Many of our clients come to us with security questions such as:
- How can I prevent users from accessing NetDocuments outside our firewall?
- Can we add certificates to iOS devices (iPad's and iPhones) to allow only those devices to use NetDocuments?
- What mobile management solutions are there?
Encryption
Using the iOS app, users can download files to work offline.
- NetDocuments encrypts data at rest using device encryption as well as its own encryption
- The offline documents will always be clearly indicated in the app
- The app will use the offline documents for speed and to check for changes
The NetDocuments iOS app conforms to Apple's security practices, and leverages its encryption and key chain where it can. For more information on iOS security, refer to Apple's iOS Security Guide.
App Password
In addition to the standard username/password login, there can also be a passcode for the app:
- Set by users
- 4-digit passcode
- If the user switches apps and comes back they will need to re-enter that passcode
- The iOS Touch ID (fingerprint) can be used instead of this passcode
There is a user-level app setting called "Keep Me Logged In". After enabling this setting, users will only need the passcode to login each time. A firm can't disable the auto login option for users, but this may be a feature added in a future version.
The app default login will timeout after 60 minutes, unless "Keep me logged in" is enabled.
The iOS app will eventually support fingerprint and phrase authentication.
Device Passcode
The NetDocuments iOS app cannot currently enforce device passcode existence. We recommend that users also enable a passcode or Touch ID on the device for added security. Learn more about using Touch ID on iOS devices.
Device Certificates
NetDocuments currently allows digital certificates and federated identity on PC's. For users accessing the web interface, NetDocuments can put a digital certificate on any device that is allowed. This also includes ndSync because that authentication uses that same certificate.
This can also be used on the mobile app. However, in these cases, the certificates are not provided by NetDocuments, but can be provided through a federated identity provider.
Federated Identity Options
Two-factor authentication is available on iOS using SecureAuth, a two-factor authentication and single sign-on service that provides access control to mobile devices and cloud and web applications.
The NetDocuments iOS app supports Federated Identity with SAML identity providers. Learn more about Federated Identity.
To use your organization's federated identity login, refer to our article on Using Federated Identity login on Mobile Apps.
Using federated identity, administrators can also manage the app timeout period.
Enterprise Mobile Management
NetDocuments offers an additional variant of its iOS mobile app that can be used with any Enterprise Mobility Management (EMM) vendor’s management platform that supports the AppConfig standards, such as VMWare AirWatch, MobileIron and IBM Maas360. Learn More about NetDocuments EMM.
Device Management Options
Administrators can access the ndSync Policies and Device Management page from the Repository Administration page. This page allows administrators to manage mobile devices for their repository - those devices that have either the iOS app or ndSync installed (or the Android app, when available).
Unlink a User Account
There is an administrative option that allows NetDocuments to remove data from former users' devices. As an Administrator, you can decide what happens to a user's synced/offline documents when he/she is removed from the repository:
Enable/Disable ndSync Access
You can either allow or not allow ndSync for your repository:
Administrators can also prohibit any deletion made to ndSync content from being applied to the server, to guard against inadvertent deletions (this setting will not be enabled by default.) If this setting is enabled and a user deletes synced content from their computer, the deleted synced content will instead be restored to the user’s computer on the next sync. This feature will be available to every version of ndSync, not just version 2.1 of ndSync. In version 2.1, however, a user will be able to delete a single document at a time by using the ndSync proprietary right-click “Delete” action and have that deletion applied to the server (assuming the user has sufficient access rights to the document in NetDocuments).
Enable/Disable iOS Access
You can choose to allow access through the iOS app, through an MDM or EMM solution, or not at all:
NOTE: If the mobile devices for a repository are limited to the EMM version of the mobile app, that app must be managed in order to connect to a repository.
Managing Devices
Administrators will be able to see all the devices that have ndSync or the iOS app installed, and the following information about each device - their Name, Owner, Client Version, most recent activity.
Administrators can get e-mails any time a new device is connected, which contains the following information:
A new device was registered for use with ndSync by <user name>.
Device information:
Name: <name of device>
Device Type: <operating system>
Software Version: x.x.xxx.xxx
For more information about managing your user account's access to various apps, see Manage App Access.
MS Office 365 for Mobile
In Q4-2016, NetDocuments released the Office 365 integration for its iOS app. This integration is also available on the web app. Learn more about the Online Editor.
This new version of the iOS App supports the creating and editing of Office documents using an Office 365 for Business account.
Comments