Security - Login or Access only from Company Owned device - Inside or Outside of company

Hello All,

seek your suggestion on bellow requirement .

i have one requirement where user 1 is allowed to access nextcloud service inside company and outside company. now due to data security and compliance, security team is saying to put control that User1 should not access Nextcloud from other System and it should only be accessible from Company owned device not from Personnel device.
As of now user can login to their perssonel device and downlaod official data as well.
we cannot not restrict them not to access from out side due to business nature, they must access from outside but only from company owned devices. what is control ?

Nextcloud version (eg, 12.0.2) : 17.0.1
Operating system and version (eg, Ubuntu 18.04) :
Apache or nginx version (eg, Apache 2.4.25) :
PHP version (eg, 7.3 :

The issue you are facing:

Is this the first time you’ve seen this error? (Y/N) : yes

Steps to replicate it:

The output of your Nextcloud log in Admin > Logging :

PASTE HERE

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

PASTE HERE
```<?php
$CONFIG = array (
  'instanceid' => 'ocxmftsqft92',
  

  'trusted_domains' =>
  array (
   
  ),
  'htaccess.RewriteBase' => '/',
  
  'dbtype' => 'mysql',
  'version' => '17.0.1.1',

  'dbname' => ',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
 
  'installed' => true,
  'auth.bruteforce.protection.enabled' => true,
  'cron_log' => true,
  'logtimezone' => 'Asia/Kolkata',
  'loglevel' => 1,
  'log_rotate_size' => 104857600,
  'enable_previews' => true,
  'enabledPreviewProviders' =>
  array (
    0 => 'OC\\Preview\\PNG',
    1 => 'OC\\Preview\\JPEG',
    2 => 'OC\\Preview\\GIF',
    3 => 'OC\\Preview\\BMP',
    4 => 'OC\\Preview\\XBitmap',
    5 => 'OC\\Preview\\Movie',
    6 => 'OC\\Preview\\PDF',
    7 => 'OC\\Preview\\MP3',
    8 => 'OC\\Preview\\TXT',
    9 => 'OC\\Preview\\MarkDown',
    10 => 'OC\\Preview\\MSOffice2003',
    11 => 'OC\\Preview\\MSOffice2007',
    12 => 'OC\\Preview\\MSOfficeDoc',
    13 => 'OC\\Preview\\OpenDocument',
    14 => 'OC\\Preview\\PDF',
    15 => 'OC\\Preview\\StarOffice',
  ),
  'skeletondirectory' => '/var/www/nextcloud/core/skeleton',
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'memcache.local' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' =>
  array (
    'host' => '/var/run/redis/redis-server.sock',
    'port' => 0,
    'timeout' => 3,
    'password' => '',
    'dbindex' => 0,
  ),
  'ldapIgnoreNamingRules' => false,
  'ldapProviderFactory' => 'OCA\\User_LDAP\\LDAPProviderFactory',
  
  'overwriteprotocol' => 'https',
  
  'knowledgebaseenabled' => false,
  'allow_user_to_change_display_name' => false,
  'maintenance' => false,
  'twofactor_enforced' => 'false',
  'twofactor_enforced_groups' =>
  array (
  ),
  'twofactor_enforced_excluded_groups' =>
  array (
    0 => 'admin',
  ),
  'app_install_overwrite' =>
  array (
    0 => 'beame_insta_ssl',
  ),
  'has_rebuilt_cache' => true,
  'updater.release.channel' => 'stable',
  'theme' => '',
);

Dear All,

Any suggestion please

I’m not aware of any mechanism to reliable identify devices on an application level. Better would be to restrict access to your network resources on an earlier stage, e.g. the network layer. The following discussions might be of interest for you:

https://www.google.com/search?q=how+restrict+network+access+to+company+owned+devices