Configuring Machine-Only Machine Authentication for a Ivanti Secure Access Client Connection

When a Ivanti Secure Access Client connection is configured for machine-only machine authentication, the Ivanti Secure Access Client connection is established using machine credentials when no user is logged in. The connection is maintained after user login.

To enable a Ivanti Secure Access Client connection for machine-only machine authentication:

1.Click Users > Ivanti > Connections and create or select a connection set.

2.Create or edit a connection. For the connection type, you can select either UAC (802.1X) for a Layer 2 connection or Connect Secure or Policy Secure (L3) for a Layer 3 connection.

3.Under Connection is established, for the mode select Machine.

Machine credentials are used to connect to the Ivanti server when the endpoint is started, before a user logs in. The connection is maintained when a user logs in, logs out, or switches to a different login.

When you use machine credentials for authentication and no user credentials, Ivanti Secure Access Client cannot perform user-based tasks. The following tasks can be run only when the user is logged in:
- Run session scripts
- Detect or modify proxy settings
- Run automatic Ivanti Secure Access Client upgrade
- Install or upgrade Ivanti Secure Access Client components

4.Select the Connect automatically check box.

5.For a Layer 2 connection that uses machine certificate authentication, make sure that the connection has an entry in the Trusted Server List. To allow any server certificate, type "ANY" as the Server certificate DN. To allow only one server certificate, specify the server certificate's full DN, for example, C=US; ST=NH; L=Kingston; O=My Company; OU=Engineering; CN=c4k1.stnh.mycompany.net; [email protected].

6.Specify Realm and Role Preferences to suppress realm or role selection dialogs during the login process:

•Preferred Machine Realm: Specify the realm for this connection. The connection ignores any other realm that is available for the specific login credentials.

•Preferred Machine Role Set: Specify the preferred role or the name of the rule for the role set to be used for user authentication. The role or rule name must be a member of the preferred machine realm.

If the Ivanti Secure Access Client connection is configured to use a list of Ivanti servers, the preferred roles and realms you specify must be applicable to all of those servers.