Dynamic Access to Hosted Applications
US-2017339564-A1 · Nov 23, 2017 · US
Adaptive device enrollment
US11595395B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11595395-B2 |
| Application number | US-202117194457-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 8, 2021 |
| Priority date | Nov 21, 2017 |
| Publication date | Feb 28, 2023 |
| Grant date | Feb 28, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Examples described herein include systems and methods for dynamically determining enrollment requirements and enrolling a user device into a management system. The systems and methods can differ based on the type and version of operating system executing on the user device. With some operating systems, enrollment can be completed through a single application that performs other functionality, such providing single-sign-on access to enterprise resources. With other operating systems, enrollment can be completed by pausing the first application and requiring installation of an agent application to complete enrollment. The determination of how and when to enroll a user device can be done automatically and can be based on an organizational group to which the user belongs.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for dynamically determining enrollment requirements and enrolling a user device into a management system, comprising: receiving user credentials at an application installed on the user device, the application not being an agent application dedicated to performing device enrollment; based on the user credentials, receiving a determination as to whether the user device is eligible to directly enroll with the management system or requires a dedicated agent application be downloaded to the user device to enroll with the management system without using the application for enrollment; if the user device is eligible to directly enroll with the management system, requesting an assessment by a management server that the user device is allowed to enroll at the management server; receiving the assessment that the user device is allowed to enroll directly with the management server without the use of the dedicated agent application; and enrolling, by the application, the user device with the management server, including sending policies from the management server to the application for enforcement at the user device by the application. 2. The method of claim 1 , further comprising receiving a determination as to whether an operating system of the user device requires an enterprise feature to be enabled in order to perform direct enrollment, and if so, confirming that the enterprise feature has been enabled for the user device. 3. The method of claim 1 , wherein the assessment is based, at least in part, on restrictions stored at the management server. 4. The method of claim 1 , further comprising: receiving, at the application, an identification of an organizational group to which a user belongs. 5. The method of claim 4 , wherein receiving an identification of an organizational group to which the user belongs comprises requesting a lookup of the organizational group, based on an email address associated with the user, and receiving a result of the lookup. 6. The method of claim 4 , wherein the assessment as to whether the user device is allowed to directly enroll with the management system is based, at least in part, on the organizational group to which the user belongs. 7. The method of claim 6 , wherein if the user device is not allowed to directly enroll with the management system based on the identified organizational group, performing stages comprising: requesting a list of child organizational groups available for the identified organizational group; receiving, from the user, an indication of at least one of the child organizational groups to which the user belongs; receiving a determination as to whether the at least one indicated child organizational group enables the user device to directly enroll with the management system; and if the at least one indicated child organizational group enables the user device to directly enroll with the management system, requesting the assessment by the management server that the user device is allowed to enroll at the management server. 8. A non-transitory, computer-readable medium comprising instructions that, when executed by a processor of a user device, perform stages for dynamically determining enrollment requirements and enrolling the user device into a management system, the stages comprising: receiving user credentials at an application installed on the user device, the application not being an agent application dedicated to performing device enrollment; based on the user credentials, receiving a determination as to whether the user device is eligible to directly enroll with the management system or requires a dedicated agent application be downloaded to the user device to enroll with the management system without using the application for enrollment; if the user device is eligible to directly enroll with the management system, requesting an assessment by a management server that the user device is allowed to enroll at the management server; receiving the assessment that the user device is allowed to enroll directly with the management server without the use of the dedicated agent application; and enrolling, by the application, the user device with the management server, including sending policies from the management server to the application for enforcement at the user device by the application. 9. The non-transitory, computer-readable medium of claim 8 , further comprising receiving a determination as to whether an operating system of the user device requires an enterprise feature to be enabled in order to perform direct enrollment, and if so, confirming that the enterprise feature has been enabled for the user device. 10. The non-transitory, computer-readable medium of claim 8 , wherein the assessment is based, at least in part, on restrictions stored at the management server. 11. The non-transitory, computer-readable medium of claim 8 , further comprising: receiving, at the application, an identification of an organizational group to which a user belongs. 12. The non-transitory, computer-readable medium of claim 11 , wherein receiving an identification of an organizational group to which the user belongs comprises requesting a lookup of the organizational group, based on an email address associated with the user, and receiving a result of the lookup. 13. The non-transitory, computer-readable medium of claim 11 , wherein the assessment as to whether the user device is allowed to directly enroll with the management system is based, at least in part, on the organizational group to which the user belongs. 14. The non-transitory, computer-readable medium of claim 13 , wherein if the user device is not allowed to directly enroll with the management system based on the identified organizational group, performing stages comprising: requesting a list of child organizational groups available for the identified organizational group; receiving, from the user, an indication of at least one of the child organizational groups to which the user belongs; receiving a determination as to whether the at least one indicated child organizational group enables the user device to directly enroll with the management system; and if the at least one indicated child organizational group enables the user device to directly enroll with the management system, requesting the assessment by the management server that the user device is allowed to enroll at the management server. 15. A system for dynamically determining enrollment requirements and enrolling a user device into a management system, comprising: a user device having a processor, a display, and a memory storage; wherein the memory storage contains a non-transitory, computer-readable medium comprising instructions that, when executed by the processor, carry out stages comprising: receiving user credentials at an application installed on the user device, the application not being an agent application dedicated to performing device enrollment; based on the user credentials, receiving a determination as to whether the user device is eligible to directly enroll with the management system or requires a dedicated agent application be downloaded to the user device to enroll with the management system without using the application for enrollment; if the user device is eligible to directly enroll with the management system, requesting an assessment by a management server that the user device is allowed to enroll at the management server; receiving the assessment that the user device is allowed to enroll directly with the management server without the use of the dedicated agent application; and enrolling,
Assignees
Inventors
Classifications
- H04L63/101Primary
Access control lists [ACL] · CPC title
- G06Q50/18Primary
Legal services · CPC title
Installation · CPC title
using tickets, e.g. Kerberos (cryptographic mechanisms or cryptographic arrangements for entity authentication using tickets or tokens H04L9/3213) · CPC title
providing single-sign-on or federations · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11595395B2 cover?
- Examples described herein include systems and methods for dynamically determining enrollment requirements and enrolling a user device into a management system. The systems and methods can differ based on the type and version of operating system executing on the user device. With some operating systems, enrollment can be completed through a single application that performs other functionality, s…
- Who is the assignee on this patent?
- Vmware Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/101. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Feb 28 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).