HexCon is coming to NYC. Catch the early-bird price before the time's up! Book me a spot
Connect
Ask Community
Ask the community
Ask Community
  • Home
  • General
  • Web apps: Authenticating hexnode devices for web apps

Web apps: Authenticating hexnode devices for web appsSolved

Profile photo of jim-johnston
jim-johnston
Participant
Discussion
Hexnode UEM
1 year ago
Save Saved
Copy link
Report

To detect whether a hexnode device is viewing a web app we can use URL parameter wildcards which inject device variables like so:
https://www.hexnode.com/mobile-device-management/help/pass-device-information-from-hexnode-to-the-web-apps-added-in-the-device-through-wildcards-faqs/

For example, we could use the wildcard to check against the UDID of a device to determine if a client is a hexnode device and its location. But what if the UDID was to be leaked, anyone could just enter the UDID string and access the web app as that device.

My question is what ways can we authenticate hexnode devices on web apps securely? (preferably without user intervention)

Thanks!

0 Upvotes
503 Views

Tags

API (24)
Reply

Replies (3)

Oldest First
Oldest First
Newest First
Most Upvoted First
Marked SolutionPending Review
Profile photo of chloe_edison Hexnode Expert image
chloe_edison
Hexnode Expert
1 year ago
Marked SolutionPending Review
Copy link
Report

Hello @jim-johnston, welcome to Hexnode Community!

Yes, you’re right. UDID or any such device information does stand the chance of getting leaked. Maybe you could try a combination of device information, like, say, Device ID, Serial Number and IMEI number? (http://example.com/%deviceid%/%serialnumber%/%devicename%/%imei%)

I know it isn’t ideal and doesn’t guarantee secure authentication, but we do not have a feasible solution for it as yet. You could create a combination known only to Hexnode admins and keep changing it regularly to reduce the chances of unsolicited access to the web app. For instance, http://example.com/%deviceid%/%serialnumber%/%devicename%/%imei%/%assettag% is one of the many possible combinations.

Please get back to us in case of further queries.

Regards,
Chloe Edison
Hexnode UEM

2 Upvotes
Reply
Marked SolutionPending Review
Profile photo of jim-johnston Novice image
jim-johnston
Participant
1 year ago
Marked SolutionPending Review
Copy link
Report

Thanks Chloe, that clears up a lot for me!

I think I could generate a secret key that changes at some interval and use the API to set this key as a device attribute under the asset tag (like you have in your example).

https://www.hexnode.com/mobile-device-management/developers/actions/edit-device-attribute/

Cool stuff!

Thanks for your help

1 Upvotes
Reply
Marked SolutionPending Review
Profile photo of audrey-black Hexnode Expert image
audrey-black
Hexnode Expert
1 year ago
Marked SolutionPending Review
Copy link
Report

Hey @jim-johnston,

Although I am not the intended recipient of your gratitude, I must say, it still made my day.

Chloe is on vacation right now, and unable to receive your gratitude directly. But I promise to promptly relay the message to her.

In the meantime, if you have any more questions or need further assistance, you can always reach out to us.

Best Regards,
Audrey Black
Hexnode UEM

0 Upvotes
Reply
Load more
Related Topics

Leaderboard

Profile photo of eugene Veteran image
eugene
309 pts
Profile photo of aaron Veteran image
aaron
287 pts
Profile photo of kipp Veteran image
kipp
285 pts
Profile photo of damaris Novice image
damaris
250 pts
Profile photo of _patricia_ Novice image
_patricia_
185 pts
View all

Popular Tags

ABM (25)
Android (268)
iOS (212)
macOS (245)
Windows (144)
Apple TV (15)
App Management (237)
Enrollment (48)
Location (19)
Kiosk (143)
Scripts (52)
DEP (28)
OS Updates (49)
Android Enterprise (58)
View all