How to create and set Device Access Profiles
IPI Enterprise Server – Creating and setting device access profiles
Last updated
IPI Enterprise Server – Creating and setting device access profiles
Last updated
The administrator can configure separate access settings for each IPI Key. Access settings can only be set via IES. Settings are grouped into profiles. The first profile - Default - is created during the installation of IES, the administrator adds the rest. Read about Default Profile settings.
To configure profiles, go to Hardware Vaults section**, Vault Access Profiles** tab.
You can edit an existing profile, create a new one, and delete it.
Do not forget to set the desired profile to the IPI Key.
To edit an existing one, you need to select a profile by clicking on it and then click Edit.
Make all needed changes and click Save. Read about Profile Settings.
To create a new one, click the Create Profile.
Make all needed settings and click Create. Read about Profile Settings.
To delete an existing one, you need to select a profile by clicking on it and then click Delete.
Approve action by clicking Delete.
You can delete only Profiles that are not in use by Hardware Vaults. Otherwise, you need to first assign other profiles to the hardware vaults.
For the created profile to work, it must be assigned to the device.
When an administrator changes profile settings, remote tasks are created to change these settings on each affected device. These tasks will be completed as soon as the device is connected.
Pairing - the first connection of the device to the workstation (Bluetooth pairing).
Connection - reconnect to the workstation (restore communication with the device after disconnecting the device in the application or after locking the workstation).
Storage access - opening an additional encryption channel (every time you want to use the credentials stored in the device’s memory, access to the storage on the device is requested).
For each of the three events (Pairing, Connection, Storage access), three types of confirmation are possible to enable this event: pressing a button on the device, entering the PIN code, server authorization.
Note! The installed Server Confirmation / Connection checkbox will not allow you to unlock your computer without connecting to the server.
PIN expiration timeout - time after which PIN re-entry will be requested (1 minute - 48 hours).
PIN length - PIN code length (4 - 8 characters).
PIN incorrect entry - number of unsuccessful PIN attempts (3 -10 attempts).
By default, all Employees have a Default Profile with such parameters:
For the pairing (first connection to the PC) Employee should press the button and enter PIN code. Also, IES should be available.
Every 24 hours Employee should enter the PIN code.
PIN code length - 4 digits.
10 attempts for entering PIN code.
