Device Approvals and Posture Checks (Pro)
Defines how devices are approved and join a network
Overview
Netmaker provides flexible device enrollment, allowing either automatic joins or admin approval through the Auto-Join setting.
Network Join Flow
When a device attempts to join a Netmaker network, one of two things happens:
It joins the network immediately (Auto-Join enabled)
It waits for admin approval (Auto-Join disabled)
This allows teams to balance speed, automation, and security depending on the use case.
Auto-Join
How it works
When Auto-Join is enabled, any device using a valid enrollment key is added to the network instantly. No admin interaction is required; devices appear directly in the Nodes interface as active nodes.
When Auto-Join is disabled, devices requesting access are placed in the Pending Devices window and require manual admin approval before joining.
Enable or disable Auto-Join
Pending Devices
When Auto-Join is disabled, device enrollment requests are held for review under Pending Devices.
Accessing Pending Devices
Navigate to Networks → Your Network → Nodes
Click Pending devices in the top-right corner
The panel shows how many requests are waiting for review
What admins can do
From the Pending Devices panel, administrators can:
Approve a device to allow it to join the network.
Decline a device to deny access.
Review device name and request time before deciding.
Approved devices immediately appear in the Nodes list and begin participating in the network.
Security Best Practices
Enable Auto-Join in trusted internal or automated environments.
Disable Auto-Join for externally accessible networks.
Regularly monitor the Pending Devices list.
Decline unexpected or unknown device requests.
Summary
The Auto-Join feature gives administrators control over how devices enter a Netmaker network. Whether prioritizing speed or security, these tools ensure device enrollment aligns with your operational and security requirements. By choosing the right configuration, teams can scale confidently while maintaining visibility and control over network access.
Posture Checks
Automated device compliance verification for network security
Overview
Device Posture Checks provide a policy-driven mechanism to evaluate the security and system state of client devices based on reported attributes. The goal is to ensure that only devices meeting defined posture requirements are considered compliant and allowed to operate within the platform.
This feature is intended to support Zero Trust principles, continuous compliance monitoring, and controlled access enforcement.
What are Posture Checks?
Posture checks are security policies that validate device attributes against defined criteria. When a device fails to meet these requirements, it's flagged as non-compliant, allowing administrators to enforce security policies and maintain network integrity.
Key Benefits
Enforce security standards across all network devices
Prevent unauthorized access from non-compliant devices
Monitor compliance in real-time
Automate security policy enforcement
Reduce security risks from outdated or misconfigured devices
Interface Overview
The Posture Checks interface consists of three main tabs:
Posture Checks - Manage and view all posture check rules
Non-compliant Nodes - View devices that fail posture checks
Non-compliant Users - View users with non-compliant devices
Search and Actions
Search bar - Quickly filter posture checks by name
Add posture check button - Create new compliance rules
Refresh - Update compliance status in real-time
Posture Check Attributes
The following attributes can be validated:
Creating a Posture Check
Step-by-Step Guide
Enter Basic Information
Name (required)
Provide a clear, descriptive name
Use naming conventions like:
[Attribute]-[Requirement]
Description (optional)
Explain what the check validates and why
Example: "Ensures devices are running approved operating systems. Devices with unsupported OS types will be denied network access."
Configure Check Parameters
Attribute (required)
Click the dropdown to select the device property to validate
Choose from: OS, Client Version, OS Version, Kernel Version, OS Family, Auto Update
This determines what gets checked on each device
Severity Level (required)
Select from dropdown: Critical, High, Medium, Low
Align severity with your security policy priorities
Consider impact on business operations
Guidelines:
Critical: Use for security fundamentals (OS restrictions, auto-updates)
High: Important security features (kernel versions, encryption)
Medium: Standard compliance requirements
Low: Recommended but flexible standards (client version suggestions)
Define Scope
Tags (optional, defaults to "All Resources")
Select which network resources this check applies to
Click the tag field to choose from available tags
Use "All Resources" for network-wide policies
Target specific tags for granular control (e.g., production servers, guest networks)
User Groups (required, defaults to "All Users")
Select which user groups must comply with this check
Click the user groups field to choose groups
Options include:
"All Users" - Network-wide enforcement
Specific groups (e.g., "developers-network", "stest", "contractors")
Mix and match for role-based compliance
Monitoring Non-Compliance
Visibility on Nodes Interface
Important: Violated nodes and users are automatically flagged on the main Nodes screen, providing immediate visibility without switching tabs.
Visual Indicators:
Warning icon (⚠️) appears next to device names with posture check violations
Devices with violations are easily identifiable in your nodes list
Quick scanning of device status without leaving the main view
Click on the warning icon (⚠️) for detailed violation information
This allows administrators to spot compliance issues at a glance while managing devices, without needing to navigate to dedicated compliance tabs.
Non-compliant Nodes Tab
Switch to this tab to view:
Devices currently failing one or more posture checks
Which specific checks each device is violating
Device details (OS, version, user, etc.) for remediation planning
Centralized view of all violations across your network
Non-compliant Users Tab
Switch to this tab to view:
Users with one or more non-compliant devices
Aggregate violation counts per user
Pattern identification (e.g., entire teams with compliance issues)
User-focused violation grouping for targeted communication
Search and Filtering
Use the search bar to quickly find specific posture checks:
Search by name (e.g., "OS", "version", "update")
Filtering devices by compliance is useful when managing many posture checks
Best Practices
Start with Critical Checks First
Begin your implementation with high-impact, critical security requirements:
Operating system restrictions (prevent unauthorized OS types)
Auto-update enforcement (ensure security patches)
Minimum client version (guarantee feature support)
Version Information
Feature Status: BETA
Minimum Client Version: v1.4.0
Minimum UI Version: v1.4.0
Minimum Server Version: v1.4.0
Edition Required: Netmaker Pro
Last updated
Was this helpful?