Self-Remediation via Okta
Engage end-users during auth to self-remediate issues
Security & Compliance Checks
Monitor your entire Linux, Mac, and Windows fleet
Device Inventory
Your fleet represented in thousands of data points
Implement Zero Trust Access
Prevent unsecure devices from accessing your apps
Achieve 100% Device Compliance
Measure, achieve, and maintain your compliance goals
Gain Fleet Visibility
Become "all knowing" across Linux, Mac, and Windows
Help / Docs Product Changelog App Security Company
From the blog

Blog

Contents

Changelog

Introducing Easier Registration

Jason Meller
May 13th, 2024

Kolide Device Registration is the process by which Kolide associates a device with a person when they first attempt to access an application that is protected by Device Trust.

Registration is a critical process because it’s designed to establish your Kolide agent as a true phishing-resistant possession-based factor, suitable to be used within an authentication flow. To protect it, we require end-users to prove they are already in possession of a previously trusted device before they can register additional devices.

This “proving” step can be onerous, particularly when an end-user isn’t near any previously trusted devices (e.g., mobile devices being the most common case), but it’s absolutely necessary to preserve the chain of trust needed to use Kolide in this way.

But what if you don’t need Kolide to be a possession-based factor? Many of our customers today run Kolide as part of a sequence of multiple possession-based factors and do not want or need the extra protection Kolide provides. They simply want Kolide to encourage their end-users to fix problems on their devices and to prevent users from inadvertently using devices that shouldn’t be allowed for work apps. In this context, our secure registration process feels less like a feature, and more like an obstacle.

Device Trust Level: None

To address this use-case, we’ve introduced a section called Device Trust Level to the Device Registration settings. The default behavior is Trust on First Use, which requires end-users to prove they are in control of at least one other trusted device (except their first one). Now, Kolide administrators with “Full Access” can change this setting to None, which only requires that the user successfully authenticates via their SSO provider to register a device.

Setting the Device Trust Level to “None” will make it much easier for end-users to register their devices in Kolide, with the downside of requiring you to protect your apps with an additional possession-based factor.

Faster Registration

While we were at it, we noticed that even in cases where we didn’t require an end-user to take any additional steps to complete their registration, we were asking them to click a button to complete the process.

Clicking this button to register a device only causes friction where none needs to exist.

Interstitial screens like this are traditionally a bad user experience, so we’ve now streamlined this step to happen automatically. You can see an example of how the flow works below:

Device Registration no longer requires an additional button click before the registration is confirmed.

For our customers pairing Kolide with Yubikeys and other possession-based factors, we hope these changes make your rollout process with Kolide significantly easier, while preserving your ability to conditionally block access to apps until end-users remediate the problems on their devices.

Share this story:

More articles you
might enjoy:

Changelog
Introducing Mobile Checks
Jason Meller
Changelog
Improvements to Rechecking After a Browser Update
Jason Meller
Changelog
Improvement: Add Internal Notes for Requests
Jason Meller
Watch a Demo
Zero Trust Access
Designed for Okta
Watch a Demo