Posts Tagged ‘onboarding’

Introducing Meraki Trusted Access

These days, as individuals carry multiple types of devices and expect to be connected at all times, the job of an IT admin becomes more complicated and stressful. Knowing what each end-user and device is trying to do on the network can be a burden. How can you feel confident that your network security will not be jeopardized while company assets remain contained? 

Systems Manager, Cisco’s Mobile Device Management (MDM) solution, is evolving to address this need. We are introducing Meraki Trusted Access, which securely connects personal devices to business-critical resources without requiring an MDM profile to be installed. 

Meraki Trusted Access enhances both the IT and end-user experience

For IT, Meraki Trusted Access means no longer dealing with tedious and manual onboarding processes. Granting secure network access to end devices becomes seamless and automated. With the Meraki dashboard, IT can sync their Active Directory server to create user profiles. From those user profiles, Trusted Access can then be enabled for specific Wi-Fi networks, specifying how many devices each user can onboard to get access and for how long. A user’s device gets access using a certificate, once that user is authenticated, the device is now “trusted”. A “trusted” device can now securely access resources. 

Additionally, Meraki Trusted Access enables more control and manageability over certificate-based onboarding processes. Whether a user is managed or unmanaged, the certificate authentication is done with Meraki. This removes the need to engineer complex third-party integrations. Finally, Systems Manager also offers an open API platform for customized integrations, for more business-critical operations. 

For end-users, Meraki Trusted Access means an easier way to access critical applications. By using the newly enhanced Meraki Self-Service Portal, end-users can sign into the portal and start onboarding their devices themselves. From there, they can download certificates directly to those devices, granting them secure access to business-critical applications they might need. On top of this intuitive method of getting their devices access, end-users will also be happy to know that their privacy stays intact. They will no longer need to enroll into an MDM solution in order to get the access they need.

Meraki Trusted Access is the easiest way to securely connect devices without an MDM

Enabling Meraki Trusted Access is simple. Meraki Trusted Access is enabled when you have both Meraki MR access points and Meraki Systems Manager in your network. 

You can configure Meraki Trusted Access in 4 simple steps: 

  1. Enable Trusted Access on an SSID
  2. Create an end-user profile under Systems Manager. You can automatically use Active Directory group tags to enable Trusted Access or configure users manually.
  3. Select the end-user’s network access privileges and tie them to the SSID that has Trusted Access enabled 
  4. Share the Self-Service Portal link to the end-user so they can onboard their devices and download the trusted certificate.

Cisco’s MDM solution, Meraki Systems Manager, continues to provide end-users and end-devices network security with flexible authentication methods, automated device onboarding, and dynamic security policies. 

If you are a current MR and SM customer, you can try Meraki Trusted Access today (just make sure you have enough SM licenses to cover the number of mobile devices). Start by reading our Meraki Trusted Access documentation guide for a smooth set-up. If you’d like to learn more about Systems Manager, you can connect with the Meraki team to start a 30-day free trial, no strings attached.

All Aboard!

Systems Manager Sentry offers a range of features that make the life of IT administrators easier. By providing simple, automatic security that is context aware, Sentry dramatically simplifies previously complex configurations. To be able to take advantage of Sentry functionality, devices need to be enrolled in Systems Manager. There are a variety of ways this can be done, but one of the simplest is by using Sentry enrollment.

Sentry enrollment is available with Meraki MR Access Points (AP) and not only automates deployment of Systems Manager, but ensures policy compliance by requiring Systems Managers installation. Sentry enrollment is an option within the wireless access control page of the Meraki dashboard. By choosing the radio button that enables Systems Manager Sentry enrollment, all devices connecting to this SSID will be checked for Systems Manager.

sm_sentry_enrollment

With Sentry enrollment enabled and a Systems Manager network selected, the administrator then has a couple of options to choose from. The strength option allows the level of compliance to be tailored to suit your environment. With the strength set to ‘Focused’, only the system types you have chosen will be forced to enrol in Systems Manager. A good example of why this may be desirable, is if you only want mobile Apple devices such as iPhones and iPads under management, not Windows laptops. This can be achieved by choosing ‘Focused’ and selecting iOS as the only system type you wish to force to enroll.

sm_sentry_enrollment_strength

When a user connects to an SSID with Sentry enrollment, they must have Systems Manager to be able to access the network. If a user removes Systems Manager from their device, they will be forced to install it again if they want to access the network. Watch the video below for a full dashboard and end user demonstration of this feature in action.

https://www.youtube.com/watch?v=6DnhEQBAGIQ

Users are guided through the enrollment process with the necessary settings pre-configured for them. This eliminates the need to pre-stage devices before they are delivered to users and allows enrollment as and when devices connect. Think of it as your fast lane to pervasive mobile device management.

301122_10150400980151535_1428555892_n

Sentry features highlight the power and simplicity of the Meraki cloud architecture that provides native integration between different product families. Typically such enrollment or onboarding processes require additional servers, appliances, or licences. Even if this is not needed, integration between the MDM and the network (often from different vendors) can be complex to configure. With Meraki, enrollment becomes a couple of clicks and a matter of moments to enable. Find out more by attending one of our focused webinars covering the Sentry features of Systems Manager in further detail.