Many of our clients come to us with security questions such as:
- How can I prevent users from accessing NetDocuments outside our firewall?
- Can we add certificates to iOS devices (iPad's and iPhones) to allow only those devices to use NetDocuments?
- What mobile device management (MDM) solutions are there?
At NetDocuments, we know it is important that you manage your user's mobile access. NetDocuments offers a mobile app on iOS, and an app for Android is expected to release in Q1-2017.
Using the iOS app, users can download files to work offline.
- NetDocuments encrypts data at rest using device encryption as well as its own encryption
- The offline documents will always be clearly indicated in the app
- The app will use the offline documents for speed and to check for changes
The NetDocuments iOS app conforms to Apple's security practices, and leverages its encryption and key chain where it can. For more information on iOS security, refer to Apple's iOS Security Guide.
In addition to the standard username/password login, there can also be a passcode for the app:
- Set by users
- 4-digit passcode
- If the user switches apps and comes back they will need to re-enter that passcode
- The iOS Touch ID (fingerprint) can be used instead of this passcode
There is a user-level app setting called "Keep Me Logged In". After enabling this setting, users will only need the passcode to login each time. A firm can't disable the auto login option for users, but this may be a feature added in a future version.
The app default login will timeout after 60 minutes, unless "Keep me logged in" is enabled.
The iOS app will eventually support fingerprint and phrase authentication.
The NetDocuments iOS app cannot currently enforce device passcode existence. We recommend that users also enable a passcode or Touch ID on the device for added security. Learn more about using Touch ID on iOS devices.
NetDocuments currently allows digital certificates and federated identity on PC's. For users accessing the web interface, NetDocuments can put a digital certificate on any device that is allowed. This also includes ndSync because that authentication uses that same certificate.
This can also be used on the mobile app. However, in these cases, the certificates are not provided by NetDocuments, but can be provided through a federated identity provider.
Federated Identity Options
Two-factor authentication is available on iOS using SecureAuth, a two-factor authentication and single sign-on service that provides access control to mobile devices and cloud and web applications.
The NetDocuments iOS app supports Federated Identity with SAML identity providers. Learn more about Federated Identity.
Using federated identity, administrators can also manage the app timeout period.
Device Management Options
Administrators can access the ndSync Policies and Device Management page from the Repository Administration page. This page allows administrators to manage mobile devices for their repository - those devices that have either the iOS app or ndSync installed (or the Android app, when available).
Unlink a User Account
There is an administrative option that allows NetDocuments to remove data from former users' devices. As an Administrator, you can decide what happens to a user's synced/offline documents when he/she is removed from the repository:
Enable/Disable ndSync Access
You can either allow or not allow ndSync for your repository:
Enable/Disable iOS Access
You can choose to allow access through the iOS app, through a MDM solution, or not at all:
NOTE: Only Blackberry (Good) MDM is currently supported. MobileIron is currently in development, and is scheduled to be completed by the end of Q2-2017. AppConfig is expected to be released by Q3-2017. AirWatch is expected to be released in H2-2017.
Using MobileIron, administrators can also control Data Loss Prevention (DLP) once the document is on the device.
ndSync is also controlled via these same Admin tools. MDM solutions (Mobile Iron, etc.) will fill any other gaps that may exist in current features.
NetDocuments plans to add more functionality to their device management features in future updates.
Administrators will be able to see all the devices that have ndSync or the iOS app installed, and the following information about each device - their Name, Owner, Client Version, most recent activity.
Administrators can get e-mails any time a new device is connected, which contains the following information:
A new device was registered for use with ndSync by <user name>.
Name: <name of device>
Device Type: <operating system>
Software Version: 126.96.36.199
For more information about managing your user account's access to various apps, see Manage App Access.
MS Office 365 for Mobile
In Q4-2016, NetDocuments plans to release the Office 365 integration for its iOS app. This integration is already released on web app. Learn more about the Online Editor.
This new version of the iOS App will support creating and editing of Office documents using an Office 365 for Business account.