Abstract: Disclosed are various examples for transferring device identifying information during authentication. An enrollment request is received from a management component executed by a client device. A management service generates a unique device identifier for the client device and embeds it within a certificate to generate a device-identifying certificate. The management service instructs a certificate authority service to generate a public key that includes the unique device identifier and a private key for the client device, and provides the device-identifying certificate and the private key to the client device.

Abstract: Systems and techniques are described for authenticating a user. A described technique includes receiving, by an identity management application running on a user computer, a request to authenticate a user to access a user application using the user computer. The technique includes determining, by the identity management application, that a mobile device associated with the user is connected to the user computer using a short distance wireless connection. The technique includes requesting, by the identity management application running on the user computer, authentication information for the user from the mobile device over the short distance wireless connection. The technique includes receiving, by the identity management application running on the user computer, the authentication information for the user from the mobile device over the short distance wireless connection.

Abstract: Disclosed are various examples for transferring device identifying information during authentication. In some examples, an authentication request is transmitted to an identity manager. Instructions to negotiate a ticket are received from the identity manager. A ticket is negotiated from a key distribution center using a certificate comprising a unique device identifier of the client device. The unique device identifier is embedded in the ticket by the key distribution center based on verification that the certificate is valid. Authentication of the client device is completed through the identity manager using the ticket.

Abstract: Disclosed are various examples for transferring device identifying information during authentication. In some examples, an authentication request is transmitted to an identity manager. Instructions to negotiate a ticket are received from the identity manager. A ticket is negotiated from a key distribution center using a certificate comprising a unique device identifier of the client device. The unique device identifier is embedded in the ticket by the key distribution center based on verification that the certificate is valid. Authentication of the client device is completed through the identity manager using the ticket.

Abstract: Systems and techniques are described for authenticating a user. A described technique includes receiving, by an identity management application running on a user computer, a request to authenticate a user to access a user application using the user computer. The technique includes determining, by the identity management application, that a mobile device associated with the user is connected to the user computer using a short distance wireless connection. The technique includes requesting, by the identity management application running on the user computer, authentication information for the user from the mobile device over the short distance wireless connection. The technique includes receiving, by the identity management application running on the user computer, the authentication information for the user from the mobile device over the short distance wireless connection.

Abstract: Disclosed are various examples for determining whether a client device complies with compliance rules while authenticating a user account. A client certificate can include an identifier corresponding to a client device. An identity provider can extract the identifier while authenticating the user account. The identity provider can determine whether the client device complies with compliance rules prior to authenticating the user account on the client device.

Abstract: Systems and techniques are described for authenticating a user. A described technique includes receiving, by an identity management application running on a user computer, a request to authenticate a user to access a user application using the user computer. The technique includes determining, by the identity management application, that a mobile device associated with the user is connected to the user computer using a short distance wireless connection. The technique includes requesting, by the identity management application running on the user computer, authentication information for the user from the mobile device over the short distance wireless connection. The technique includes receiving, by the identity management application running on the user computer, the authentication information for the user from the mobile device over the short distance wireless connection.

Abstract: Systems and techniques are described for authenticating a user. A described technique includes receiving, by an identity management application running on a user computer, a request to authenticate a user to access a user application using the user computer. The technique includes determining, by the identity management application, that a mobile device associated with the user is connected to the user computer using a short distance wireless connection. The technique includes requesting, by the identity management application running on the user computer, authentication information for the user from the mobile device over the short distance wireless connection. The technique includes receiving, by the identity management application running on the user computer, the authentication information for the user from the mobile device over the short distance wireless connection.

Abstract: Disclosed are various examples for determining whether a client device complies with compliance rules while authenticating a user account. A client certificate can include an identifier corresponding to a client device. An identity provider can extract the identifier while authenticating the user account. The identity provider can determine whether the client device complies with compliance rules prior to authenticating the user account on the client device.