Abstract: This disclosure describes a computer implemented method for receiving authentication credentials identifying a user; identifying computing systems for which the user is authorized access to; and transmitting tokens granting access to the identified computing systems. In some embodiments, no two tokens of the transmitted tokens grants access to the same one of the identified computing systems. The user typically has access to a management tool configured to manage the transmission of the received tokens to the corresponding computing systems, thereby granting the user the ability to have seamless access to any of the computing systems associated with the user's authenticated identity.

Abstract: This disclosure describes a computer implemented method for receiving authentication credentials identifying a user; identifying computing systems for which the user is authorized access to; and transmitting tokens granting access to the identified computing systems. In some embodiments, no two tokens of the transmitted tokens grants access to the same one of the identified computing systems. The user typically has access to a management tool configured to manage the transmission of the received tokens to the corresponding computing systems, thereby granting the user the ability to have seamless access to any of the computing systems associated with the user's authenticated identity.

Abstract: This disclosure describes a computer implemented method for receiving authentication credentials identifying a user; identifying computing systems for which the user is authorized access to; and transmitting tokens granting access to the identified computing systems. In some embodiments, no two tokens of the transmitted tokens grants access to the same one of the identified computing systems. The user typically has access to a management tool configured to manage the transmission of the received tokens to the corresponding computing systems, thereby granting the user the ability to have seamless access to any of the computing systems associated with the user's authenticated identity.

Abstract: In some aspects, a mobile application package is bound to a privileged component of a mobile device operating system. The mobile application package includes a software virtualization layer and a management service component. The software virtualization layer and the management service component are enabled to execute in a privileged mode based on the privileged component. A virtual phone image is downloaded from a management server. A virtual machine based on the virtual phone image is launched by the software virtualization layer.

Abstract: A system and method for granting a user access to one or more resources managed by one or more resource servers may include authenticating a user of an application. An application scope associated with the application may represent resource server(s) and respective resources that the application is configured to access or otherwise consume. A management role associated with the user may represent resource server(s) and respective resources that the user is authorized to access or otherwise consume. An access token may be determined using the application scope and the management role. The access token may represent resource server(s) and respective resources that the user is authorized to access or otherwise consume via the application.

Abstract: In some aspects, a mobile application package is bound to a privileged component of a mobile device operating system. The mobile application package includes a software virtualization layer and a management service component. The software virtualization layer and the management service component are enabled to execute in a privileged mode based on the privileged component. A virtual phone image is downloaded from a management server. A virtual machine based on the virtual phone image is launched by the software virtualization layer.

Abstract: A virtual business mobile device can be provisioned on a personal mobile device, by binding a mobile application for provisioning the business mobile device to a privileged component of a host operating system of the personal mobile device, wherein the binding enables a software virtualization layer and a management service component of the mobile application to execute in a privileged mode. The mobile application is then able to download a virtual phone image for the business mobile device and security-related policy settings relating to use of the business mobile device from a mobile management server, wherein the software virtualization layer is able to launch a virtual machine for the business mobile device based on the virtual phone image. Once the virtual phone image has been downloaded, the management service component initiates a periodic attempt to establish a connection with the mobile management server to comply with the downloaded security-related policy settings.

Abstract: A business environment on a mobile device can be controlled by an enterprise server by receiving identifying information transmitted from a mobile device, wherein the identifying information identifies a user of the mobile device to the enterprise server. A virtual phone template is transmitted to the mobile device, wherein the virtual phone template (i) corresponds to the identifying information, and (ii) is configured to provide the business environment on the mobile device as a virtual machine running on a hypervisor installed on top of a host operating system of the mobile device. The enterprise server then receives a periodic transmission from the mobile device to indicate that the mobile device remains in periodic communication with the enterprise server.

Abstract: A system and method for granting a user access to one or more resources managed by one or more resource servers may include authenticating a user of an application. An application scope associated with the application may represent resource server(s) and respective resources that the application is configured to access or otherwise consume. A management role associated with the user may represent resource server(s) and respective resources that the user is authorized to access or otherwise consume. An access token may be determined using the application scope and the management role. The access token may represent resource server(s) and respective resources that the user is authorized to access or otherwise consume via the application.

Abstract: A virtual business mobile device can be provisioned on a personal mobile device, by binding a mobile application for provisioning the business mobile device to a privileged component of a host operating system of the personal mobile device, wherein the binding enables a software virtualization layer and a management service component of the mobile application to execute in a privileged mode. The mobile application is then able to download a virtual phone image for the business mobile device and security-related policy settings relating to use of the business mobile device from a mobile management server, wherein the software virtualization layer is able to launch a virtual machine for the business mobile device based on the virtual phone image. Once the virtual phone image has been downloaded, the management service component initiates a periodic attempt to establish a connection with the mobile management server to comply with the downloaded security-related policy settings.

Abstract: A virtual business mobile device can be provisioned on a personal mobile device, by binding a mobile application for provisioning the business mobile device to a privileged component of a host operating system of the personal mobile device, wherein the binding enables a software virtualization layer and a management service component of the mobile application to execute in a privileged mode. The mobile application is then able to download a virtual phone image for the business mobile device and security-related policy settings relating to use of the business mobile device from a mobile management server, wherein the software virtualization layer is able to launch a virtual machine for the business mobile device based on the virtual phone image. Once the virtual phone image has been downloaded, the management service component initiates a periodic attempt to establish a connection with the mobile management server to comply with the downloaded security-related policy settings.

