Seems the addition of a device/MAC whitelisting option in the mobile configuration would be a nice feature. Any thoughts in this direction.
If I can add up to this, I have the same type of request from other customers. They would want a way to maintain a White-List per device when accessing Mobile from the internet. Only a handful of peoples are allowed externally (from the internet) but all other ones should have access from the internal network.
Is there a way to set this up in the current version 10.0 or can this be added to a future version?
Are you thinking of white list per Mobile server, or per repository? Just curious why do you want to allow them only on some of the devices but not the others?
Meanwhile, we do have the white list of accounts (not devices yet) per repository which you can find under the Repository Settings on configuration page. You can specify the "allowed" specific accounts there.
Extra layer of external security for the mobile app only. Don't think the need for the repository would be there. We would have thousands of internal devices that would need added if we did it at the repository level. Since mobile is our only external, a good place for a bit of extra.
We assign known mobile devices to our repository users. It would seem beneficial to make sure that they were connecting on devices that we knew conformed to our security standards. As opposed to any personal device.
Mobiles accounts level white listing is a great feature, was just curious about the device control not being available. We currently have other options for doing this, but figured that it would be nice to have it all in one location. Especially since the black list is already there.
MAC addresses are how messages get directed on the subnet level, so by the time the HTTP request arrives at the Mobile server the sending MAC address will belong to the closest (i.e. last) router. If you're talking about external access then the network is complex enough that Mobile won't get the device MAC, and if you're talking about internal access you're probably better off keeping these devices off your network (or sandboxing them) than enforcing application-level access control.
MAC is cited as a reference only. I see that Mobile actually captures and uses "Device ID" and black lists off of that identifier. Appears as though its possible, but... So, feature request.
Most of the peoples are setup to use their domain account internally and when they are on the go using their mobile, if Mobile is open at large on the internet side, then we may be facing issues if a funny hacker is starting to lock down every domain account. Then if we can setup a white-List mecanism based on a DeviceID or Device FingerPrint (you will need to see how this can be done), then after that verification is done, the Mobile will allow talking with that device. You can even have some sort of LF Mobile App requesting an access, then an administrator can grant that device. If you can build that mecanism, it would be good to have a setting for Internet side and LAN side (allow / deny).
You will probably say we can setup a VPN but this might become complex to handle and maintain with all the device outthere.
Can Laserfiche let us know if this could be considered as a future feature (like for V11) ?