workspace one uem my device is still enroll my device through Android you can see here but one is sink I think there's a duration of certain hourly 12-hour when it's sink with the workspace one uem console it will interpret wipe this device as well for the interest of video I can initiate as process immediately so let's see how's it working performance in care all right this thing's almost done there you go you can see it start removing when it's sink its removing my device off the enrollment leave everything intact right so BYOD this is extremely useful and is it's very good so SN @ up boarding occur right the user then can see if they can try to access to slack again right but they won't be able to because the account deactivate so let's try let's just give it a quick a quick peek when all this occurred so I've tried to regain access to slack right when my County activated at the end user they don't know that I can no longer do it so there you go this demonstration in summary is how device trust mechanism works it's great we only going to provide access corporate information that's sensitive to manage mobile device at the same time the are boarding process work very instantly because everything linked together the activate accounts octa or Active Directory is automatically deep provisioning accounting application a very instant at the same time it's Enterprise wipe the device when the single curve and if conflict properly was this all set and done corporate information protect with layer of security very nice it's pushed down the identity access as a focus of our how we protect corporate information but otherwise have a great day thank you for your watching
Info
Channel: donion23
Views: 404
Rating: 5 out of 5
Keywords:
Id: D9n7Otes-Ms
Channel Id: undefined
Length: 12min 53sec (773 seconds)
Published: Thu Jan 09 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.