One of our concerns is device management. Is there any admin oversight into what devices users connect? Or where they connect the devices from? Can admins remove devices?
1 Like
Very very limited currently - you can see IPs and protocols. There’s an open issue on GitHub to discuss this. I’ll find it shortly.
Awesome thanks, any info would be great.
To clarify though, we’re looking for two things:
View all devices registered in our instance of NextCloud from some admin view
To limit new device additions so they can only be done on the internal network.
I imagine we could just set up “Deny/Allow” blocks for a certain URL in httpd config for the second portion, but I’m not sure exactly what URL device registration happens at.
opened 01:43PM - 11 Feb 17 UTC
closed 09:09PM - 17 Mar 20 UTC
enhancement
2. developing
feature: files
spec
feature: users and groups
## Scenario 1
### Steps to reproduce
1. Admin creates a new user
1. User … installs mobile client
1. User sync all files
1. Admin deletes user
## Expected behaviour
All files on the mobile device are removed
## Actual behaviour
Nothing happens. User still has access to all downloaded files
## Scenario 2
### Steps to reproduce
1. UserA shares folder with userB
2. UserA unhares folder with userB
## Expected behaviour
All files on the mobile device are removed
## Actual behaviour
Share is removed. UserB still has access to all downloaded files
## Solutions
### Use Mobile Device Management software
Install the clients via MDM which will segragate the app and wipe it when the user leaves the company.
A MDM can also wipe the whole work container or the device
### Use ActiveSync/EAS
Sponsor the development of an ActiveSync/EAS feature which can implement policies (password, encryption ,etc.) and completely wipe a device
### Implement a solution in Nextcloud
1. Implement client policies which define which actions a user is allowed to do. Per example, prevent the use of external viewers, prevent saving files outside the container, etc.
1. When a user is removed, send a signal to all clients that the user has been removed
1. When a share is removed, send a signal to all clients that the share has been removed
Add your voice to the GH issue, good suggestions to be considered!