Abstract: A virtual business mobile device can be provisioned on a personal mobile device, by binding a mobile application for provisioning the business mobile device to a privileged component of a host operating system of the personal mobile device, wherein the binding enables a software virtualization layer and a management service component of the mobile application to execute in a privileged mode. The mobile application is then able to download a virtual phone image for the business mobile device and security-related policy settings relating to use of the business mobile device from a mobile management server, wherein the software virtualization layer is able to launch a virtual machine for the business mobile device based on the virtual phone image. Once the virtual phone image has been downloaded, the management service component initiates a periodic attempt to establish a connection with the mobile management server to comply with the downloaded security-related policy settings.

Abstract: A graphical user interface to provision business environments on mobile devices presents a navigation panel that displays a virtual phone template menu item and a policy setting menu item. Upon selection of the virtual phone template menu item, a template user interface is presented that enables an administrator to customize virtual phone image templates for users to be delivered to mobile devices that are configured to run the virtual phone image templates as virtual machines on the mobile devices in order to provide a business environment. Upon selection of the policy setting menu item, a policy user interface is presented that enables the administrator to set security policies, wherein each of the security policies specifies a time interval within which a mobile device running a virtual machine corresponding to one of the virtual phone image templates should communicate with an enterprise server to comply with the security policy.

Abstract: A business environment on a mobile device can be controlled by an enterprise server by receiving identifying information transmitted from a mobile device, wherein the identifying information identifies a user of the mobile device to the enterprise server. A virtual phone template is transmitted to the mobile device, wherein the virtual phone template (i) corresponds to the identifying information, and (ii) is configured to provide the business environment on the mobile device as a virtual machine running on a hypervisor installed on top of a host operating system of the mobile device. The enterprise server then receives a periodic transmission from the mobile device to indicate that the mobile device remains in periodic communication with the enterprise server.

Abstract: A virtual business mobile device can be provisioned on a personal mobile device, by binding a mobile application for provisioning the business mobile device to a privileged component of a host operating system of the personal mobile device, wherein the binding enables a software virtualization layer and a management service component of the mobile application to execute in a privileged mode. The mobile application is then able to download a virtual phone image for the business mobile device and security-related policy settings relating to use of the business mobile device from a mobile management server, wherein the software virtualization layer is able to launch a virtual machine for the business mobile device based on the virtual phone image. Once the virtual phone image has been downloaded, the management service component initiates a periodic attempt to establish a connection with the mobile management server to comply with the downloaded security-related policy settings.

Abstract: A business environment on a mobile device can be controlled by an enterprise server by receiving identifying information transmitted from a mobile device, wherein the identifying information identifies a user of the mobile device to the enterprise server. A virtual phone template is transmitted to the mobile device, wherein the virtual phone template (i) corresponds to the identifying information, and (ii) is configured to provide the business environment on the mobile device as a virtual machine running on a hypervisor installed on top of a host operating system of the mobile device. The enterprise server then receives a periodic transmission from the mobile device to indicate that the mobile device remains in periodic communication with the enterprise server.

Abstract: A virtual business mobile device can be provisioned on a personal mobile device, by binding a mobile application for provisioning the business mobile device to a privileged component of a host operating system of the personal mobile device, wherein the binding enables a hypervisor component and a management service component of the mobile application to execute in a privileged mode. The mobile application is then able to download a virtual phone image for the business mobile device and security-related policy settings relating to use of the business mobile device from a mobile management server, wherein the hypervisor component is able to launch a virtual machine for the business mobile device based on the virtual phone image. Once the virtual phone image has been downloaded, the management service component initiates a periodic attempt to establish a connection with the mobile management server to comply with the downloaded security-related policy settings.

Abstract: A graphical user interface to provision business environments on mobile devices presents a navigation panel that displays a virtual phone template menu item and a policy setting menu item. Upon selection of the virtual phone template menu item, a template user interface is presented that enables an administrator to customize virtual phone image templates for users to be delivered to mobile devices that are configured to run the virtual phone image templates as virtual machines on the mobile devices in order to provide a business environment. Upon selection of the policy setting menu item, a policy user interface is presented that enables the administrator to set security policies, wherein each of the security policies specifies a time interval within which a mobile device running a virtual machine corresponding to one of the virtual phone image templates should communicate with an enterprise server to comply with the security policy.

Abstract: A graphical user interface to provision business environments on mobile devices presents a navigation panel that displays a virtual phone template menu item and a policy setting menu item. Upon selection of the virtual phone template menu item, a template user interface is presented that enables an administrator to customize virtual phone image templates for users to be delivered to mobile devices that are configured to run the virtual phone image templates as virtual machines on the mobile devices in order to provide a business environment. Upon selection of the policy setting menu item, a policy user interface is presented that enables the administrator to set security policies, wherein each of the security policies specifies a time interval within which a mobile device running a virtual machine corresponding to one of the virtual phone image templates should communicate with an enterprise server to comply with the security policy.