Trusting connection/computer but zero trust for user

Hi All, hoping somebody has an idea or even better zerotier can tell us how to do what I’m looking for and if not possible today, is it on today or will it be added to the roadmap.
(Apologies if asked already but I couldn’t see what I’m looking for already asked).

I’m currently testing zerotier and another product to provide a zero trust effect into an internal network. Zerotier looks very promising in management, setup, deployment etc. The scenario I’m trying to get working is:

  • authorize the connection which in this case could be computer, iphone etc as normal but then for the flow rules, use the device user or user identitiy somehow (not sure how to give it to zerotier today) for use in the rules.
    A simple example is: laptop A connects to the overlay network but default flow rule doesn’t allow it access or routes on the network. The rules would then evaluate if the user credtentials used, have any applicable rules and apply them to the connection.
    Purpose would be: if on a company device rules using tags could allow the device certain network access (eg: servers) vs a non-company device (BYOD). In both cases the user credentials are also used to check flow rules. This also solves the problem with shared or hot desking computers.

Is this possible today? or if not, is it on or will it be added to teh development roadmap?

(awesome product btw)

Thanks

Hello,
thanks for asking. There is SSO signin at the client available, but this is not integrated with the rules engine. (yet?)

One work around that may help is using multiple zerotier networks. You can specify which users are allowed to SSO sign into which networks.

I’m not sure there’s a good current solution for the hot desk usecase.