Abstract: Disclosed are various examples for Internet of Things (IoT) device discovery and deployment. In some embodiments, a device identifier is received from an IoT device. The IoT device is determined, based on the device identifier, to be associated with a device account with a management service. An enrollment of the IoT device is performed. A capabilities declaration is received from the IoT device. IoT device instructions are determined based on the capabilities declaration. IoT device instructions are transmitted to the IoT device, causing it to perform a capability specified in the capabilities declaration.

Abstract: Disclosed are various approaches for relaying and caching authentication credentials. A single sign-on (SSO) token is received, the SSO token representing a user account authenticated with an identity manager. An authentication request is then sent to a service that is federated with the identity manager in response to receipt of the SSO token, the authentication request including the SSO token. An access token is received in response to the authentication request, the access token providing access to the service for the user account authenticated with the identity manager for a predefined period of time. The access token and a link between the access token and the SSO token are then cached.

Abstract: Disclosed are various approaches for polling federated services for notifications. A request for an access token for a federated service is sent to an authentication service. The access token for the federated service is received from the authentication service. A query is sent to the federated service for a notification, the query comprising the access token. The notification is received from the federated service.

Abstract: Disclosed are various approaches for workflow service back end integration. In some examples, a data request is received. The request is associated with a network service. A single sign-on (SSO) token is received. The SSO token represents a user account authenticated with an identity manager. Authentication data for the network service is identified based on the SSO token. The authentication data can specify an authentication site of the network service. A navigation action is automatically performed on the authentication site. The requested data is received. A command to present on a client device the data is transmitted to the client device.

Abstract: Disclosed are various approaches for workflow service back end integration. In some examples, an event is detected. The event is associated with an enterprise. A workflow action to perform is identified based on event. A user account is identified using at least one of the workflow action and the event. A command to present the workflow action is transmitted to a client device. A user indication to perform the workflow action is identified. Authentication data for the network service is identified based on a single sign-on (SSO) token associated with the user account. The workflow action is automatically performed using the network service. An authentication with the network service is completed based on the authentication data.

Abstract: Disclosed are various approaches for workflow service back end integration. In some examples, a service request is identified. The service request is associated with a network service. A single sign-on (SSO) token is received. The SSO token represents a user account authenticated with an identity manager. Authentication data for the network service is identified based on the SSO token. A hosting location of a connector for the network service is identified based on the authentication data. An authentication header is appended to the service request. The service request with the authentication header is transmitted to the connector.

Abstract: Disclosed are various examples for Internet of Things (IoT) device discovery and deployment. In some embodiments, a device identifier is received from an IoT device. The IoT device is determined, based on the device identifier, to be associated with a device account with a management service. An enrollment of the IoT device is performed. A capabilities declaration is received from the IoT device. IoT device instructions are determined based on the capabilities declaration. IoT device instructions are transmitted to the IoT device, causing it to perform a capability specified in the capabilities declaration.

Abstract: Examples for detecting a compromised device are described. A set of threat detection rules can instruct an application on the client device how to detect whether the client device is compromised. The rules can be updated dynamically and without updating the application that is performing the compromise detection. The rules can be encoded in an interpreted scripting language and executed by a runtime environment that is embedded within the application.

Abstract: Disclosed are various approaches for polling federated services for notifications. A request for an access token for a federated service is sent to an authentication service. The access token for the federated service is received from the authentication service. A query is sent to the federated service for a notification, the query comprising the access token. The notification is received from the federated service.

Abstract: Disclosed are various approaches for relaying and caching authentication credentials. A single sign-on (SSO) token is received, the SSO token representing a user account authenticated with an identity manager. An authentication request is then sent to a service that is federated with the identity manager in response to receipt of the SSO token, the authentication request including the SSO token. An access token is received in response to the authentication request, the access token providing access to the service for the user account authenticated with the identity manager for a predefined period of time. The access token and a link between the access token and the SSO token are then cached.

Abstract: A communications system including a plurality of mobile user computing devices, and a service provider subsystem for enabling communications between any of the mobile user computing devices and enterprise network systems. The service provider subsystem has a plurality of clusters strategically distributed across at least one geographical region and interconnected by a global services bus. Each of the clusters includes a plurality of nodes interconnected to a distributed memory storage bus. Each of the nodes includes a service manager module for monitoring services available to the node, a service access point module for enabling communications between the node and enterprise network systems, a client access point module for enabling communications between the node and at least one of the mobile user computing devices, and a message control point module for managing communications between the client access point module and the service access point module.

Abstract: A communications system including a plurality of mobile user computing devices, and a service provider subsystem for enabling communications between any of the mobile user computing devices and enterprise network systems. The service provider subsystem has a plurality of clusters strategically distributed across at least one geographical region and interconnected by a global services bus. Each of the clusters includes a plurality of nodes interconnected to a distributed memory storage bus. Each of the nodes includes a service manager module for monitoring services available to the node, a service access point module for enabling communications between the node and enterprise network systems, a client access point module for enabling communications between the node and at least one of the mobile user computing devices, and a message control point module for managing communications between the client access point module and the service access point module.

Abstract: In a multipoint control unit for conferencing audiovisual terminals, conference participants are greeted with audio and video welcome messages and then placed in an automated queue. The automated queue is a holding queue from which a conference operator can select the next available conference participant in the queue and conduct a subconference. Apparatus in the multipoint control unit includes a memory for storing video data and a processor coupled to the memory for controlling playback of the video data to a connected terminal during conference setup.

Abstract: In a multipoint control unit for conferencing audiovisual terminals, conference participants are greeted with audio and video welcome messages and then placed in an automated queue. The automated queue is a holding queue from which a conference operator can select the next available conference participant in the queue and conduct a subconference. Apparatus in the multipoint control unit includes a memory for storing video data and a processor coupled to the memory for controlling playback of the video data to a connected terminal during conference setup.