User Authentication
When enrolling devices through invites, there are high chances any one who can access the enrollment link can enroll their device. To prevent this, MDM provides you with authentication. Authenticating a user ensures only the designated user can enroll his/her devices, through a particular invite. MDM provides with you with three different types of authenication(Using OTP, using Zoho account and a combination of both), each having its own set of advantages.
Comparison between the authentication methods
PARAMETER | USING OTP | USING DIRECTORY SERVICES | USING BOTH |
---|---|---|---|
Security | Secure | More Secure | Most Secure |
Time taken to enroll a device | Least | More | More |
Scenarios to be used | For product evaluation/testing | For organization already using services leveraging directory | For organizations with stringent security compliance standards |
One-Time Passcode(OTP)
One-Time Passcode(OTP) is a single-use randomly generated passcode, sent along with the enrollment invite for the users to authenticate themselves and proceed with the enrollment. This time-bound passcode is valid only for 7 days and is to be entered when prompted during the enrollment process.
Directory Services
In case you want additional security when compared to OTP, you can opt for authentication using Directory Services, with Zoho Account and Azure currently being supported. Under this method, users need to provide their directory credentials to authenticate and proceed with the enrollment process.
Both Directory Services and OTP
This is the most secure method available for authentication, albeit requires additional steps to be done to enroll the devices. It combines the aforesaid authentication methods into one. Under this method, users first needs to provide their Zoho account/Azure credentials to authenticate themselves, as the first level of authentication. Then in the second level of authentication, they need to provide the OTP given in the enrollment invite and proceed with the enrollment process.