We have a couple of different HTTPS management portals that I want to give external access to for only a couple mobile phones but want to be as stringent as possible on security.  I have already set up a geo filter to only allow US connections and only allowed the ports required.  I see there is a device type that I can further lock down that I could set to Mobile Devices (how does it know which device I'm using, by the way?)  My question is, is there any way to lock this down further to only a few specific devices?  Can I filter by cell phone IMEI or something else?  We are talking less than 5 devices that need this access.

I know a VPN would be the best way, but you have to manually enable the VPN every time you want to use it on an iPhone and one of these apps utilizes push notifications and therefore requires full-time connectivity.