This might be a bit outside the scope of passwordstate and more a pure IIS question.
We would like to limit external access to our password state server to only “known and allowed devices”
Our current setup is an AD authenticated passwordstate server running internally and we wanted a secure way to provide access externally, and vpn seems way over the top, so the thought process was to have the passwordstate proxy/mobile client installed in a DMZ and use certificate mapping to limit access to only devices that we install a client cert on.
So the questions part of the post
Is this a supported design/situation?
Has anyone tried it before?
Is there any documentation to help us along the way?