pangolin_mirror/docs-v2
1
0
Fork 0
mirror of https://github.com/fosrl/docs-v2.git synced 2026-02-07 21:46:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Further 1.15.0 updates

Browse Source
This commit is contained in:
Owen
2026-01-22 21:46:06 -08:00
parent 6c44067e2b
commit 72ae6094b5
8 changed files with 90 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs.json
View File

@@ -70,7 +70,8 @@
"manage/clients/configure-client",
"manage/clients/update-client",
"manage/clients/credentials",
"manage/clients/fingerprinting"
"manage/clients/fingerprinting",
"manage/clients/archiving-blocking"
]
},
"manage/domains",
@@ -86,6 +87,7 @@
"icon": "user-group",
"pages": [
"manage/access-control/create-user",
"manage/access-control/approvals",
"manage/access-control/rules",
"manage/access-control/forwarded-headers",
"manage/access-control/login-page",

BIN
images/approvals_page.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 39 KiB

BIN
images/device_list_filter.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 45 KiB

BIN
images/device_waiting_approval.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 126 KiB

33
manage/access-control/approvals.mdx Normal file
View File

@@ -0,0 +1,33 @@
---
title: "Device Approvals"
description: "Only allow trusted devices to connect to an organization"
---
By default, any client configured with valid credentials can connect to an organization. To enhance security, you can enable device approvals, which require each new device to be manually approved by an administrator before it can connect.
When device approvals are enabled, the first time a user connects a new device to the organization, the device will be marked as "Pending Approval." An administrator must then review and approve the device in the management console before it can access organization resources.
<Frame>
<img src="/images/device_waiting_approval.png" />
</Frame>
All approvals can also be managed from a central page as they stream in to allow admins to approve or deny devices quickly.
<Frame>
<img src="/images/approvals_page.png" />
</Frame>
## Enabling Device Approvals
Device approvals are enabled on a per-role basis. To enable device approvals for a role, follow these steps:
1. Click on the **Roles** tab.
2. Select the role you want to enable device approvals for.
3. Toggle the **Require Device Approval** option to enable it.
4. Save your changes.
Once enabled, any new user connecting with that role will require approval from an administrator before it can access organization resources.
<Tip>
You can not enable device approvals for the "Admin" role.
</Tip>

41
manage/clients/archiving-blocking.mdx Normal file
View File

@@ -0,0 +1,41 @@
---
title: "Archiving & Blocking"
description: "Manage clients and block unwanted connections"
---
## Blocking Devices
To block a device that has been compromised or lost:
1. Navigate to the device in your client list
2. Click the Action Menu (three dots)
3. Select **Block**
When you block a device, it is immediately moved to a restricted list and loses access to all resources or the ability to connect.
## Archiving Devices
Devices cannot be permanently deleted from Pangolin. Instead, you can archive devices to remove them from your active client list.
To archive a device:
1. Navigate to the device in your client list
2. Click the Action Menu (three dots)
3. Select **Archive**
### Why Archive Instead of Delete?
Pangolin maintains a permanent audit trail of all devices that have accessed your resources. This ensures:
- Block rules remain effective even for archived devices
- Security logs and access history are preserved
Archiving keeps your interface clean by hiding inactive or duplicate devices while maintaining the integrity of your security records.
## Filtering
You can filter your client list to show only active, blocked, or archived devices.
<Frame>
<img src="/images/device_list_filter.png" alt="Client List Filters" style={{width: "400px", height: "auto"}} />
</Frame>

40
manage/clients/fingerprinting.mdx
View File

@@ -7,8 +7,8 @@ description:
## Device Fingerprinting
Pangolin clients collect device fingerprinting information and can perform
security posture checks to help determine trusted devices. This information can
be used to enforce security policies, audit device configurations, or monitor
security posture checks to help determine trusted devices. This information is
used to enforce security policies, audit device configurations, and monitor
compliance with organizational requirements. Snapshots of device information are
collected periodically on each platform when clients are connected.
@@ -26,6 +26,10 @@ The following device attributes are collected on each device when available:
## Available Posture Checks
<Note>
Posture checks are only collected on Pangolin Cloud and Enterprise.
</Note>
Posture checks are also collected on each platform; this is device state that
could potentially change, such as biometric availability, firewall settings, and
other related information if it is available.
@@ -39,23 +43,19 @@ Posture checks are supported on a per-platform basis.
| Hard drive encryption | Whether the system disk and other disks are encrypted (BitLocker) |
| Firewall | If the firewall (Windows or third party) is enabled |
| Antivirus | If antivirus (Windows or third party) is installed and active |
| Auto updates | If automatic updates are enabled |
| TPM availability | If a Trusted Platform Module is available |
| Windows Defender | If Windows Defender is enabled |
---
### macOS
| Posture Check | What It Reports |
| --------------------------------- | ---------------------------------------- |
| Hard drive encryption | Whether the system disk is encrypted |
| Biometric configuration | If Touch ID or Face ID is configured |
| Firewall | If the macOS firewall is enabled |
| System Integrity Protection (SIP) | Whether SIP is active |
| Gatekeeper | Whether Gatekeeper is active |
| Firewall stealth mode | Whether firewall stealth mode is enabled |
---
| Auto updates | If automatic updates are enabled |
### Linux
@@ -67,28 +67,12 @@ Posture checks are supported on a per-platform basis.
| SELinux | If SELinux is active |
| TPM availability | If a Trusted Platform Module device is available |
---
### iOS
| Posture Check | What It Reports |
| ----------------------- | ------------------------------------ |
| Biometric configuration | If Touch ID or Face ID is configured |
---
No posture checks are currently supported on iOS.
### Android
| Posture Check | What It Reports |
| ----------------------- | -------------------------------------------------- |
| Biometric configuration | If fingerprint or facial recognition is configured |
| Hard drive encryption | If File-Based Encryption is enabled |
| Auto updates | If automatic updates are enabled |
| TPM availability | If StrongBox is enabled to act as a TPM |
---
> Each fingerprint snapshot is uniquely identified and stored with a timestamp
> to allow historical analysis and tracking of changes over time. These
> snapshots are deleted automatically after a year; this time period for
> auto-deletion will be configurable in the future.
| Posture Check | What It Reports |
| --------------------- | --------------------------------------- |
| Hard drive encryption | If File-Based Encryption is enabled |

2
manage/identity-providers/add-an-idp.mdx
View File

@@ -33,7 +33,7 @@ Here is an example using Microsoft Azure Entra ID as SSO for Pangolin:
Organization identity providers are configured per organization and only apply to that specific organization. Each org can have its own identity providers, allowing for authentication methods based on the organization's needs.
<Note>
In Pangolin Enterprise you must enable `use_org_only_idp` in the [private config file](/self-host/advanced/private-config-file#param-use-org-only-idp) `privateConfig.yml`.
Available in Pangolin Cloud and Enterprise. Enterprise users must enable `use_org_only_idp` in the [private config file](/self-host/advanced/private-config-file#param-use-org-only-idp) `privateConfig.yml`.
</Note>
### Global Identity Providers