Authors: @Sakshi Gupta and @Preethi T M
Overview
In the ever-evolving landscape of enterprise mobility management, ensuring seamless access control and security is paramount. One key feature that contributes significantly to this is the ability to sign in and sign out from shared devices. While this capability is currently available for end-users, there is a notable gap: admins lack the same ability. This blog delves into the importance of this feature, its current limitations, and the pressing customer requirement to bridge this gap within the MaaS360 portal.
The Current Scenario
The Shared Device feature in MaaS360 allows end-users to sign in and sign out, ensuring that their session data remains secure and inaccessible to subsequent users.
Updated Scenario
Now, new Remote Sign-In/Sign-Out action from portal is implemented for admins to perform this functionality on shared device and is presently limited to:
- Managed Google Play Account customers using Android Enterprise (AE).
The Admin Use Case and Customer Requirement
Administrators often need to manage shared devices, performing tasks that require signing in and out of different accounts. This capability would enhance security and provide better management of shared resources. For instance:
- Security Management: Ensuring that sensitive admin sessions do not remain active, reducing the risk of unauthorized access.
- Resource Allocation: Facilitating the switching between different admin roles or accounts on the same device.
- Compliance: Adhering to organizational policies that require distinct session management for different admin tasks.
This feature has emerged as a critical requirement from our customers. The demand underscores the need for uniform functionality across all customer segments, ensuring that both end-users and admins can benefit from enhanced security and usability features.
Use Cases
- User Leaves the Company: When an employee leaves the company, the admin may not have the password for the shared device. In such cases, the admin needs the ability to sign in with another user account, ensuring continuous and secure access to the device without disruption. This prevents potential security breaches and maintains device usability.
- User Forgets Login Information: If a user forgets their login information, the admin can step in and sign in using a newly created user account. This feature minimizes downtime and ensures that the device remains functional and accessible, thus maintaining productivity within the organization.
- User Forgets to Sign-out: If a user forgets to sign-out of a shared device, it can pose a security risk, as the next user may inadvertently gain access to sensitive information. In such cases, the admin can remotely sign out the user and ensure that the device is ready for the next person to sign in securely. This feature helps maintain privacy and prevents unauthorized access, ensuring that only the intended user has access to the device at any given time.
- New User Sign-in: When a new user needs to access a shared device, the admin can easily sign them in with the new credentials. This capability ensures that the device can be quickly assigned and accessed by the new user without any delays, optimizing the use of shared resources within the organization.
Performing Sign-In and Sign-Out Actions
The implementation of sign-in and sign-out actions for admins in the MaaS360 portal streamlines the management of shared devices. Here’s how admins can perform these actions:
Sign-In Action
- Access the MaaS360 Portal: Admins log in to the MaaS360 portal using their credentials.
- Navigate to Device Inventory: Within the portal, navigate to the device inventory section where all managed devices are listed.
- Select the Target Device: Choose the specific shared device that requires admin intervention.
- Initiate Remote Sign-In Action: Click on the Remote sign-in action button. A prompt will appear to enter the user credentials.
5. Assign User:
- Enter the credentials of the new user and click on ‘submit’. Now the created new user will be signed in on the device.
- Or enter the credentials of the existing valid user and click on ‘submit’. Now the assigned user will be signed in on the device.
Sign-Out Action
- Access the MaaS360 Portal: Admins log in to the MaaS360 portal using their credentials.
- Navigate to Device Inventory: Within the portal, navigate to the device inventory section where all managed devices are listed.
- Select the Target Device: Choose the specific shared device that needs to be signed out.
- Initiate Remote Sign-Out Action: Click on the Remote sign-out action button. This will sign out the current user.
- Confirm Sign-Out: The device will confirm the sign-out action and return to a state where it is ready for a new user to sign in.
Conclusion
Introducing sign-in and sign-out actions for admins in shared devices within MaaS360 is a critical enhancement that improves security, usability, and aligns with customer needs, ensuring a seamless and secure user experience across all environments.