We’re thrilled to share a major leap in our journey of innovation – the introduction of our very first Identity Management Solution- OneIdP. This release is a significant step forward in our commitment to making device management and security simple yet effective.
For small and medium-sized enterprises (SMEs) and larger businesses alike, OneIdP brings device and user management together within a single platform. You can now create and manage user identities and enable them to access your managed devices securely.
This is a milestone in our journey, as we strive to extend a straightforward and comprehensive solution for identity management within our mobile device management platform.
Today also marks a significant step towards our commitment to help IT admins manage their PC/Mac inventory. By offering them granular settings to manage the sharing of devices, we are excited to announce Shared Devices and User-based Profiles for PCs and Macs.
To understand more about how OneIdP works, let us understand the different features that help in customizing the login flow and applying conditional login access for macOS and Windows.
Introducing OneIdP
OneIdP (One Identity Provider) is a suite of three sub-products – OneDirectory, OneID and OneAuth. OneIdP is introduced to streamline user authentication and authorization and ensure secure access to Windows and macOS devices managed by Scalefusion and is powered by the Shared Device feature and User-based Profiles available on the Scalefusion dashboard.
Shared Devices & User-Based Profiles (UBP)
Managing a PC or Mac in an enterprise environment involves managing shared devices unless your organization has a ‘laptop only’ policy. For companies offering desktops and iMacs where employees can log in from any of the machines, in any of their locations and in any shift, it becomes important for the IT admins to ensure that only authorized employees have access to the machine and once they log in, the appropriate usage policies are applied.
With this new release, IT admins can now easily implement a shared device policy and ensure that the device access is compliant with both the user access policy and configuration policies.
This can done by simply configuring the following settings in the Scalefusion dashboard
- Allow devices to be shared within the group: Enable/disable device sharing within the assigned user group. This setting needs to be enabled to access the other features within the User-Based Profile.
- Allow the device to be shared by users across groups: Enable/disable device sharing across user groups.
- Allow multi-device login: Control user logins from multiple devices simultaneously.
- Allow ungrouped users to log in: Enable/disable login for users that do not belong to any group.
The compliance actions for Shared Devices on the Scalefusion dashboard include two key features:
- Force Logoff: This automatically logs off users not complying with device-sharing settings, with the option to configure a message explaining the reason for the logoff.
- Auto Logoff: This feature enables IT admins to set a specific duration, after which the users are automatically logged off.
Once the Shared Device setting kicks in, Scalefusion’s User-Based Profiles are created. After a user is allowed to log in to a device, a profile (policy settings) based on the user’s current user group is auto-assigned to the device. This ensures that the user has access to the right set of apps required to work.
This sets the perfect stage for OneIdP.
OneID: Transform Your Login Access Management
Developed to empower IT administrators with improved control, OneID is a Login Access Management Plugin within the Scalefusion ecosystem. In an era where secure and efficient user logins are paramount, OneID steps in to redefine the “How” and “When” of accessing managed Windows and macOS devices.
Integrated seamlessly into Scalefusion MDM, OneID ensures a consistent sign-in experience across devices and services. Validate users through directory credentials and configure multi-factor authentication (MFA) methods to eliminate concerns about local account passwords. For device maintenance, admins can grant login privileges to local administrators or selected users in addition to directory users.
IT admins can apply condition access policies by defining Geofences, IP address limitations, Wi-Fi-based restrictions as well as conditions on the date and time with which a user can be allowed access to the enrolled Windows and macOS devices using OneID. This granular control ensures compliance with organizational policies, security protocols, and labor laws.
Whether an organization utilizes a Directory service like Microsoft Entra or Google Workspace or operates without one, OneID offers seamless adaptability. It extends the same robust conditional access policies to local accounts, catering to a diverse range of organizational needs.
With OneID, you’re not just adopting a plugin; you’re elevating your device security strategy.
OneDirectory: MDM-Driven Directory Service
Earlier this year, we added support for Shared Android devices. While we were working on the Shared Devices support for desktop/Macbooks and building our OneId plugin, we observed that SMEs and also a few large-scale enterprises find it either too complex or is not cost-effective to create user identities for their frontline or contractual workers.
They either have to choose a commercial solution that tries to bundle a plethora of services that may not be required for the frontline workers or have to let frontline workers use their personal email IDs to sign in to work devices to be able to enable sharing or as for their desktops create and manage local accounts. We have also observed several enterprises spinning off a local Active Directory to create and manage users to control the costs.
And this is why OneDirectory came into being.
Scalefusion’s OneDirectory, a part of the OneIdP suite, offers an out-of-the-box directory service focused to help with device management and enable user-based enrollment or shared devices. This solution is directly integrated with the Scalefusion dashboard, allowing IT admins to use their existing Scalefusion accounts to get started right away.
You can choose a custom *.oneidp.com domain OR add & verify your own domains and start adding users from the Scalefusion dashboard. You can create as many users as you want once you have a verified domain and have your employees use it to enroll and log in to their Android, Windows, and macOS devices that are managed by Scalefusion.
OneDirectory enables you to bypass the hassle of creating and managing local accounts on your managed devices and easily create identities from the Scalefusion dashboard. You can easily reset passwords in case an employee forgets their passwords or delete a user once they leave the organization. OneDirectory integrates with the Shared devices features and OneID access plugin out of the box, thereby expediting your shared device use cases and user-based deployments.
What’s next…
OneAuth – one of the three components that complete the OneIdP suite, is currently under development. While our team is gearing up to launch it in early 2024, we are excited to see how our customers and partners make use of OneID and OneDirectory. We expect these features to simplify the device management experience further and help ascertain Scalefusion’s contribution in making the day-to-day of an IT admin a breeze.
Do let us know your thoughts and feedback by dropping us a note to [email protected] or [email protected] and we will be glad to hear from you.
