Exploring, modeling, predicting and reporting with SAS Visual Analytics and SAS Visual Statistics

Managing "Mobile Device Whitelist" by Script?

Reply
Occasional Contributor
Posts: 10

Managing "Mobile Device Whitelist" by Script?

Hey together,

we are considering enabling Access to the Mobile BI App for our SAS Visual Analytics User.

We have several Information (e.g MAC address) about the iPad's our Companies uses for the Business users.

  • Is there a possibility to maintain (Import and / or Export) the device Information into the whitelist of the 'Mobile Devices' Section of SAS Visual Analytics?
  • Maybe we can make something like a normal ETL Job (we are using also SAS Data Integration Smiley Wink) for do this?
  • What are the possible Device ID's we can use (MAC or something else)?

We would prefer to make use of the 'Whitelist' and wish to automate the Maintenance...

As far i have read at 'SAS(R) 9.4 Intelligence Platform: Middle-Tier Administration Guide, Second Edition' there is no possibility describe, as to do this manually.
We have about 60 to 120 iPad in use, so this would be very time consuming way...

Best regards,
Andreas

SAS Employee
Posts: 22

Re: Managing "Mobile Device Whitelist" by Script?

Hi Andreas,

As of iOS 7, Apple no longer permits apps to access the MAC address. Therefore the Device ID could no longer be the MAC address. SAS Mobile BI requires a unique ID to provide security. Because the MAC address is no longer available, SAS Mobile BI now generates a unique ID for the device on which it is running.

The best way to obtain the Device ID is when the device fails to log on during its initial attempt to access the whitelisted server. When the failure occurs, the app generates an email for the device user to send to the administrator. That email contains the Device ID. Also, the administrator will see the Device ID in Visual Analytics Administration.

So, the options that you mentioned will not work. However, there is an option that you can consider. In Visual Analytics Administration, click Tools > Manage Devices. View the Logon History tab. When your users attempt and fail to log on to the whitelisted server, their devices appear in this table. In the Status column, a red triangle appears that indicates the device failed the whitelist test. You can multiple select the affected rows in the table, right-mouse click, and then select Add to Whitelist.

Please be aware that this option does contain a security risk. The user ID is not checked by the whitelist; only the Device ID is checked.

Ideally, you should use the following best practice. Have your users send the email that SAS Mobile BI generates with the Device ID to the VA Admin. (Note that the user must know the VA Admin's email address. The app doesn't have that information and cannot auto-fill the To address in the email.) Then the VA Admin should compare the Device ID in the email with the Device ID in the Logon History table before adding the device to the whitelist.

Therefore, you do have the option to add many devices to the whitelist at once. However, you must weigh your organization's security needs and decide whether to follow the best practice.

We hope this information helps. It was written in consultation with the SAS Mobile BI test team.

Post a Question
Discussion Stats
  • 1 reply
  • 368 views
  • 0 likes
  • 2 in conversation