Contents

New Feature: Limit Repeat End-User Notifications

May 20th, 2024

When Device Trust first launched, Kolide would always warn end-users about failing Checks on their device that, if left unchecked, could block the user. This warning would appear for each new sign-in attempt, even if the attempt happened just a few minutes ago. For end-users, this was tiresome, particularly when their organization requires them to sign into their SSO provider frequently.

Late last year, we introduced a change that would automatically skip these repetitive warnings during the sign-in flow if they occurred within a hard-coded 24-hour period.

While this alleviated the repetitiveness of the notifications, we never introduced a configuration surface to control this behavior so that organizations could opt out of it if they wished. Additionally, there were some edge cases where we were skipping warnings for recently re-configured checks.

We are excited to share that we’ve shipped a new admin settings screen called End-User Remediation.

By default, after warning once, Kolide will skip the warning/notification phase of authentication for 12 hours (as long as no new checks have failed).

This new screen allows you to enable or disable this behavior and change the duration in which Kolide will skip the notifications. It’s important to note that with this change we’ve improved the default value to 12 hours (from 24 hours) as that’s a better time period to avoid repeat notifications during a standard workday.

In addition, we now log explicit events in the Auth Logs (skipped_device_will_block and skipped_device_notified) when auth-based warnings are skipped.

It’s important to note that these settings do not change the behavior of our out-of-band notifications via the Kolide agent’s menubar app.

We hope that this feature helps all of our administrators feel confident in both understanding and controlling the Device Trust login and remediation flow.