Introducing Easier Registration
Kolide Device Registration is the process by which Kolide associates a device with a person when they first attempt to access an application that is protected by Device Trust.
Registration is a critical process because it’s designed to establish your Kolide agent as a true phishing-resistant possession-based factor, suitable to be used within an authentication flow. To protect it, we require end-users to prove they are already in possession of a previously trusted device before they can register additional devices.
This “proving” step can be onerous, particularly when an end-user isn’t near any previously trusted devices (e.g., mobile devices being the most common case), but it’s absolutely necessary to preserve the chain of trust needed to use Kolide in this way.
But what if you don’t need Kolide to be a possession-based factor? Many of our customers today run Kolide as part of a sequence of multiple possession-based factors and do not want or need the extra protection Kolide provides. They simply want Kolide to encourage their end-users to fix problems on their devices and to prevent users from inadvertently using devices that shouldn’t be allowed for work apps. In this context, our secure registration process feels less like a feature, and more like an obstacle.
Device Trust Level: None
To address this use-case, we’ve introduced a section called Device Trust Level to the Device Registration settings. The default behavior is Trust on First Use, which requires end-users to prove they are in control of at least one other trusted device (except their first one). Now, Kolide administrators with “Full Access” can change this setting to None, which only requires that the user successfully authenticates via their SSO provider to register a device.
Faster Registration
While we were at it, we noticed that even in cases where we didn’t require an end-user to take any additional steps to complete their registration, we were asking them to click a button to complete the process.
Interstitial screens like this are traditionally a bad user experience, so we’ve now streamlined this step to happen automatically. You can see an example of how the flow works below:
For our customers pairing Kolide with Yubikeys and other possession-based factors, we hope these changes make your rollout process with Kolide significantly easier, while preserving your ability to conditionally block access to apps until end-users remediate the problems on their devices.