Device Administration

Twingate displays the devices your users connect to Twingate from in both the user detail page for an individual user and the Devices tab. On this page, we show information collected from the device, including, but not limited to, the name, make & model, Twingate Client version, posture information, and which Trusted Profiles have been met.

-> For more on Trusted Profiles, see the Device Security Guide.

Device Attributes

Some attributes are only supported by certain Client platforms, please see below for details.

AttributeDescriptionPlatforms Supported
NameThe “friendly name” of the device, set by the user.Windows, macOS, iOS
HostnameThe DNS hostname that the device assigns to itself. Often based on the device name.Windows, macOS, Linux
MakeThe manufacturer of the device.macOS, Linux, iOS
ModelThe model name of the device.macOS, Linux, iOS
OS nameThe name of the operating system.All
OS versionThe numerical version of the operating system.All
Serial numberThe hardware serial number of the device.Windows, macOS, Linux
Local usernameThe name of the local user running Twingate.Windows, macOS, Linux
Client versionThe version of the Twingate Client running on the device.All
Active stateThe status of the device.All
Connection indicatorThe green dot on the device icon indicates that the user is currently logged in to this deviceAll

Verified Devices

Twingate supports various integrations with EDR and MDM software to automatically mark devices as verified. In addition, Twingate allows admins to designate specific devices as manually verified. Verified devices can be incorporated into Security Policies so that this status is taken into account.

This policy requirement can be enforced for any device with the Twingate client app, regardless of platform or location. For information on incorporating device verification into Security Policies, see the Device Security Guide.

Device Active State

Devices in Twingate can have three different states to make device management easier: active, archived, and blocked. These states can be set both in the Admin Console or through the API.

StateUse casesAdmin Console VisibilityProtected Resource Access
ActiveDefault state
Actively used devices
VisibleRequires sign in
ArchivedOld or deprecated devices
Devices that have not signed in or accessed a Resource in 90 days
Filtered outRequires sign in
BlockedLost, stolen, or deprecated devicesFiltered outNo access

By default, all new devices are in an active state. This means that users on these devices can access protected Resources, provided that they meet the requirements of the relevant Security Policies.

Devices that have not signed in or accessed a Resource in the past 90 days are automatically archived. Alternatively, device states can manually be set to archived. This will automatically sign out the user from the device and will require the user to re-authenticate into the client in order to access protected Resources. Re-authentication will automatically return an archived device to its active state.

For lost, stolen, or deprecated devices, you can set their state to blocked. This will automatically sign out the user from the device. This user will be unable to sign into this device again and the device will lose access to protected Resources.

Last updated 3 months ago