TABLE OF CONTENTS



RAY BYOD POLICY:

What is a Bring Your Own Device (BYOD) policy?


A BYOD policy is basically a set of rules that governs how employees should (and should not) use their personal electronic devices, like laptops, smartphones, and tablets, in the workplace and for work purposes.


As businesses embrace flexible, remote, and hybrid working models, The use of Bring Your Own Device (BYOD) policies is rising in modern workplaces.


BYOD gives businesses a more budget-friendly alternative to purchasing and issuing work-specific devices for employees. Instead, it allows employees to access the company network, apps, and so on from their devices, either on-premises or remotely.


BYOD USER OBJECTIVE:

What is the user objective of implementing BYOD?

As we have described BYOD in the previous paragraph is bringing and connecting personal devices to a managed network.

It is important to understand the objective of implementing BYOD, for some users it could simply mean to:


  • Have users bring their own devices and connect to a secured Guest Network to access the internet. (This can be commonly found in co-working locations in some cities) 
  • For some, the objective could be to provide employees who bring their personal devices access to the company's internal resources as well as the internet.
  • For other users, the objective of BYOD could mean to provision of employee personal devices with certificates or Mobile Device Management (MDM) agents and provide the network admin some control over the devices and also providing access to internal resources not available to guests.



HOW TO SETUP BYOD POLICY ON RAY DEVICES:


BYOD policy on Ray is implemented through 3 main steps.

  1. Onboarding of users (using password or predefined using bulk upload on a CSV)
  2. Defining BYOD policy (defining what users can access and when)
  3. Assigning and allocating BYOD security groups to users.


Step 1: BYOD ONBOARDING OF USERS:


When onboarding users to a BYOD-enabled SSID on Ray access points, Users can get onboarded using different methods supported on the Ray platform including the traditional PSK password where a user connects to an SSID with BYOD-enabled SSID and get connected to the WLAN. however, the user will not have access to any internal resources or the internet until Steps 2 & 3 are completed as mentioned above.


In network setups where the network administrator already has prior knowledge of the users' device details and the access policies and groups to which each employee should access, the network admin can simply bulk upload a CSV file with the user's MAC address and to which group they should be allocated. 


Step 2: DEFINING BYOD POLICY FOR ONBOARDED USERS:


Step 2 of the BYOD process on Ray sequentially happens after step 1, however the user access policies including what each user group should a user be allocated to and what applications they can use, and at what time, are preconfigured templates that the network admin creates during the design and planning stage of the BYOD implementation based on the network requirements.



An example of the BYOD application filter policy can be seen on the screenshot below:





NOTE: The above policy and 11 other different types of firewall and filtering policies can be created by accessing the Profiles tab> Available profiles> Policy sub-menu> create Policy




Step 3: Assigning and allocating BYOD Security Groups to Users: 


Lastly in Step 3 of the BYOD policy on Ray, when a user connects to a BYOD-enabled SSID, the network Admin can automate the BYOD onboarding and approval flow by using the bulk upload method using CSV explained in Step 1, or they can use the Zero Trust Network Access (ZTNA) method of manually approving every single device that joins the managed network. 


The ZTNA method can be accomplished approval through a One Time Admin approval process through a pre-configured notification process in which the pre-set email/phone number/ Mobile application gets notified on a new device joining a BYOD-enabled SSID. The network admin can then either approve or deny the joined device access and assign a group.



Below are the steps for assigning and allocating BYOD security groups to Users: 

  • Create a Security Group with the BYOD policy - 
    • Click on Profiles > Available Profile > Security groups 
    • Click Create Security Group > Name the profile > Select the Definition as Group > Name the Group Details > Click BYOD Policy > Put a check for Enable BYOD policy
    • Scroll down to the bottom of the page and in Advance >Put a check for Gateway and Bridge + Firewall.
    • Click on Save and Attach
  • Apply the Security Group to the WLAN
  • Allow clients to use the network from the Clients tab
  • Set notifications so that an email or web notification is sent when a new client has joined and needs authentication.


kindly refer to our other articles for setting policies, email, and web notifications on the Ray controller.




Kind Regards,


Ray support