General settings and notifications

The Access Gateway Devices General Settings includes the Gateway settings and the notifications defined for the Authorization filter (for example, ActiveSync).

If the Group Policy is set to Administrator Approval, a message can be defined to be sent to the administrator, and also the user performing the actual synchronization. When the administrator approves the device for the user, another message can be sent to the user to notify about this.

If any Event Notification is configured for a New Access Policy (in Manage Notifications), it will be used in addition to the configurations here.

Gateway — Authorization Settings

Parameter Description

Parameter	Description
Alternate Username Attributes	Enable or Disable alternate username attribute mapping.
Attribute List	A list of alternate attributes to be used when searching for a user. For example, if these two attributes are added to the list: `userprincipalname` and `mail`, the user is found as long as one of these two attributes match with the user’s attribute.

Alternate Username Attributes

Enable or Disable alternate username attribute mapping.

Attribute List

A list of alternate attributes to be used when searching for a user. For example, if these two attributes are added to the list: userprincipalname and mail, the user is found as long as one of these two attributes match with the user’s attribute.

Administrator Notifications

The messages may use: {username}, {devicename}, {devicetype} and {deviceid}. The variables will be replaced with the username, the user-agent / device type for the device, and with the unique device ID.

Parameter	Description
Administrator Notification	Select the notification method to use when notifying the administrator about a new incoming user device. The notification methods are configured in the Notifications tab. Press the Test button to test the notification method. Select None to disable admin notifications.
Mail Address and Phone Number	Set the administrator’s email address or phone number for the notification method to use as destination address. Mail Address is used for all the notification methods of type SMTP, and Phone Number for all other notification methods.
New Pending Device message	Enter the message to the administrator about the new incoming user device in pending state. For example, "User {username} tried to access ActiveSync with device {devicename}."
New Quarantine Device message	Enter the message to be sent to the administrator about the new incoming user device in quarantine state. For example, "User {username} with device {devicename} is in Quarantine state."
Protocol Inspection message	Enter the message to be sent to the administrator when a device is disabled based on a Protocol Inspection check. For example, "User {username} with device {devicename}, protocol inspection warning. Possible unsecure device or user credentials." Protocol Inspection can be configured in Device Content Rules in the Devices tab.
Content Wipe Acknowledge message	Enter the message to be sent to the administrator when a device has confirmed a Content Wipe. For example, "User {username} with device {devicename} has received and confirmed a content wipe. No content will be synchronized." Content Wipe can be enabled on an Access Gateway Device with ActiveSync, using any user device management tool (for example, Pointsharp Web Application or Pointsharp ID Admin GUI under Users tab).
ICAP Warning (ICAP — Internet Content Adaption Protocol)	For example, "User {username}, device {devicename}, Threat in attachment detected."

Parameter

Description

Administrator Notification

Select the notification method to use when notifying the administrator about a new incoming user device. The notification methods are configured in the Notifications tab. Press the Test button to test the notification method. Select None to disable admin notifications.

Mail Address and Phone Number

Set the administrator’s email address or phone number for the notification method to use as destination address. Mail Address is used for all the notification methods of type SMTP, and Phone Number for all other notification methods.

New Pending Device message

Enter the message to the administrator about the new incoming user device in pending state.

For example, "User {username} tried to access ActiveSync with device {devicename}."

New Quarantine Device message

Enter the message to be sent to the administrator about the new incoming user device in quarantine state.

For example, "User {username} with device {devicename} is in Quarantine state."

Protocol Inspection message

Enter the message to be sent to the administrator when a device is disabled based on a Protocol Inspection check.

For example, "User {username} with device {devicename}, protocol inspection warning. Possible unsecure device or user credentials."

Protocol Inspection can be configured in Device Content Rules in the Devices tab.

Content Wipe Acknowledge message

Enter the message to be sent to the administrator when a device has confirmed a Content Wipe.

For example, "User {username} with device {devicename} has received and confirmed a content wipe. No content will be synchronized."

Content Wipe can be enabled on an Access Gateway Device with ActiveSync, using any user device management tool (for example, Pointsharp Web Application or Pointsharp ID Admin GUI under Users tab).

ICAP Warning

(ICAP — Internet Content Adaption Protocol)

For example, "User {username}, device {devicename}, Threat in attachment detected."

