Restrict actions for unmanaged devices


Article ID: 191893


Updated On:


Secure Access Cloud


In order to restrict specific actions from being performed from unmanaged devices, you should leverage the Activity Policy with the unmanaged device condition to evaluate whether the device is unmanaged by checking for a client certificate.

A device which can present a valid certificate will be considered as managed while a device that did not provide a certificate will be considered as unmanaged, hence will be subject to the restrictions in the activity policy.


Create a new web activity policy.

   1. Navigate to the policies page and create a new web activity policy.

   2. Select the users and applications to which you would like to enforce the restrictions.

   3. In the ‘Conditions’ section click on the ‘Add Condition’ button and select ‘Unmanaged device’ from the drop.

   4. Click on the authentication methods text and select “Client Certificate” in the pop-up

   5. Define the rule (for example Block File Download).

When the defined users will access the applications selected in the activity policy, a client certificate evaluation will take place.
Sessions of users who are using devices which could not provide the certificate, will be restricted with the rules defined in the policy.