SELECTIVELY ENABLING MULTI-FACTOR AUTHENTICATION FOR MANAGED DEVICES
0 Assignments
0 Petitions
Accused Products
Abstract
Disclosed are various examples of selectively enabling multi-factor authentication for applications on managed devices. An identity provider receives an authentication request for a first client application executed in a managed client device. The authentication request includes a first authentication factor corresponding to a management credential. The identity provider then determines whether one or more second authentication factors should be requested. If so, the identity provider then requests the second authentication factor(s) from a second client application. The identity provider receives the second authentication factor(s) from the second client application. The identity provider then authenticates the first client application in response to verifying the first authentication factor and the second authentication factor(s).
23 Citations
40 Claims
- 1. -20. (canceled)
-
21. A non-transitory computer-readable medium containing instructions that, when executed by the at least one computing device, cause the at least one computing device to perform stages comprising:
-
receiving an authentication request from a managed client device, the authentication request including a first authentication factor corresponding to a single sign-on (“
SSO”
) credential, wherein the SSO credential is downloaded to the managed client device during or after enrollment with a device management service;determining, at an identity provider service separate from the managed client device, whether at least one second authentication factor should be requested; and in response to determining that the at least one second authentication factor should be requested; requesting the at least one second authentication factor from the managed client device; receiving the at least one second authentication factor from the managed client device; and authenticating the managed client device in response to verifying the first authentication factor and the at least one second authentication factor.
-
-
28. A computing device that executes an identity provider service configured to cause the computing device to perform stages comprising:
-
receiving an authentication request from a managed client device, the authentication request including a first authentication factor corresponding to a single sign-on (“
SSO”
) credential, wherein the SSO credential is downloaded to the managed client device during or after enrollment with a device management service;determining, at an identity provider service separate from the managed client device, whether at least one second authentication factor should be requested; and in response to determining that the at least one second authentication factor should be requested; requesting the at least one second authentication factor from the managed client device; receiving the at least one second authentication factor from the managed client device; and authenticating the managed client device in response to verifying the first authentication factor and the at least one second authentication factor. - View Dependent Claims (29, 30, 32, 33)
-
-
31. The computing device of claim 281, wherein the stages further comprise determining that the at least one second authentication factor should be requested in response to verifying the first authentication factor.
-
34. A method, comprising:
-
receiving an authentication request from a managed client device, the authentication request including a first authentication factor corresponding to a single sign-on (“
SSO”
) credential, wherein the SSO credential is downloaded to the managed client device during or after enrollment with a device management service;determining, at an identity provider service separate from the managed client device, whether at least one second authentication factor should be requested; and in response to determining that the at least one second authentication factor should be requested; requesting the at least one second authentication factor from the managed client device; receiving the at least one second authentication factor from the managed client device; and authenticating the managed client device in response to verifying the first authentication factor and the at least one second authentication factor. - View Dependent Claims (35, 36, 37, 38, 39)
-
-
40. The method of claim 341, wherein the authentication request originates at a first client application executing on the managed client device, wherein the at least one second authentication factor is not natively supported by the first client application, and wherein the at least one second authentication factor is requested from a second client application.
Specification