More

    Introducing OneIdP: Transform Device and Identity Management on Scalefusion

    We’re thrilled to share a major leap in our innovation journey—the introduction of our very first UEM-integrated identity and access management solution, Scalefusion OneIdP. This release is a significant step forward in our commitment to making device management and security simple yet effective.

    For small and medium-sized enterprises (SMEs) and larger businesses alike, OneIdP brings device and user management together within a single platform. You can now create and manage user identities and enable them to access your managed devices securely.

    This is a special milestone in our journey as we strive to extend a straightforward and comprehensive solution for identity management within our mobile device and endpoint management platform.

    Today also marks a significant step towards our commitment to helping IT admins manage their PC/Mac inventory. By offering them granular settings to manage device sharing, we are excited to announce Shared Devices and User-based Profiles for PCs and Macs.

    To understand more about how OneIdP works, let’s understand the different features that help customize the login flow and apply conditional login access for macOS and Windows.

    OneIdP

    Introducing OneIdP

    OneIdP is an IAM suite with three major elements or features: directory services, access management (MFA-based), and single sign-on (SSO). It was introduced to streamline user authentication and authorization and ensure secure access to Windows and macOS devices managed by Scalefusion. OneIdP is powered by the shared device feature and user-based profiles available on the Scalefusion dashboard.

    Shared Devices & User-Based Profiles (UBP)

    Managing a PC or Mac in an enterprise environment involves managing shared devices unless your organization has a ‘laptop only’ policy. For companies offering desktops and iMacs where employees can log in from any of the machines, in any of their locations, and in any shift, it becomes important for the IT admins to ensure that only authorized employees have access to the machine and once they log in, the appropriate usage policies are applied.

    With this new release, IT admins can easily implement a shared device policy and ensure that device access complies with both the user access policy and configuration policies.

    This can done by simply configuring the following settings in the Scalefusion dashboard

    • Allow devices to be shared within the group: Enable/disable device sharing within the assigned user group. This setting needs to be enabled to access the other features within the User-Based Profile. 
    • Allow the device to be shared by users across groups: Enable/disable device sharing across user groups.
    • Allow multi-device login: Control user logins from multiple devices simultaneously.
    • Allow ungrouped users to log in: Enable/disable login for users that do not belong to any group.

    The compliance actions for Shared Devices on the Scalefusion dashboard include two key features:

    • Force Logoff: This automatically logs off users not complying with device-sharing settings, with the option to configure a message explaining the reason for the logoff. 
    • Auto Logoff: This feature enables IT admins to set a specific duration, after which the users are automatically logged off.

    Once the Shared Device setting kicks in, Scalefusion’s User-Based Profiles are created. After a user is allowed to log in to a device, a profile (policy settings) based on the user’s current user group is auto-assigned to the device. This ensures that the user has access to the right set of apps required to work.

    This sets the perfect stage for OneIdP.

    Transform Your Login Access Management

    Developed to empower IT administrators with improved control, OneIdP offers identity & access management within the Scalefusion ecosystem. In an era where secure and efficient user logins are paramount, OneIdP steps in to redefine the “How” and “When” of accessing managed Windows and macOS devices.

    Integrated seamlessly into Scalefusion MDM, OneIdP ensures a consistent sign-in experience across devices and services. Validate users through directory credentials and configure multi-factor authentication (MFA) methods to eliminate concerns about local account passwords. For device maintenance, admins can grant login privileges to local administrators or selected users in addition to directory users.

    IT admins can apply conditional access policies by defining geofences, IP address limitations, Wi-Fi-based restrictions, and conditions on the date and time with which a user can be allowed access to the enrolled Windows and macOS devices using OneIdP. This granular control ensures compliance with organizational policies, security protocols, and labor laws.

    Whether an organization utilizes a directory service like Microsoft Entra or Google Workspace or operates without one, OneIdP offers seamless adaptability. It extends the same robust conditional access policies to local accounts, catering to a diverse range of organizational needs.

    With OneIdP, you’re not just adopting an add-on; you’re elevating your device security strategy.

    MDM-Driven Directory Service

    Earlier this year, we added support for Shared Android devices. While we were working on the Shared Devices support for desktops/Macbooks and building our OneIdP suite, we observed that SMEs and a few large-scale enterprises find it either too complex or not cost-effective to create user identities for their frontline or contractual workers. 

