Abstract: Disclosed are various approaches for polling federated services for notifications. A request for an access token for a federated service is sent to an authentication service. The access token for the federated service is received from the authentication service. A query is sent to the federated service for a notification, the query comprising the access token. The notification is received from the federated service.

Abstract: Disclosed are various approaches for workflow service back end integration. In some examples, a workflow service identifies a workflow action and a user account that is responsible for the workflow action. A command to present the workflow action for user authorization is transmitted to a client device associated with the user account. The workflow service transmits a command to perform the workflow action based on an identification of the user authorization.

Abstract: Examples for detecting a compromised device are described. A set of threat detection rules can instruct an application on the client device how to detect whether the client device is compromised. The rules can be updated dynamically and without updating the application that is performing the compromise detection. The rules can be encoded in an interpreted scripting language and executed by a runtime environment that is embedded within the application.

Abstract: Disclosed are various approaches for workflow service back end integration. In some examples, a hosting location is identified for a connector that handles communications with a network service. Authentication information that is selected based on the hosting location of the connector is appended to a service request. The authentication information includes a service credential that the connector uses to authenticate with the network service, if the connector is hosted locally to the workflow service. The authentication information includes instructions for the connector to retrieve the service credential from an enterprise-hosted data store, if the connector is hosted external to the workflow service. The service request is then transmitted with the selected authentication information.

Abstract: Disclosed are various approaches for relaying and caching authentication credentials. A single sign-on (SSO) token is received, the SSO token representing a user account authenticated with an identity manager. An authentication request is then sent to a service that is federated with the identity manager in response to receipt of the SSO token, the authentication request including the SSO token. An access token is received in response to the authentication request, the access token providing access to the service for the user account authenticated with the identity manager for a predefined period of time. The access token and a link between the access token and the SSO token are then cached.

Abstract: Disclosed are various examples of device and management service integration using a device connector service that acts as a proxy. The device connector service can receive a device communication that is relayed by a device connector client executed on an edge device. The device communication includes device connector authentication data, and a device identifier for a device. The device communication is modified into a modified device communication that includes management service authentication data, and a management unique device identifier (UDID) that is different from the device identifier. The device connector service transmits the modified device communication to a management service.

Abstract: Disclosed are various examples for Internet of Things (IoT) device discovery and deployment. In some embodiments, a device identifier is received from an IoT device. The IoT device is determined, based on the device identifier, to be associated with a device account with a management service. An enrollment of the IoT device is performed. A capabilities declaration is received from the IoT device. IoT device instructions are determined based on the capabilities declaration. IoT device instructions are transmitted to the IoT device, causing it to perform a capability specified in the capabilities declaration.

Abstract: Disclosed are various examples of device and management service integration using a device connector service that acts as a proxy. The device connector service can receive a device communication that is relayed by a device connector client executed on an edge device. The device communication includes device connector authentication data, and a device identifier for a device. The device communication is modified into a modified device communication that includes management service authentication data, and a management unique device identifier (UDID) that is different from the device identifier. The device connector service transmits the modified device communication to a management service.

Abstract: Disclosed are various approaches for workflow service back end integration. In some examples, a command is transmitted causing a client device to present a workflow action to perform. A user command to perform the workflow action is identified using the client device. Authentication data including user credentials and a navigation action for a visual user interface is identified. The user credentials are transmitted to the network service and an emulation of the navigation action is performed. A command that performs the workflow action is transmitted to the network service.

Abstract: Disclosed are various approaches for workflow service back end integration. In some examples, a workflow service identifies a workflow action and a user account that is responsible for the workflow action. A command to present the workflow action for user authorization is transmitted to a client device associated with the user account. The workflow service transmits a command to perform the workflow action based on an identification of the user authorization.

Abstract: Disclosed are various approaches for workflow service back end integration. In some examples, an event is detected. The event is associated with an enterprise. A workflow action to perform is identified based on event. A user account is identified using at least one of the workflow action and the event. A command to present the workflow action is transmitted to a client device. A user indication to perform the workflow action is identified. Authentication data for the network service is identified based on a single sign-on (SSO) token associated with the user account. The workflow action is automatically performed using the network service. An authentication with the network service is completed based on the authentication data.

Abstract: Disclosed are various approaches for workflow service back end integration. In some examples, a data request is received. The request is associated with a network service. A single sign-on (SSO) token is received. The SSO token represents a user account authenticated with an identity manager. Authentication data for the network service is identified based on the SSO token. The authentication data can specify an authentication site of the network service. A navigation action is automatically performed on the authentication site. The requested data is received. A command to present on a client device the data is transmitted to the client device.

Abstract: Disclosed are various approaches for workflow service back end integration. In some examples, a hosting location is identified for a connector that handles communications with a network service. Authentication information that is selected based on the hosting location of the connector is appended to a service request. The authentication information includes a service credential that the connector uses to authenticate with the network service, if the connector is hosted locally to the workflow service. The authentication information includes instructions for the connector to retrieve the service credential from an enterprise-hosted data store, if the connector is hosted external to the workflow service. The service request is then transmitted with the selected authentication information.

Abstract: Examples for detecting a compromised device are described. A set of threat detection rules can instruct an application on the client device how to detect whether the client device is compromised. The rules can be updated dynamically and without updating the application that is performing the compromise detection. The rules can be encoded in an interpreted scripting language and executed by a runtime environment that is embedded within the application.

Abstract: Disclosed are various approaches for workflow service back end integration. In some examples, a service request is identified. The service request is associated with a network service. A single sign-on (SSO) token is received. The SSO token represents a user account authenticated with an identity manager. Authentication data for the network service is identified based on the SSO token. A hosting location of a connector for the network service is identified based on the authentication data. An authentication header is appended to the service request. The service request with the authentication header is transmitted to the connector.

Abstract: Disclosed are various examples of device and management service integration using a device connector service that acts as a proxy. The device connector service can receive a device identifier for a device, and an enterprise identifier, and generate a management unique device identifier (UDID) using these values. The management UDID can be used in an enrollment request that enrolls the device with the management service. Device data including a device configuration can be received from the management service, and the device configuration can be relayed to a device connector client to apply the device configuration to the device.

Abstract: Examples for detecting a compromised device are described. A set of threat detection rules can instruct an application on the client device how to detect whether the client device is compromised. The rules can be updated dynamically and without updating the application that is performing the compromise detection. The rules can be encoded in an interpreted scripting language and executed by a runtime environment that is embedded within the application.

Abstract: Disclosed are various examples for Internet of Things (IoT) device discovery and deployment. In some embodiments, a device identifier is received from an IoT device. The IoT device is determined, based on the device identifier, to be associated with a device account with a management service. An enrollment of the IoT device is performed. A capabilities declaration is received from the IoT device. IoT device instructions are determined based on the capabilities declaration. IoT device instructions are transmitted to the IoT device, causing it to perform a capability specified in the capabilities declaration.

Abstract: Disclosed are various approaches for relaying and caching authentication credentials. A single sign-on (SSO) token is received, the SSO token representing a user account authenticated with an identity manager. An authentication request is then sent to a service that is federated with the identity manager in response to receipt of the SSO token, the authentication request including the SSO token. An access token is received in response to the authentication request, the access token providing access to the service for the user account authenticated with the identity manager for a predefined period of time. The access token and a link between the access token and the SSO token are then cached.

Abstract: Disclosed are various approaches for polling federated services for notifications. A request for an access token for a federated service is sent to an authentication service. The access token for the federated service is received from the authentication service. A query is sent to the federated service for a notification, the query comprising the access token. The notification is received from the federated service.