05-07-2015 11:13 AM
we are considering enabling Access to the Mobile BI App for our SAS Visual Analytics User.
We have several Information (e.g MAC address) about the iPad's our Companies uses for the Business users.
We would prefer to make use of the 'Whitelist' and wish to automate the Maintenance...
As far i have read at 'SAS(R) 9.4 Intelligence Platform: Middle-Tier Administration Guide, Second Edition' there is no possibility describe, as to do this manually.
We have about 60 to 120 iPad in use, so this would be very time consuming way...
05-07-2015 04:09 PM
As of iOS 7, Apple no longer permits apps to access the MAC address. Therefore the Device ID could no longer be the MAC address. SAS Mobile BI requires a unique ID to provide security. Because the MAC address is no longer available, SAS Mobile BI now generates a unique ID for the device on which it is running.
The best way to obtain the Device ID is when the device fails to log on during its initial attempt to access the whitelisted server. When the failure occurs, the app generates an email for the device user to send to the administrator. That email contains the Device ID. Also, the administrator will see the Device ID in Visual Analytics Administration.
So, the options that you mentioned will not work. However, there is an option that you can consider. In Visual Analytics Administration, click Tools > Manage Devices. View the Logon History tab. When your users attempt and fail to log on to the whitelisted server, their devices appear in this table. In the Status column, a red triangle appears that indicates the device failed the whitelist test. You can multiple select the affected rows in the table, right-mouse click, and then select Add to Whitelist.
Please be aware that this option does contain a security risk. The user ID is not checked by the whitelist; only the Device ID is checked.
Ideally, you should use the following best practice. Have your users send the email that SAS Mobile BI generates with the Device ID to the VA Admin. (Note that the user must know the VA Admin's email address. The app doesn't have that information and cannot auto-fill the To address in the email.) Then the VA Admin should compare the Device ID in the email with the Device ID in the Logon History table before adding the device to the whitelist.
Therefore, you do have the option to add many devices to the whitelist at once. However, you must weigh your organization's security needs and decide whether to follow the best practice.
We hope this information helps. It was written in consultation with the SAS Mobile BI test team.