We’re thrilled to share a major leap in our innovation journey—the introduction of our very first UEM-integrated identity and access management solution, Scalefusion OneIdP. This release is a significant step forward in our commitment to making device management and security simple yet effective.
For small and medium-sized enterprises (SMEs) and larger businesses alike, OneIdP brings device and user management together within a single platform. You can now create and manage user identities and enable them to access your managed devices securely.
This is a special milestone in our journey as we strive to extend a straightforward and comprehensive solution for identity management within our mobile device and endpoint management platform.
Today also marks a significant step towards our commitment to helping IT admins manage their PC/Mac inventory. By offering them granular settings to manage device sharing, we are excited to announce Shared Devices and User-based Profiles for PCs and Macs.
To understand more about how OneIdP works, let’s understand the different features that help customize the login flow and apply conditional login access for macOS and Windows.
Introducing OneIdP
OneIdP is an IAM suite with three major elements or features: directory services, access management (MFA-based), and single sign-on (SSO). It was introduced to streamline user authentication and authorization and ensure secure access to Windows and macOS devices managed by Scalefusion. OneIdP is powered by the shared device feature and user-based profiles available on the Scalefusion dashboard.
Shared Devices & User-Based Profiles (UBP)
Managing a PC or Mac in an enterprise environment involves managing shared devices unless your organization has a ‘laptop only’ policy. For companies offering desktops and iMacs where employees can log in from any of the machines, in any of their locations, and in any shift, it becomes important for the IT admins to ensure that only authorized employees have access to the machine and once they log in, the appropriate usage policies are applied.
With this new release, IT admins can easily implement a shared device policy and ensure that device access complies with both the user access policy and configuration policies.
This can done by simply configuring the following settings in the Scalefusion dashboard
- Allow devices to be shared within the group: Enable/disable device sharing within the assigned user group. This setting needs to be enabled to access the other features within the User-Based Profile.
- Allow the device to be shared by users across groups: Enable/disable device sharing across user groups.
- Allow multi-device login: Control user logins from multiple devices simultaneously.
- Allow ungrouped users to log in: Enable/disable login for users that do not belong to any group.
The compliance actions for Shared Devices on the Scalefusion dashboard include two key features:
- Force Logoff: This automatically logs off users not complying with device-sharing settings, with the option to configure a message explaining the reason for the logoff.
- Auto Logoff: This feature enables IT admins to set a specific duration, after which the users are automatically logged off.
Once the Shared Device setting kicks in, Scalefusion’s User-Based Profiles are created. After a user is allowed to log in to a device, a profile (policy settings) based on the user’s current user group is auto-assigned to the device. This ensures that the user has access to the right set of apps required to work.
This sets the perfect stage for OneIdP.
Transform Your Login Access Management
Developed to empower IT administrators with improved control, OneIdP offers identity & access management within the Scalefusion ecosystem. In an era where secure and efficient user logins are paramount, OneIdP steps in to redefine the “How” and “When” of accessing managed Windows and macOS devices.
Integrated seamlessly into Scalefusion MDM, OneIdP ensures a consistent sign-in experience across devices and services. Validate users through directory credentials and configure multi-factor authentication (MFA) methods to eliminate concerns about local account passwords. For device maintenance, admins can grant login privileges to local administrators or selected users in addition to directory users.
IT admins can apply conditional access policies by defining geofences, IP address limitations, Wi-Fi-based restrictions, and conditions on the date and time with which a user can be allowed access to the enrolled Windows and macOS devices using OneIdP. This granular control ensures compliance with organizational policies, security protocols, and labor laws.
Whether an organization utilizes a directory service like Microsoft Entra or Google Workspace or operates without one, OneIdP offers seamless adaptability. It extends the same robust conditional access policies to local accounts, catering to a diverse range of organizational needs.
With OneIdP, you’re not just adopting an add-on; you’re elevating your device security strategy.
MDM-Driven Directory Service
Earlier this year, we added support for Shared Android devices. While we were working on the Shared Devices support for desktops/Macbooks and building our OneIdP suite, we observed that SMEs and a few large-scale enterprises find it either too complex or not cost-effective to create user identities for their frontline or contractual workers.
They either have to choose a commercial solution that tries to bundle a plethora of services that may not be required for the frontline workers or have to let frontline workers use their personal email IDs to sign in to work devices to be able to enable sharing or as for their desktops create and manage local accounts. We have also observed several enterprises spinning off a local Active Directory to create and manage users to control the costs.
And this is why OneIdP’s directory services came into being.
Scalefusion OneIdP offers an out-of-the-box directory service focused to help with device management and enable user-based enrollment or shared devices. This solution is directly integrated with the Scalefusion dashboard, allowing IT admins to use their existing Scalefusion accounts to get started right away.
You can choose a custom *.oneidp.com domain OR add & verify your own domains and start adding users from the Scalefusion dashboard. You can create as many users as you want once you have a verified domain and have your employees use it to enroll and log in to their Android, Windows, and macOS devices that are managed by Scalefusion.
OneIdP’s directory services enable you to bypass the hassle of creating and managing local accounts on your managed devices and easily create identities from the Scalefusion dashboard. You can also easily reset passwords in case an employee forgets them or delete a user once they leave the organization.
What’s next…
SSO, one of the three components that complete the OneIdP suite, is currently under development. While our team is gearing up to launch it in mid-2024, we are excited to see how our customers and partners make use of OneIdP. We expect the three core features to simplify the device management experience further and help ascertain Scalefusion’s contribution in making the day-to-day of an IT admin a breeze.
Do let us know your thoughts and feedback by dropping us a note to [email protected] or [email protected] and we will be glad to hear from you.
