Connectivity Guide
156 | Onboard + WorkSpace Dell Networking W-ClearPass Guest 6.2 | User Guide
administrators were reluctant to allow user-brought devices onto their networks unless a policy was in place that
allowed IT control over the device, including the control to wipe the devices should they be lost.
This all-or-nothing solution was not satisfactory, either for network administrators or for device users. ClearPass
WorkSpace solves this by providing a "sandbox"īwithin which enterprise-enabled apps can operate walled off from the
rest of the device and its user-installed apps. Access to this "sandbox," the WorkSpace app, is restricted by additional
credentials, and if a device is lost, only the enterprise-enabled data and apps can be locked or wiped, leaving the rest
of the user's system and their personal data untouched.
How WorkSpace Works
ClearPass WorkSpace consists of two primary components: WorkSpace on the ClearPass server and the WorkSpace app
on a mobile device. The WorkSpace app acts like a folder that contains managed apps and that communicates with
WorkSpace on the ClearPass server via a secure connection to determine which managed apps can be used, and when
and where.
For IT, WorkSpace makes it easy to create policies that control how work apps are used and how data is secured. An
automatic VPN session can be initiated when specific work apps are used on public networks. Work apps can also be
locked based on a location or geo-tracking status.
For users, the WorkSpace mobile app offers unprecedented control, including visibility into app policy status, access to
an enterprise app store, and a single sign-on for work apps. This control extends to as many personal devices the user is
allowed to bring onto the network.
When users want to use a WorkSpace-managed app on their device, their first step is to sign in to WorkSpace. The
WorkSpace app communicates with WorkSpace on the ClearPass server to determine the managed apps that can be
used. Any managed apps that are prohibited from use exhibit a "locked" symbol on the app icon. App use can be
prohibited for several reasons, including:
l The WorkSpace app could not communicate with WorkSpace on the ClearPass server to verify that the app's use is
allowed.
l The app could be time fenced, and the time is outside the allowed time.
l The app could be geographically fenced, and the app is outside the allowed area.
l The app could be prevented from use when the device is moving.
l The app could be prevented from use on jailbroken devices.
About Provisioning Profiles
A distribution provisioning profile is required by Apple to distribute iOSīapps and is different from a development
provisioning profile. A distribution provisioning profile contains a name, a distribution certificate, and an app ID. You
must have a distribution provisioning profile uploaded into WorkSpace to distribute/push apps to authorized iOS
devices.
Information and details about provisioning profiles, including how to create and download them, is contained within
the Apple iOS development library and is beyond the scope of this document. However, a topic on creating and
downloading distribution provisioning profiles is available here.
Refer to the following sections after you have created and downloaded a distribution provisioning profile from the
Apple iOS development site.
l "Uploading a Provisioning Profile" on page 157
l "Viewing Provisioning Profile Details" on page 157
l "Viewing Provisioning Profile Certificate Details" on page 157
l "Deleting a Provisioning Profile" on page 158