How to differentiate private and company owned devices on the ABAP Stack?

Hey all,

maybe someone have ideas, to solve an actual security demand on my side.

Employees shall access a Fiori Launchpad on an NetWeaver Gateway instance. While they shall see all tiles and information from the company owned devices (which are using certificates), they shouldn't by using private devices. The reasons are kind of legal and data privacy.

The first security layer from external access is a VPN SSL tunnel by juniper, the second will be the SAP Netweaver Gateway instance. At this point I want to differentiate between private and company owned devices, to provide further logic.

I'm now struggling with the question, if there is a way, how i can identify the incoming user on the Gateway ABAP system, by his/her maybe ip-range, certificate or something else. Maybe I'm missing something essential or another Dispatcher or Proxy is needed. Thanks for every suggestion.

regards

julian