Requiring approval for device access
HCL Traveler gives administrators the ability to require approval before a user's device can sync data.
In addition, the Administrator can specify a certain number of devices per user that can sync
without approval. This function applies to all devices supported by HCL Traveler.
Note: Make sure the administrators have the right access and role to
lotustraveler.nsf
. For more information, see Controlling access to the administration interface.Administrator settings
Administrators can control the approval settings from the
LotusTraveler.nsf
(standalone server only), a Domino® Policy document for HCL Traveler, the web-based
administration UI (https://<serverHostName>/lotustraveler.nsf
), or the
Administration REST API. To do so, navigate to . The following settings are available:- Require approval for device access: Selecting this setting enables the feature. Once selected, all new devices will be able to register but not sync data with HCL Traveler until approved. Essentially the device will be in a locked state until approved by the administrator.
- Number of devices to allow per user before approval is required: This setting allows the administrator to auto approve a given number of devices per user. The number refers to registered devices per user and is not time sensitive. For example, if set to 1, the first device to register for a user will not require approval. If the user already has a device registered, then any new devices that register will need approval to sync data. See the tell commands information below for information on how to remove a device from the database.
- Addresses to notify when approval action is pending (optional): This allows an Administrator to be notified when an approval action is required. The notification includes the User ID, Device ID, Device Type, and date of registration. The notification list can include users, groups and Mail-In DBs. The registering user will always receive a notification when either a device registers and requires approval. The end user will again be notified when the Administrator approves or denies access for the device.
Approving or denying a device using the HCL Traveler web-based admin UI
The Device Security view shows the approval state of all devices. Use of
LotusTraveler.nsf
is supported in a standalone server only. The Approval
column reports the current device approval state. This column is sortable. The Change
Approval button allows both "approve" and "deny" actions for a given device, and can be
taken against one or more selected devices. The reported states in this view are:- Not Required: The setting was not enabled when this device connected.
- Approved: Device has been approved for access.
- Auto Approved: Device Approval was enabled, but when this device registered, the user was under the set number of devices limit.
- Denied: Device has been denied access.
- Pending: Approval for this device is pending (sync not allowed in this state). These are the devices that need action by the Administrator.
Double clicking a device in the view displays the device information screen. This screen shows the Approval state with an approver ID if appropriate and the time of the approval action.
Approving or denying a device using tell commands
The
following tell commands can be used to manage device approval.
tell traveler security approval approve <device> <user>
tell traveler security approval deny <device> <user>
Approving or denying a device using Administration REST API
As an administrator, open a REST API client, select PUT as the method
and use the following URL:
- To approve:
https://%3CserverHostName%3E/api/traveler/users/%3CemailAddress%3E/devices/%3CdeviceID%3E/security?action=allowAccess
- To deny:
https://%3CserverHostName%3E/api/traveler/users/%3CemailAddress%3E/devices/%3CdeviceID%3E/security?action=denyAccess