Many of our clients come to us with security questions such as:
- How can I prevent users from accessing NetDocuments outside our firewall?
- Can we add certificates to iOS devices (iPad's and iPhones) to allow only those devices to use NetDocuments?
- What mobile management solutions are there?
Encryption
Using the mobile apps, users can download files to work offline.
- NetDocuments encrypts data at rest using device encryption
- The offline data is stored in the application sandbox
- The offline documents will always be clearly indicated in the app
The NetDocuments iOS app conforms to Apple's security practices, and leverages its encryption and key chain where it can. For more information on iOS security, refer to Apple's iOS Security Guide.
App Passcode
In addition to the standard username/password login, there can also be a passcode for the app:
- Set by users
- 4-digit passcode (in v2.3 of the iOS app, the passcode can be 4, 6 or 8 digits long)
- If the user switches apps and comes back they will need to re-enter that passcode
- The iOS Touch ID (fingerprint) or Android Fingerprint can be used instead of this passcode
There is a setting that allows a user to remain logged in. After enabling this setting, users will only need to enter the passcode to access the app each time, if the passcode has been enabled. This feature can be disabled in the EMM versions of the app.
The app default login will timeout after 60 minutes, unless the auto login feaure is enabled.
Device Passcode
The NetDocuments iOS app does not enforce device passcode existence. We recommend that users also enable a passcode or Touch ID on the device for added security. Learn more about using Touch ID on iOS devices.
Device Certificates
NetDocuments currently allows digital certificates and federated identity on PC's. For users accessing the web interface, NetDocuments can put a digital certificate on any device that is allowed. This also includes ndSync because that authentication uses that same certificate.
This can also be used on the mobile app. However, in these cases, the certificates are not provided by NetDocuments, but can be provided through a federated identity provider.
Federated Identity Options
Two-factor authentication is available on iOS using SecureAuth, a two-factor authentication and single sign-on service that provides access control to mobile devices and cloud and web applications.
The NetDocuments iOS app supports Federated Identity with SAML identity providers. Learn more about Federated Identity.
To use your organization's federated identity login, refer to our article on Using Federated Identity login on Mobile Apps.
Using federated identity, administrators can also manage the app timeout period.
Enterprise Mobile Management
NetDocuments offers an additional variant of its mobile apps that can be used with any Enterprise Mobility Management (EMM) vendor’s management platform that supports the AppConfig standards, such as VMWare AirWatch, MobileIron and IBM Maas360. Learn More about NetDocuments EMM.
Device Management Options
Administrators can access the ndSync Policies and Device Management page from the Repository Administration page. This page allows administrators to manage devices for their repository - those devices that have either a mobile app or ndSync installed.
Unlink a User Account
There is an administrative option that allows NetDocuments to remove data from former users' devices. As an Administrator, you can decide what happens to a user's synced/offline documents when he/she is removed from the repository:
Enable/Disable Mobile Access
You can choose to allow access through any mobile apps, through either the EMM or Blackberry (formerly Good) version of the app, or not at all:
NOTE: If the mobile devices for a repository are limited to the EMM version of the mobile app, that app must be managed in order to connect to a repository.
Managing Devices
Administrators will be able to see all the devices that have ndSync or a NetDocuments mobile app installed, and the following information about each device - their Name, User, Client Version, most recent activity, etc. ndSync devices can be suspended or removed. Mobile apps can only be removed.
Administrators can get e-mails any time a new device is connected, which contains the following information:
A new device was registered for use with ndSync by <user name>.
Device information:
Name: <name of device>
Device Type: <operating system>
Software Version: x.x.xxx.xxx
An administrator can also download a CSV file that lists all of the devices connected to that repository.
For more information about managing your user account's access to various apps, see Manage App Access.