Phones be gone

One of the strong points of IAG over the years has been the fact that it supported multiple platforms. Recently, cellular phone users, and especially iPhone users have discovered that they can’t browser IAG portals anymore. If this happened to you, don’t jump to the conclusion that you and your device have been ostracized. What’s really happening here is that support for additional platforms has actually been EXPANDED.

Before IAG 3.7 SP2 Update 2, the server had one Endpoint Policy setup for all connecting devices, and that made things a bit of a problem, because different platforms have different endpoint security products. With Update 2, the policy editor has been expanded to include 4 distinct sub-policies in each policy. Now, each policy includes a separate policy for Windows computers, Macintosh computers, Linux computers and “other”. This is how it looks:

The problem some mobile phone users are facing is a result of this expansion. As you can see from the screenshot above, the default policy that’s used with most portals and applications is the “Default Web Application Access”, and as you can see, the policy for “other” is set to “Never”. IAG detects the type of device that is connecting based on the user-agent string, which is pre-set into the web browser used by the device or computer. Mobile phones are classified as “other”, and so are treated with accordance with the “Other” policy…and get banned.

The solution to this is really simple – just edit the default policies, and assign whatever sub-policy you want to the “Other” category. Just keep in mind that the IAG client components cannot run on mobile phones, so endpoint security is something that is difficult to enforce.