User Notifications

The messages may use: {username}, {devicename}, {devicetype} and {deviceid}. The variables will be replaced with the username, the user-agent or device type for the device, and with the unique device ID.

Parameter	Description
Pending Device notification	Select the notification method to use, and enter the user notification message to send, to inform the user of a Pending device. For example, "Your device {devicename}, awaiting activation." The notification methods are configured in the Notifications tab. Select the None option to disable the function.
Approved Pending Device notification	Select the notification method to use, and enter the user notification message to send, when the pending device has been Approved for synchronization. For example, "Your device {devicename}, now activated for ActiveSync." The notification methods are configured in the Notifications tab. Select the None option to disable the function.
Quarantine notification	Select the notification method to use, and enter the user notification message to send, when the device is placed in Quarantine. For example, "Your device {devicename}, is in Quarantine state. Contact your administrator." The notification methods are configured in the Notifications tab. Select the None option to disable the function.
Content Wipe notification	Select the notification method to use when Content Wipe is enabled on the device. Enter the message to send to the user after a Content Wipe has been performed. For example, "Your device {devicename}, have been blocked. Contact your administrator." The notification methods are configured in the Notifications tab. Select the None option to disable the function.

Parameter

Description

Pending Device notification

Select the notification method to use, and enter the user notification message to send, to inform the user of a Pending device.

For example, "Your device {devicename}, awaiting activation."

The notification methods are configured in the Notifications tab.

Select the None option to disable the function.

Approved Pending Device notification

Select the notification method to use, and enter the user notification message to send, when the pending device has been Approved for synchronization.

For example, "Your device {devicename}, now activated for ActiveSync."

The notification methods are configured in the Notifications tab.

Select the None option to disable the function.

Quarantine notification

Select the notification method to use, and enter the user notification message to send, when the device is placed in Quarantine.

For example, "Your device {devicename}, is in Quarantine state. Contact your administrator."

The notification methods are configured in the Notifications tab.

Select the None option to disable the function.

Content Wipe notification

Select the notification method to use when Content Wipe is enabled on the device. Enter the message to send to the user after a Content Wipe has been performed.

For example, "Your device {devicename}, have been blocked. Contact your administrator."

The notification methods are configured in the Notifications tab.

Select the None option to disable the function.

Access timeout

Enable Access timeout in Devices > New access policy

Quarantine Settings

Parameter	Description
Allow New Device	Some clients will generate new DeviceId after a failed request. Internally, a quarantine state is failed from a client perspective since the request is denied. This feature can allow next request after the quarantine state has been accepted, even if DeviceId has been changed. A User Agent check is made when the DeviceId is updated.
Time Window (minutes)	Specify the amount of minutes that a request with different DeviceId is allowed, after a quarantine device has been set to OK, Default: 60 min.

Parameter

Description

Allow New Device

Some clients will generate new DeviceId after a failed request. Internally, a quarantine state is failed from a client perspective since the request is denied.

This feature can allow next request after the quarantine state has been accepted, even if DeviceId has been changed. A User Agent check is made when the DeviceId is updated.

Time Window (minutes)

Specify the amount of minutes that a request with different DeviceId is allowed, after a quarantine device has been set to OK,

Default: 60 min.

Device Management

Parameter	Description
Enable Device Management	Set challenge settings for Device Management. When checked, a New Device Rule in the Devices tab gets an MDM option as action. The MDM action can be configured for each new device rule. Marked enables usage of Pointsharp Device Management.
Challenge Alphabet	Configure valid challenge characters.
Challenge Length	Length of Challenge.
Challenge Expires In	The time from a new device’s first registration, to when MDM activation is no longer possible. After time out, the device will enter disabled state.
Challenge Key	The default key equals the default key in Pointsharp MDM device application. This field needs update if another key is configured in MDM application.

Parameter

Description

Enable Device Management

Set challenge settings for Device Management. When checked, a New Device Rule in the Devices tab gets an MDM option as action. The MDM action can be configured for each new device rule.

Marked enables usage of Pointsharp Device Management.

Challenge Alphabet

Configure valid challenge characters.

Challenge Length

Length of Challenge.

Challenge Expires In

The time from a new device’s first registration, to when MDM activation is no longer possible. After time out, the device will enter disabled state.

Challenge Key

The default key equals the default key in Pointsharp MDM device application. This field needs update if another key is configured in MDM application.