home

Security Service Edge

Mobile Endpoint SecuritySecurity Service Edge
Mobile Endpoint SecuritySecurity Service Edge

Lookout Product Documentation

Find answers about using and optimizing Lookout products.

Show Contents

Security Service Edge

Create and Manage Enterprise Sites

Protect Networks That Cannot Authenticate in Enterprise Sites

Users must authenticate with Lookout Cloud Security Platform through their SSO provider before sending their traffic. Authentication allows Lookout to identify these users and apply granular policy controls.

You can also protect unauthenticated traffic from devices or users connected from enterprise sites. For example, you can protect networks using printers or other devices (such as networking equipment or Point of Sale devices) when they access Internet or SaaS destinations, and enforce authentication policies on traffic from guest subnets.

To provide this protection, perform the following procedures:

  • First, make sure you have defined the category objects on the Category Management page. Click New to define a category for the applicable printer or network. For more information, see Create a category for networks.
  • Second, create one or more authentication policies that specify the devices or subnets for which access is allowed. Perform the following steps:
  1. Sign in to the Management Console.
  2. Select Protect > Cloud Authentication.
  3. Click New to create a new authentication policy.
  4. Enter a Name with only alphanumeric characters, no special characters other than the underscore, and no spaces.
  5. (Optional) Enter a Description.
  6. Under Context Rules, select Access Authentication > Networks from the left navigation bar.
  7. Select a network, or Any Networks.
  8. Under Context Rules:
    1. Select Enterprise Sites as the Context Type, and select a site for the Context.
    2. Select Branch IP as the Context Type, and enter an IP address for the Context. Here you should define source IP networks from which unauthenticated devices or users are connecting.
  9. Click the Action tab.
  10. Select an Action - Allow & Log, or Deny.
  11. Select a Secondary Action.
    1. If the action is Allow & Log, accept the default secondary action of Bypass Authentication.
    2. If the action is Deny, select Notification or Remediation.
  12. Confirm and save the policy.
    When the device or guest user wants to access the Internet or SaaS destination, the policy will enforce the authentication options you configured. You can verify the policy enforcement by checking the Activity Audit Logs.

Last updated: September 30, 2024

lookout-footer

Legal Privacy Policy Cookie Policy Transparency Report Compliance Info Compliance Info (Gov)

© 2024 Lookout, Inc. LOOKOUT®, the Lookout Shield Design®, LOOKOUT with Shield Design® and the Lookout multi-color/multi-shaded Wingspan Design® are registered trademarks of Lookout, Inc. in the United States and other countries. DAY OF SHECURITY®, LOOKOUT MOBILE SECURITY®, and POWERED BY LOOKOUT® are registered trademarks of Lookout, Inc. in the United States. Lookout, Inc. maintains common law trademark rights in EVERYTHING IS OK, PROTECTED BY LOOKOUT, CIPHERCLOUD, and the 4 Bar Shield Design.