Device Trust, User Identity, and Deployment
  • 04 Apr 2023
  • 1 Minute to read
  • Dark
  • PDF

Device Trust, User Identity, and Deployment

  • Dark
  • PDF

Article summary

Establishing user and device identity and trust serves as the foundation of Trusted Access and any other Zero Trust architecture. Without the ability to reliability and securely distinguish trusted users and devices from those that are untrusted puts an organization's data and infrastructure at significant risk.

Through a proper device management strategy, a foundation of device trust can be asserted, established, and maintained. Without an underpinning of device management, it is very hard to establish trust in a scaleable and user friendly manner at the device level.

Complimenting device trust is user trust, which requires an identity provider to digitally attest that a user is who they claim to be.  While establishing a user's identity is traditionally achieved using user names and passwords, modern authentication mechanisms including MFA (multi-factor authentication) and passwordless (FIDO, Webauthn) have dramatically improved the integrity of user authentication. 

Establishing Device Trust

Trusted Access is built on the principle that all general purposes devices must be managed by device management (MDM) at the operating system level. 

Device management techniques and capabilities vary by platform and device ownership (privacy) modes.  Use the table below to understand how to best manage your organization's fleet of devices in a way that can establish device trust and thereby support the Trusted Access solution: 

Corporate OwnedPersonally Owned (BYOD)Contractor / Unmanaged
Apple macOSDevice EnrollmentUser-Only Enrollments
Apple iOS/iPadOSDevice EnrollmentUser EnrollmentUser-Only Enrollments
Google Android EnterpriseFully Managed Devices
Work Profile for Mixed Use Company Owned Devices
Work Profile
Microsoft WindowsModern Device ManagementUser-Only Enrollments
LinuxNot supported.

Establishing User Trust

All users must be managed and authenticated using an cloud identity provider (IdP), with a strong recommendation to use multi-factor authentication and passwordless technologies where available.

See Users and Identity Providers for more information about configuring user identity as part of the Trusted Access solution.

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.