Device Security Guide
Minimum supported client version
The following versions are required for Device Security support
- macOS: 1.0.20
- Windows: 1.0.18
- Android: 1.0.16
- iOS: 1.0.20
Twingate enables you to define what it means for a device to be trusted and then incorporate these definitions into Security Policies for your Network or for individual Resources.
Device Security
Twingate supports two categories of device requirements, both of which can be incorporated into Security Policies.
- Minimum OS Requirements: These requirements identify the minimum device requirements to access Twingate. These checks, using native device posture details from the Twingate desktop and mobile applications, can require checks such as hard drive encryption and screen lock passwords to be enabled.
- Trusted Profiles: These requirements can be configured for policies requiring additional security. In addition to the native device posture checks, admins can also require a Trust Method. The Trust Method identifies devices that meet a more stringent device verification method.
These requirements are applied at the sign-in level and can also be associated with specific Resource Policies so that only specific devices can be used to access individual Resources.
Configuring Device Security
By default, all platforms are allowed with no native device posture checks.
If specific platforms should not be used to access Twingate, the Minimum OS Requirement for that platform can be set to block the particular OS. If specific platforms should have custom native device posture checks, those can be enabled for each Minimum OS Requirement.
Platform | Device posture check |
|---|---|
Windows |
|
macOS |
|
Linux |
|
iOS |
|
Android |
|
For more information on how device posture checks are collected, see here.
If your organization has specific devices marked as trusted, you can create a Trusted Profile for that platform. Manual Trust is the currently supported Trust Method, which indicates that the device must be manually selected as Trusted in order to meet this requirements. Additional device posture requirements can be added as well.
Configuring Policies
For sign-in, any device that meets any of the Minimum OS Requirements or Trusted Profiles can be used to access Twingate. Note that the minimum authentication requirements will also need to be met.
To enforce requirements on the devices that can be used to access a specific Resource, you can identify which groups of requirements are needed to satisfy that Resource Policy.
- Any Device: Any device that meets Device Security requirements will be allowed, including devices that meet either Minimum OS Requirements or Trusted Profiles.
- Only Trusted Devices: Only devices that meet Trusted Profile requirements will be allowed.
- Custom: Only devices that meet the specified set of requirements will be allowed.
See the article on Security Policies for more information.
Common configurations
The following are examples of how you can configure Device Security and Security Profiles.
Scenario | Device Security configuration | Security Policies configuration |
|---|---|---|
Only allow macOS and iOS, both with basic posture checks |
|
|
Employees' devices are marked as trusted; contractors are not |
|
|
Blocks all Android devices except for test devices |
|
|
Updated 5 days ago