- Zentera Air Essentials
- Zentera Air Advanced
- Zentera Air Ultimate
About endpoint identity
One of the major tenets of the zero Trust paradigm is to deny access, using identity to authenticate and authorize all access. Endpoint identity plays a critical role in this process, allowing you to uniquely identify an endpoint to create policies to allow or deny access to or from it.
Endpoint identity factors
Zentera Air creates a comprehensive hardware and software fingerprint that can be used to uniquely identify an endpoint. These factors include:
- MAC address
- Private and apparent public IP addresses
- IP geolocation (country-level)
- Cloud service provider, region, and instance ID (if applicable)
Changes in the trust factors are logged and reported.
Enforcing endpoint identity controls
Currently, Zentera Air allows you to specify the hostname and MAC address of a user's machine; these will be checked when a user logs on to CoIP Launcher, and any login will be rejected if these factors do not match. This requirement is configurable at the User Role level, enabling you to define specific user roles that have more sensitive requirements.
To specify hostname and MAC address for a user, you should first associate the required values with the user by entering them in the user's Trust Factors field, accessible by editing the user in Onboarding and Management > Users.
Once you have configured these values, you may create a User Role to associate with these users, selecting "Enable user MAC address and hostname check".
Then, when enabling an Access Policy, you may grant access to that User Role; this will require users to log in from an endpoint device with matching trust factors in order to be authorized for the Access Policy.