    They either have to choose a commercial solution that tries to bundle a plethora of services that may not be required for the frontline workers or have to let frontline workers use their personal email IDs to sign in to work devices to be able to enable sharing or as for their desktops create and manage local accounts. We have also observed several enterprises spinning off a local Active Directory to create and manage users to control the costs.

    And this is why OneIdP’s directory services came into being.

    Scalefusion OneIdP offers an out-of-the-box directory service focused to help with device management and enable user-based enrollment or shared devices. This solution is directly integrated with the Scalefusion dashboard, allowing IT admins to use their existing Scalefusion accounts to get started right away.

    You can choose a custom *.oneidp.com domain OR add & verify your own domains and start adding users from the Scalefusion dashboard. You can create as many users as you want once you have a verified domain and have your employees use it to enroll and log in to their Android, Windows, and macOS devices that are managed by Scalefusion. 

    OneIdP’s directory services enable you to bypass the hassle of creating and managing local accounts on your managed devices and easily create identities from the Scalefusion dashboard. You can also easily reset passwords in case an employee forgets them or delete a user once they leave the organization.

    What’s next…

    SSO, one of the three components that complete the OneIdP suite, is currently under development. While our team is gearing up to launch it in mid-2024, we are excited to see how our customers and partners make use of OneIdP. We expect the three core features to simplify the device management experience further and help ascertain Scalefusion’s contribution in making the day-to-day of an IT admin a breeze.

    Do let us know your thoughts and feedback by dropping us a note to [email protected] or [email protected] and we will be glad to hear from you.

    Sriram Kakarala
    Sriram Kakarala
    Sriram has been developing mobile applications for 10+ years. His experiences include working on a BYOD solution, a custom Android OS for the enterprises and multi-headed Chat clients for consumers. He has had experience working for early stage start-ups to mid-size stuck-ups and near-stagnant MNC’s. On a personal level he thinks a nice sandwich is all that the world needs!!.

    Product Updates

    Introducing Single Sign-On (SSO): Simplifying Access Powered by Scalefusion OneIdP

    Identity and Access Management (IAM) tools control and manage user access to systems and resources. They ensure the right individuals access the appropriate resources...

    Introducing Staggered Deployment for Android

    We're excited to unveil a new feature to simplify app deployment: Staggered Deployment for Android Enterprise and Recommended Applications. This feature is designed to...

    Introducing Maker-Checker: Enhancing Decision Making on Scalefusion

    In a world where human and technological imperfections coexist, having an extra pair of eyes never hurts, especially when dealing with large device inventories....

    Introducing Scalefusion ProSurf: A Secure Browser for Windows Devices

    We're thrilled to introduce Scalefusion ProSurf for Windows—a browser that delivers secure and controlled browsing experiences on managed Windows devices. Scalefusion ProSurf empowers organizations...

    Introducing Apple ID-driven Enrollment: Modern BYOD for iOS Devices

    We are excited to announce the launch of Apple ID-driven user enrollment. Enterprises can now leverage full-blown BYOD for iOS devices by enabling a...

    RBAC Implementation for UEM Dashboards: What You Need To Know

    Think of this the next time you’re on a private airline flight. As a passenger, can you simply walk...

    What is an Acceptable Use Policy  (AUP), and Why is it Crucial for Your Business?

    Using mobile devices in business operations has become indispensable. Employees rely on smartphones, tablets, and other portable devices to...

    Must read

    Introducing Single Sign-On (SSO): Simplifying Access Powered by Scalefusion OneIdP

    Identity and Access Management (IAM) tools control and manage...

    Introducing Maker-Checker: Enhancing Decision Making on Scalefusion

    In a world where human and technological imperfections coexist,...
    spot_img

    More from the blog

    Introducing Single Sign-On (SSO): Simplifying Access Powered by Scalefusion OneIdP

    Identity and Access Management (IAM) tools control and manage user access to systems and resources. They ensure the right individuals access the appropriate resources...

    Mobile Device Lifecycle Management (MDLM): The Ultimate Guide to Device Control

    Device lifecycle management plays an important role in overseeing mobile devices from their initial phase to their final disposal. It ensures devices are well-maintained,...

    Elevating Electronic Logging Device (ELD) Management for Trucks and Drivers

    Effective management of electronic logging devices (ELDs) is critical for maintaining compliance and efficiency in the trucking industry. ELDs have transformed how fleet managers...

    RBAC Implementation for UEM Dashboards: What You Need To Know

    Think of this the next time you’re on a private airline flight. As a passenger, can you simply walk into the cockpit and take...