Delegated baseline for many endpoints

Is there a way I can enforce a policy like this?

allow endpoints with attribute #top_secret unless they’ve been inactive for 30d

That’s one way I might be able to catch abandoned endpoints. More broadly I’m looking for a ways to assist with managing a large number of endpoints that I’ve minted for my users. I have thousands of users for whom dozens of managers are responsible. I need a way to delegate the baseline for each endpoint to the managers. In other words, only the managers will know whether the endpoints are still valid.

I know that it’s possible to author my own integration with the platform API, and I may go that route. In the meantime I’d like to know how you recommend that I approach this because I am manually creating the endpoints through the web console, not sync from a directory. Is it best to use directory sync with numerous users to ensure that endpoints are provisioned and de-provisioned automatically?


‘Endpoint Attributes’ can be used to group the endpoints based on any criteria like function, project, etc within the Organization.

Enforcing a policy to the endpoints is achieved by mapping endpoints or endpoint attributes to the AppWAN.

The feature of identifying inactive endpoints from the console GUI is in the development pipeline. However, you can make use of the endpoints download report in the Endpoint section and ‘Reporting & Analytics’ under the Organization section to identify the active vs inactive users and group them using ‘Endpoint Attributes’.

On the endpoint creation process, you can integrate On-prem/ Azure-hosted Active Directory in customer environments with NetFoundry endpoint groups to automatically provision and de-provision an endpoint for each AD group member

Attribute Explorer

Thanks! I wasn’t aware I could download an endpoint report. If it shows evidence of activity that will certainly help.