This section lists the current known limitations (and available workarounds) of the Banyan Platform
Banyan relies on a Device Certificate - an X.509 certificate issued by a trusted Certificate Authority and placed in the device’s system keychain - to register a device. The Device Certificate can be installed by a Device Manager or when an end user installs the Banyan Desktop App or Mobile App. The Device Certificate is then transparently checked when your end user authenticates via your Enterprise Identity Provider to access a Banyan-secured Application or Service.
Some Native Apps are “sandboxed” or do not correctly access the system keychain which contains the Device Certificate. When an end user authenticates via such a Native App, Banyan then treats the requests as coming from an Unregistered Devices” and rejects the authentication request with an “Device Certificate not provided” message.
This issue is commonly seen on iOS and MacOS Native Apps (such as Microsoft OneDrive or Salesforce CRM App).
Desktop App, Mobile App
You can enable Device Trust Verification for your organization. This early preview feature uses a modified authentication flow wherein the end user is presented with a challenge code when attempting to access a Banyan-protected service from a Sandboxed App.
The end user must copy the challenge code, and submit it via the Device Trust Verification tab in their Banyan App (desktop or mobile) to verify the device. After submitting the challenge code and verifying their device, the end user returns to the Sandboxed App to authenticate with the IDP and access the Banyan-protected service. Banyan’s Device Trust Verification capability allows Device Roles and TrustScoring based policies for Sandboxed Apps.
The Linux-RPM version of the Desktop App does not currently support TrustScoring for up-to-date OS or Org Preferred Apps.
We are actively improving support for Fedora-based Linux distributions.
EFAULT) unrelated to Banyan or the Banyan Desktop App. Although this issues does not currently impact device registration, access to services, or other Banyan-related activities, it may lead to end user confusion.
Although usage is not impacted and there is no standard workaround, we will keep an eye on the Apple M1 problem and will develop improvements accordingly.