Silverback allows the enrollment of both corporate and individually liable devices with zero touch from the system administrators.
Administrators can define Application Blacklists and Whitelists, Hardware Type and OS software version control with the ability to automatically restrict access or remove corporate data & access privileges from devices if any of those policies are violated. The Silverback platform also provides hardware serial authentication, which allows systems administrators to pre-register device serial number for access to corporate data as well as reporting on Device Ownership using data captured during the enrollment process.
The settings themselves are applied through a layered model that gives the Administrator the freedom to set a base level of security for the entire system, then to build upon this with individually configured Tags which can comprise of more restrictive and secure security policies, or populate other devices for a rollout of Corporate Applications and Mail Accounts.
Silverback provides a secure & easy end user self-service enrollment process. By utilizing a one-time-password, it prevents the exposure of corporate directory services and stops sensitive credentials from being entered on untrusted devices from unknown networks. The system administrator can set the length, complexity and validity period of that one-time password to ensure Silverback meets the most stringent of security needs. With the Self Service Provisioning Portal, Silverback provides the fastest enrollment & device provisioning in the market whilst maintaining a secure two factor enrollment mechanism.
The Silverback solution integrates with a Microsoft Certificate Authority to provide certificate information in a user’s profile, as well as associates the certificate with the user’s account as a logon credential, which is required for advanced identity certificate-based authentication with enterprise applications such as Microsoft Exchange ActiveSync.
The key benefits of Silverback’s unique enrollment process for the enterprise are:
- Fastest self-service end-user enrolment process with zero touch device provisioning for administrators.
- Simple provisioning of client certificates on iOS devices – create, deploy and manage client certificates within seconds
- Secure delivery of profiles and certificates using public key cryptography
- All without exposing AD/LDAP externally:
- No AD/LDAP password stored on the device
- Protect against password guessing
- Protect against password lockouts that are:
- Malicious via distributed denial of service attacks, or
- Accidental (most common reason end users raises a support call)
- Continuous syncing throughout password rotation process.