Jump to content

client certificate mapping to limit device access?


Recommended Posts

Hi Guys,

 

This might be a bit outside the scope of passwordstate and more a pure IIS question.

 

We would like to limit external access to our password state server to only “known and allowed devices”

 

Our current setup is an AD authenticated passwordstate server running internally and we wanted a secure way to provide access externally, and vpn seems way over the top, so the thought process was to have the passwordstate proxy/mobile client installed in a DMZ and use certificate mapping to limit access to only devices that we install a client cert on.

 

 

 

So the questions part of the post :)

 

Is this a supported design/situation?

 

Has anyone tried it before?

 

Is there any documentation to help us along the way?

 

 

 

Kind Regards,

 

Daniel

 

Link to post
Share on other sites
  • 2 weeks later...

HI Daniel,

 

We're sorry we missed this post:(  You're always welcome to email us on support@clickstudios.com.au which definitely gets check constantly if you receive poor responses from us in the forums again:)

 

We've never had any one report to us them trying to do this, and Passwordstate doesn't have anything built in to approve devices with certificates.  Do you know if your connections from the outside world would be coming from know IP addresses?  If so, it is possible to lock it down to these IP addresses under System Settings -> Allowed IP Ranges.  Do you think this might work for you?

 

Regards,

Support.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...