Device Claim Scripts are pushed to the Client which runs them every 5 minutes, and reports any changes to the claim. Device Claim Scripts create scripted (formerly on-demand) device Claims and are selected in Identity Providers.
Everything your device claims script returns will be treated as a string, including "Yes", "No", "True" etc. However built-in Boolean claims such as isFirewallUp etc use Boolean true/false. (So in this example, while setting access criteria in a Policy or Condition because the value returned is a Boolean the "is true" operand works.) However, for device claims, if you want to check the myvalidCertificate claim which has come from a device claim script and returned the value "True", then because this is a string, you can NOT use "is true" operand. So to set access criteria to use "is" operand and "True" value.
Requirements/Considerations
The device claim script will execute on the user's device. Scripts run in the Client every 5 minutes and collect additional attributes which are sent back to the Controller or Gateway to set device claim values. The scripts are stored on the Appgate SDP system. During authentication the Client downloads device claim scripts if they have not already been downloaded when connecting at an earlier time.
Device Claim Scripts will not be executed if the client is running in elevated/administrator mode.
Device Claim Scripts need to able to execute on the target platform and run without the user needing admin rights.
Device Claim Scripts should return a value/values via std out which will subsequently be evaluated for true/false.
The following platform dependent script formats are supported: .exe, .sh, .bat, .vbs and .ps1. Others may run but are unsupported.
Before you start
Get a better understanding of device claims including details relating to device claim scripts
General background on the use of scripts
Refer to claims in detail for information about all the claims used in the system.
Prepare your device claims script ready for uploading
Check the Client compatibility matrix to make sure Device claim script can be used on your target platforms
Use the Device Claim Scripts form to:
Add a new device claim script
Edit an existing device claim script
Perform actions using the action buttons provided (See below)
Action Buttons
Download Script. There is a download button to download each script.