Requiring approval for device access
IBM Traveler gives administrators the ability to require approval before a user's device can sync data.
In addition, the Administrator can specify a certain number of devices per user that can sync without approval. This function applies to all devices supported by IBM Traveler.
Administrator settings
Administrators can control the approval settings from the
LotusTraveler.nsf
Default Settings form (standalone server only) and the Domino® Policy document for IBM Traveler. You can also control the approval settings using the
web-based administration. To do so, go to the Device Settings view, select
Preferences, and then select Device Access. The
following settings are available:- Require approval for device access: Selecting this setting enables the feature. Once selected, all new devices will be able to register but not sync data with IBM Traveler until approved. Essentially the device will be in a locked state until approved by the administrator.
- Number of devices to allow per user before approval is required: This setting allows the administrator to auto approve a given number of devices per user. The number refers to registered devices per user and is not time sensitive. For example, if set to 1, the first device to register for a user will not require approval. If the user already has a device registered, then any new devices that register will need approval to sync data. See the tell commands information below for information on how to remove a device from the database.
- Addresses to notify when approval action is pending (optional): This allows an Administrator to be notified when an approval action is required. The notification includes the User ID, Device ID, Device Type, and date of registration. The notification list can include users, groups and Mail-In DBs. The registering user will always receive a notification when either a device registers and requires approval. The end user will again be notified when the Administrator approves or denies access for the device.
Approving or denying a device using the IBM Traveler admin database (LotusTraveler.nsf)
Use of the LotusTraveler.nsf applies only in Traveler standalone environments. The Device
Security view shows the approval state of all devices. The Approval column reports the
current device approval state. This column is sortable. The Change Approval button allows
both "approve" and "deny" actions for a given device, and can be taken against one or more selected
devices. The reported states in this view are:
- Not Required: The setting was not enabled when this device connected.
- Approved: Device has been approved for access.
- Auto Approved: Device Approval was enabled, but when this device registered, the user was under the set number of devices limit.
- Denied: Device has been denied access.
- Pending: Approval for this device is pending (sync not allowed in this state). These are the devices that need action by the Administrator.
Double clicking a device in the view displays the device information screen. This screen shows the Approval state with an approver ID if appropriate and the time of the approval action.
Approving or denying a device using tell commands
The
following tell commands can be used to manage device approval.
tell traveler security approval approve <device> <user>
tell traveler security approval deny <device> <user>
The following tell command can be used to remove a device
from the database:
* tell traveler security delete <device> <user>