Device Management in User Portal

Introduction

To reduce the administrative overhead on IT teams, organizations aim to provide end users with the ability to manage their own devices via a self-service portal. This capability is intended to complement existing access to applications. While the use of features such as Single Sign-On (SSO) may vary across organizations, enabling basic device management for end users helps streamline support operations.

Introducing Device Management in the User Portal. The objective is to extend the existing user portal to include device management functionalities.

Prerequisites

• The user(s) should be migrated to OneIdP.

• The user(s) should be in the User Group on the Scalefusion dashboard.

• The User Group must have a profile assigned to it on the Scalefusion dashboard.

Configure Device Management features

1. Enable Device Management Features: This setting allows users to view their enrolled devices and configure actions such as Refresh, Reboot, lock the device, and many more.

   1. Navigate to OneIdP > User Portal > General Settings > Device Management.
      

      

   2. Click the Edit button to configure the Device Management features.

   3. Admins have control over what end users can view and which actions they can perform. A user can only see their device if the admin enables the feature, and can perform specific actions only if the corresponding settings (flags) are turned on.

   4. Once configured, click Save.
      

      

2. In the User Portal, users can view their device details by selecting the corresponding device name.
   

   

   1. Users will be taken to a device preview page that displays key device information along with location details.
      

      

   2. Selecting the gear icon reveals the actions available to the user, based on permissions granted by the administrator.
      

      

   3. The Full Device Information section provides additional details, including device management information, device specifications, network and storage data, etc.
      

      

Note:

1. The Device Management features will work only if the enrolled device(s) support it.

Note:

Users will see all the devices that they have enrolled or have been assigned to them.

A. Allow Users to Enroll Devices

1. Enabling this option will allow users to enroll their devices.

2. In the Devices section in the User Portal, users will see an Enroll button.
   

   

3. Clicking this button opens a pop-up window with enrollment instructions for Android, iOS/iPadOS, macOS, and Windows. From here, users can enroll their devices or send the enrollment instructions via email.
   

   

Note:

Users can easily enroll their personal Android and iOS devices (BYOD) through the User Portal. They can also enroll their company-provided Mac and Windows devices.

B. Allow user to view BitLocker / FileVault Key

1. Enabling this option will allow users to view the BitLocker / FileVault Key on their Windows/ Mac devices, respectively.

   1. Navigate to the My Devices section in User Portal > click the device name for which you want to view the key.
      

      

   2. You will be greeted with a device preview similar to what Admins see on the Scalefusion dashboard.

   3. Click the gear icon > click Full Device Information.
      

      

   4. Go to the Storage Info tab to view the Recovery key and other details.
      

      

5. To view the key, users must enter their User Portal login password. If the user’s identity provider is anything other than OneIdP, OPC, or Google LDAP, they will not be prompted to enter a password.
   

   

C. Allow users to view Location History

1. Enabling this option will allow users to view the location history of their devices.

   1. Navigate to the My Devices section in User Portal > click the device name for which you want to view the location history.
      

      

   2. You will be greeted with a device preview similar to what Admins see on the Scalefusion dashboard.

   3. On this page, you will see the current device location.
      

      

   4. Clicking the red icon in the maps view will show a detailed location history on the device.
      

      

D. Allow user to Restart, Turn off, Lock Device & Mark as Lost

1. When enabled, this setting grants users visibility into the controls required to perform the specified actions.

   1. Navigate to the My Devices section in User Portal > click the device name for which you want to view the different actions.
      

      

   2. Click the gear icon to view the actions.
      

      

E. Allow users to reset passwords on their managed mobile devices

1. When enabled, this setting grants users visibility into the control required to perform the specified action.

   1. Navigate to the My Devices section in User Portal > click the device name for which you want to reset the password.
      

      

   2. Click the gear icon to view the action.
      

      

F. Allow user to delete enrolled personal mobile devices (BYO)

1. When enabled, this setting grants users visibility into the control required to perform the specified action.

   1. Navigate to the My Devices section in User Portal > click the device name that you want to delete.
      

      

   2. Click the gear icon to view the action.
      

      

Note:

To delete the device, users must enter their User Portal login password. If the user’s identity provider is anything other than OneIdP, OPC, or Google LDAP, they will not be prompted to enter a password.

Reporting

Admins will have access to a detailed report that logs all actions performed by users within the User Portal, in the Reports section.

1. In the Account Activity Report, all relevant activities will be displayed under the 'Self-Service Portal' filter.
   

   

2. In the OneIdP Activity Report, all relevant activities will be displayed under the 'User Portal' filter.