Identity management and device enrollment in a cloud service
First Claim
1. A method for enabling data communication between a machine and a remote service application via a network and using an authorization service, the method comprising:
- receiving from a first machine, user-based credential data at an authorization service application via a first network;
providing via the first network an authorization code from the authorization service application to the machine when the user-based credential data is valid;
receiving from the first machine and via the first network, the authorization code and a request for a first access token, and in response, sending the first access token from the authorization service application to the first machine via the first network;
wherein the first machine responsively sends the first access token and an enrollment request to an enrollment service application via a second network, the enrollment request including a request for data access to a cloud-based application, and the enrollment service application sends machine credential data selected by the enrollment service application to the first machine via the second network to permit the first machine later access to the cloud-based application.
2 Assignments
0 Petitions
Accused Products
Abstract
Data communications are enabled between a machine and a remote service application. When user-based credential data is valid, an authorization code is provided from an authorization service application to the machine. The authorization code and a request for a first access token are received and in response, the first access token is sent from the authorization service application to the first machine. The first machine responsively sends the first access token and an enrollment request to an enrollment service application. The enrollment service application sends machine credential data to the first machine to permit the first machine later access to cloud-based applications.
380 Citations
14 Claims
-
1. A method for enabling data communication between a machine and a remote service application via a network and using an authorization service, the method comprising:
-
receiving from a first machine, user-based credential data at an authorization service application via a first network; providing via the first network an authorization code from the authorization service application to the machine when the user-based credential data is valid; receiving from the first machine and via the first network, the authorization code and a request for a first access token, and in response, sending the first access token from the authorization service application to the first machine via the first network; wherein the first machine responsively sends the first access token and an enrollment request to an enrollment service application via a second network, the enrollment request including a request for data access to a cloud-based application, and the enrollment service application sends machine credential data selected by the enrollment service application to the first machine via the second network to permit the first machine later access to the cloud-based application. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus that is configured to enabling data communication between a machine and a remote service application via a network, the apparatus comprising:
-
a network interface device; a processor, the processor coupled to the network interface device; an authorization service application that is executed on the processor, the authorization service application being configured to; receive from a first machine, user-based credential data via the network interface device; provide to the first machine via the network interface device an authorization code when the user-based credential data is valid; receive from the first machine and via the network interface device, the authorization code and a request for a first access token, and in response, send the first access token to the first machine via the network interface device; wherein the first machine responsively sends the first access token and an enrollment request to an enrollment service application via a second network, the enrollment request including a request for data access to a cloud-based application, and the enrollment service application sends machine credential data selected by the enrollment service application to the first machine via the second network to permit the first machine later access to the cloud-based application. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification