Hexnode Access for Windows: Here’s what you need to know

Lizzie Warren

Nov 21, 2023

10 min read

“One single vulnerability is all an attacker needs”

– Window Snyder, Chief Security Officer, Fastly

It is the primary responsibility of organizations to actively prevent and mitigate any potential vulnerabilities that attackers could exploit. With cyber threats becoming increasingly sophisticated, implementing robust security measures is not only essential but also non-negotiable.
Understanding the pressing need for advanced security solutions, Hexnode UEM is excited to introduce its latest breakthrough feature, Hexnode Access for Windows devices. Designed to meet the demands of organizations, this feature empowers businesses to fortify their device security like never before. So, let’s dive into the exciting capabilities and benefits offered by this feature for Windows devices.

Secure Windows devices using Hexnode UEM

Stepping up the game with Hexnode Access for Windows

Hexnode Access for Windows allows users to utilize their cloud IdP (Identity Provider) credentials, such as from Microsoft Entra ID (formerly known as Azure AD) and Google Workspace, to create user accounts on their Windows devices. With this feature, administrators no longer need to preconfigure user accounts, thereby streamlining the onboarding process and reducing administrative burdens.

From Login to protection: How it works?

Let’s take a deep dive into the inner workings of this feature, allowing us to gain a comprehensive understanding of its functionality. With the help of this feature, users can simply sign in using their existing cloud credentials, enhancing convenience and user experience. The users will thereafter need to authenticate to the local device account. If they’re new users, they will need to set up the password for their newly created local user account.

By implementing this robust authentication mechanism, the system strengthens user identity verification. It also provides an enhanced level of protection for sensitive data and information. Hexnode Access feature also empowers organizations to safeguard their resources and maintain a secure computing environment.

In addition to bolstering security, the Hexnode Access for Windows feature offers administrators the flexibility to customize the Windows login screen for users. This customization feature allows organizations to align the login screen with their branding. IT admins can also add relevant message or create a more personalized user experience using this feature.

A closer look at Cloud IdP credentials

Cloud IdP (Identity Provider) credentials are the authentication details for validating and authenticating user identities in a cloud-based identity management system. Moreover, users can verify their identity and receive access to a variety of resources and services within the cloud ecosystem by using these credentials, which are particular to an identity provider. Microsoft Entra ID and Google Workspace are all examples of popular identity providers.

Although they can also incorporate other authentication variables like tokens or certificates, cloud IdP credentials typically combine a username and password. The identity provider securely manages and stores these credentials, preserving the privacy and integrity of user authentication.

Adopting an Identity Provider for login offers organizations simplified login experiences, centralized user management and seamless integration with cloud services. In fact, it is a smart choice for organizations looking to enhance reliability and streamline operations.

Understanding the mechanism

Let’s now dive deeper into this feature to understand how it works and what it offers! Once users reach the login screen of their Windows device, an additional option will appear for them—logging in with their work account. Here, the configurations made by the IT admin in the Hexnode portal decide the IdP utilized for authentication.

Hexnode offers two IdP for Windows devices: Microsoft Entra ID and Google Workspace. Based on the IdP, the available different configurations in the Hexnode portal are shown in the below image.

hexnode access for windows
Hexnode Access configurations

Important considerations for Microsoft Entra ID Integration with Hexnode Access

When integrating Microsoft Entra ID with Hexnode Access for Windows, there are a few key points to remember:

  • Pre-configured domains: If you opt for one of the pre-configured domains already connected to the Hexnode portal, you can easily link your Microsoft Entra ID domains from the admin tab within the Hexnode portal. Once the policy is applied, user details will be verified through Hexnode’s integration with the Microsoft Entra ID domain.
  • Creating a new app registration: If you need to create a new app registration, this process must be completed within your Microsoft Entra ID account by your organization’s business executives. It is important to note that app registration cannot be initiated from within the Hexnode portal. After creating the app registration in Microsoft Entra ID, you can then provide the specific Client ID, tenant ID, and Client secret within the Hexnode policy. Once the policy is applied, user details will be directly verified through the designated app registration.

Important considerations for Google Workspace Integration with Hexnode Access

When integrating Google Workspace with Hexnode Access for Windows, there are a few key points to remember:

  • Pre-configured domains: If you choose one of the pre-configured domains already connected to the Hexnode portal, this configuration allows for the creation of OAuth credentials in Google Cloud, and the Google Workspace domains will be automatically added to the Hexnode portal. This simplifies the setup process and ensures smooth integration.
  • Creating OAuth credentials in Google Cloud: In cases where you need to create OAuth 2.0 credentials specifically for Hexnode Access in the Google Cloud portal, you can follow the necessary configuration steps. This involves creating the credentials within the Google Cloud portal and assigning the appropriate user roles from Google Cloud.

Know more about OAuth

OAuth stands for “Open Authorization”. This is a widely used authentication protocol that allows users to grant limited access to their protected resources on one website or application to another website or application, without sharing their credentials (such as username and password).

In simpler terms, OAuth enables users to grant permission to a third-party application to access their information or perform actions on their behalf, without revealing their login credentials. This is achieved through the use of access tokens, which are temporary and specific to authorized actions or resources.

For example, when you log in to a website using your Google account, you are often prompted to grant permission for that website to access certain information from your account. OAuth is the underlying technology that enables this secure and controlled sharing of data between different services or applications.

Furthermore, OAuth enhances security by allowing users to control the access permissions granted to third-party applications, reducing the risk of sharing sensitive information unintentionally. It also simplifies the login process for users, as they can use their existing credentials from a trusted identity provider (such as Google) to authenticate themselves across multiple platforms and services.

After configuration: Navigating the path forward

When authentication is successful, users should set a local password for their device’s newly created local account. This will ensure secure future logins where the user must enter the device password as the first layer of authentication. In addition to this, a re-authentication time can be set in the policy. This will determine when the users should enter their Microsoft Entra ID or Google Workspace authentication password. This second layer of authentication adds an extra level of protection, safeguarding sensitive information. This ensures that only authorized individuals gain access to the device. The IT admin can also set the re-authentication time from the Hexnode portal.

Hexnode Access empowers organizations and users alike. By seamlessly integrating Identity Providers, customizing configurations and granting administrative controls, Hexnode UEM ensures that the login experience is not only streamlined but also fortified against potential threats.

Featured resource

Hexnode Windows management solution

Get started with Hexnode’s Windows management solution to improve efficiency, increase productivity, save time and overhead costs of managing your corporate devices.

Download datasheet

What more for IT admins?

There is a multitude of options and capabilities that Hexnode Access for Windows brings to the table for IT administrators. With this feature, admins can enhance their management and personalization capabilities to new heights. Furthermore, Hexnode Access for Windows provides IT admins with the ability to configure the following additional options:

  • Provide a helpful URL for users who encounter login issues, ensuring quick and easy access to assistance when needed.
  • Flexibility to configure scripts that run upon user login, enabling automation and customization tailored to their organization’s requirements.
  • Set a timeout for scripts, ensuring that they automatically terminate after a specified duration, enhancing efficiency and protection.
  • Customize the login window’s appearance, creating a cohesive and branded experience for users.
  • Choose to allow or disable users from resetting their passwords after authenticating their cloud account, providing granular control over security measures.
  • Set limitations on offline access, requiring users to sign in online after a defined period, bolstering data security and mitigating potential risks.

And much more! Hexnode Access for Windows offers a comprehensive suite of features and settings. In fact, this feature will empower IT admins to tailor the login experience. Through this, IT admins can boost productivity and ensure the highest level of security for their organization.

A beginner’s guide to Windows device management

Exploring the benefits

Hexnode Access for Windows offers numerous benefits for organizations. Some of them are:

  • Centralized user management: By utilizing the IdP, organizations can centrally manage user identities, permissions and access controls. IT admins can create, modify and deactivate user accounts from a single console, ensuring consistent and efficient user management.
  • Enhanced security: IdPs support advanced security measures such as multi-factor authentication (MFA), ensuring secure access to resources. By enforcing strong password policies and offering additional authentication factors, this feature significantly reduces the risk of unauthorized access and data breaches.
  • Customization and branding: Hexnode Access for Windows empowers IT administrators to personalize the login page with their organization’s logo, icon and color scheme, effectively reinforcing the company’s brand identity. Moreover, this customization feature enables administrators to create a visually appealing and tailored login experience for users. This will enhance user satisfaction and overall engagement.
  • Scalability and flexibility: This feature is scalable, accommodating organizations of all sizes and adapting to evolving needs, providing a flexible authentication infrastructure. They streamline the login process for users, improve productivity and enhance the overall user experience.

Wrapping up

Hexnode Access for Windows goes beyond simplifying user onboarding and authentication processes. It also serves as a cornerstone of comprehensive security measures and user satisfaction. By seamlessly integrating advanced features, Hexnode Access redefines the landscape of Windows device security. Moreover, Hexnode UEM extends this secure login capability to macOS devices, offering a unified approach to device management and security.

As Hexnode UEM continues to innovate, the industry eagerly anticipates the forthcoming advancements it will bring to the table. With a commitment to device management and security, Hexnode UEM is your go-to solution. So, embrace the future of Hexnode Access and elevate your organization’s security posture with Hexnode UEM’s comprehensive suite of features. Also, stay tuned for more exciting developments! 😉

Lizzie Warren

A lil clumsy and a whole lot smiley, I'll bump into you with a smile...

Share your thoughts