- 24 Sep 2022
- 1 Minute to read
Device Trust, User Identity, and Deployment
- Updated on 24 Sep 2022
- 1 Minute to read
Establishing user and device identity and trust serves as the foundation of Trusted Access and any other Zero Trust architecture. Without the ability to reliability and securely distinguish trusted users and devices from those that are untrusted puts an organization's data and infrastructure at significant risk.
Through a proper device management strategy, a foundation of device trust can be asserted, established, and maintained. Without an underpinning of device management, it is very hard to establish trust in a scaleable and user friendly manner at the device level.
Complimenting device trust is user trust, which requites an identity provider to digitally attest that a user is who they claim to be. While establishing a user's identity is traditionally achieved using user names and passwords, modern authentication mechanisms including MFA (multi-factor authentication) and passwordless (FIDO, Webauthn) have dramatically improved the integrity of user authentication.
Establishing Device Trust
Trusted Access is built on the principle that all general purposes devices must be managed by device management (MDM) at the operating system level.
Device management techniques and capabilities vary by platform and device ownership (privacy) modes. Use the table below to understand how to best manage your organization's fleet of devices in a way that can establish device trust and thereby support the Trusted Access solution:
|Corporate Owned||Personally Owned (BYOD)||Contractor / Unmanaged|
|Apple macOS||Device Enrollment||User-Only Enrollments|
|Apple iOS/iPadOS||Device Enrollment||User Enrollment||User-Only Enrollments|
|Google Android Enterprise||Fully Managed Devices|
Work Profile for Mixed Use Company Owned Devices
|Microsoft Windows||Modern Device Management||User-Only Enrollments|
Establishing User Trust
All users must be managed and authenticated using an identity provider (IdP), with a strong recommendation to use multi-factor authentication and passwordless technologies where available.
See Users and Identity Providers for more information about configuring user identity as part of the Trusted Access solution.