Security Handbook

Conditional Access

This chapter applies to TeamViewer clients that have a TeamViewer Tensor license with the Conditional Access Add-on.

Description

With Conditional Access, you can control the TeamViewer usage and access rights throughout your organization using a rules engine you configure within the Management Console. This conditional access provides an additional layer of security for your corporate network.

Strong security

⚠Conditional Access is a security feature; therefore, no connection is allowed initially as soon as the rule verification is activated!

With TeamViewer Tensor Conditional Access, enterprise IT and security managers can maintain company-wide oversight of TeamViewer access and usage from a single location.

Centralized rules management within the Management Console
Assign permissions for remote sessions, file transfer, and meeting connections
Configure rules at the account, group, or device level
Cloud-based solution that provides greater flexibility than an on-premise approach
Dedicated infrastructure is managed and serviced by TeamViewer
Supports Windows and macOS

Overall, you gain full control over remote connections within your corporate environment. This TeamViewer Tensor functionality helps you tighten up your security by allowing access and connections to only authorized users or devices, consequently preventing data leaks and risky behavior and minimizing risks.

Find detailed instructions and more information about Conditional Access here:

📄 Conditional Access

If you are using the (Classic) interface, please follow the instructions here.

Preapproved access

Preapproved access is a feature that allows designated users to request and gain access to your device environments for a specified time frame without the need for real-time authorization. Read more here:

📄 Preapproved access

Restrict or allow access for a specific time slot

With Conditional Access, you can also restrict or allow access for a specific time slot. This can be useful when internal or external support providers are only allowed to connect during a specific time slot. Read more here:

📄 Restrict/allow access for a specific time slot

Bring your own certificate

TeamViewer uses certificates to authenticate the identity of participants, which are issued by the TeamViewer Conditional Access feature. This feature allows users to use their own certificates to authenticate their devices. TeamViewer installations can require custom certificate authentication for incoming, outgoing, or both connections, which restricts connections to a specific set of devices.

To learn more about the Bring your own certificate feature, please read this article:

📄 Bring your own certificate

Connection Reports

Connection reporting is managed through a Web API. Customers requiring connection reports must enable Web API access. If a customer operates CAHR on its devices, the connection reporting function of the other TeamViewer users (third-party devices) will be limited when connecting to that customer through the CAHR, i. e.:

If a third-party device starts a TeamViewer session to the customer's device through the CAHR, the user access reports of that third party will not be generated;
If the customer's device connects to a third-party device through the CAHR, the
device access reports on that third-party device will not be generated.