In this policy, you can configure the following settings for managing an endpoint:
Require the administrator password to register an endpoint or workstation: Set this option to ON for registering an untrusted endpoint from any IP address. Typically, this option is configured along with Whitelist IP address.
You must disable the option when installing any components from the Advanced Authentication distributives package that uses endpoints (Advanced Authentication Windows Client, Mac OS X Client, Linux PAM Client, Logon Filter, and RDG plug-in). Otherwise, the endpoints are not created. You must use the option for third-party integrations only.
Allow unprivileged user to re-register an endpoint or workstation: Set this option to ON to allow all users to re-register an endpoint though the endpoint with same name exists in the Advanced Authentication server. The user is required to specify user name and LDAP password to re-register the endpoint. This option is set to OFF by default.
With this option set to OFF, users with ENROLL ADMIN or FULL ADMIN privileges are allowed to re-register an endpoint.
Whitelist IP Address: Add the preferred IP addresses to the Whitelist IP Address to register either a trusted or an untrusted endpoint from these IP addresses. You can add a single IP address, multiple IP addresses, or a range of IP addresses to the whitelist. The IP address must be in IPv4 or IPv6 format.
The following conditions summarizes the use of endpoint management options:
Whitelist IP Address is empty and Require the administrator password to register an endpoint or workstation is OFF: Untrusted endpoints can be registered from any IP address without the administrator’s credentials.
Regardless of the status of Require the administrator password to register an endpoint or workstation and Whitelist IP Address options, the administrator’s credentials are required to perform the following actions:
To delete and update any endpoint.
To register a trusted endpoint.
Endpoint registration is restricted only from those IPs that are specified in Whitelist IP Address.
Whitelist IP Address is empty and Require the administrator password to register an endpoint or workstation is ON: The administrator’s credentials are required to register an untrusted endpoint from any IP address.
IP addresses are specified in Whitelist IP Address and Require the administrator password to register an endpoint or workstation is ON: The administrator's credentials are required to register untrusted endpoints only from the IP addresses specified in the whitelist.
The endpoint registration request from any other IP address that is not specified in the whitelist is blocked automatically.