Abstract: The present disclosure relates generally to managing compliance of remote devices that access an enterprise system. More particularly, techniques are disclosed for using a compliance policy to manage remediation of non-compliances of remote devices that access an enterprise system. A device access management system may be implemented to automate remediation of non-compliances of remote devices accessing an enterprise system. Remediation may be controlled based on different levels of non-compliance, each defined by one or more different non-compliances. In some embodiments, a level of non-compliance may be conditionally defined by one or more user roles for which non-compliance is assessed. Access to computing resources of an enterprise system may be controlled for a remote device based on compliance of the remote device. Access may be inhibited for those resources not permitted during a time period of a non-compliance.

Abstract: An LDAP (Lightweight Directory Access Protocol) to SCIM (System for Cross-domain Identity Management) proxy service is provided. The LDAP to SCIM proxy service receives an LDAP request from an LDAP-based application running on an LDAP-based application server, translates the LDAP request to a SCIM request, and forwards the SCIM request to a SCIM server within the IDCS. The LDAP to SCIM proxy service then receives a SCIM response from the SCIM server within the IDCS, translates the SCIM response to an LDAP response, and forwards the LDAP response to the LDAP-based application.

Abstract: Techniques for providing enrollment services for various types of electronic devices in a communication network is disclosed. The electronic devices may include devices associated with a user and headless devices not associated with any user. In certain embodiments, a device enrollment system is disclosed that controls the authentication and enrollment of both user devices and headless devices within a communication network. The device enrollment system detects a particular device within a communication, identifies a type of enrollment policy to be applied to the device based on a type of the device, applies a set of enrollment rules to the device in accordance with the enrollment policy and enrolls the device if the device satisfies one or more criteria specified by the enrollment rules.

Abstract: Techniques are disclosed for generating, utilizing, and validating traceable image CAPTCHAs. In certain embodiments, a traceable image is displayed, and a trace of the image is analyzed to determine whether a user providing the trace is human. In certain embodiments, a computing device receives a request for an image, and in response, creates a traceable image based upon a plurality of image elements. The computing device transmits data representing the traceable image to cause a second computing device to display the traceable image via a touch-enabled display. The computing device receives a user trace input data generated responsive to a trace made at the second computing device, and determines whether the trace is within an error tolerance range of the set of coordinates associated with the traceable image. The computing device then sends a result of the determination.

Abstract: The present disclosure relates generally to managing compliance of remote devices that access an enterprise system. More particularly, techniques are disclosed for using a compliance policy to manage remediation of non-compliances of remote devices that access an enterprise system. A device access management system may be implemented to automate remediation of non-compliances of remote devices accessing an enterprise system. Remediation may be controlled based on different levels of non-compliance, each defined by one or more different non-compliances. In some embodiments, a level of non-compliance may be conditionally defined by one or more user roles for which non-compliance is assessed. Access to computing resources of an enterprise system may be controlled for a remote device based on compliance of the remote device. Access may be inhibited for those resources not permitted during a time period of a non-compliance.

Abstract: Techniques for providing enrollment services for various types of electronic devices in a communication network is disclosed. The electronic devices may include devices associated with a user and headless devices not associated with any user. In certain embodiments, a device enrollment system is disclosed that controls the authentication and enrollment of both user devices and headless devices within a communication network. The device enrollment system detects a particular device within a communication, identifies a type of enrollment policy to be applied to the device based on a type of the device, applies a set of enrollment rules to the device in accordance with the enrollment policy and enrolls the device if the device satisfies one or more criteria specified by the enrollment rules.

Abstract: Methods, devices, and systems are described for enrolling a user's bring-your-own-device for secure connection to a company's enterprise computer network. From her mobile device, user clicks on a uniform resource locator (URL) to connect with the login web page on the enterprise network. After authentication, checks are performed to verify that the user has authorization to enroll the type of electronic device, and the profile is installed on the device. A notification is sent to the device by a server on the enterprise network, and a secure workspace application is pushed to the device along with configuration data that automatically links the workspace with the parent device enrollment. Once the user launches the secure workspace application the workspace access configuration data and initializes enrollment with the enterprise network, resulting in a linking of the secure workspace application with its parent device enrollment.

Abstract: The present disclosure relates generally to managing access to an enterprise system using remote devices. Techniques are disclosed for provisioning applications on remote devices to access resources in an enterprise system. Specifically, applications may be automatically configured with access information (e.g., account information) and connection information to access a resource in an enterprise system using a remote device. Configuring an application may include determining an account for accessing a resource using the application. An account may be provisioned if one has not been established. Upon configuring an application, the device access management system may provide a configured application to the remote device(s) for which the application is configured. Once the configured application is received, the application may be automatically installed on the remote device, after which the application may be executed to access a resource.

Abstract: The present disclosure relates generally to managing compliance of remote devices that access an enterprise system. More particularly, techniques are disclosed for using a compliance policy to manage remediation of non-compliances of remote devices that access an enterprise system. A device access management system may be implemented to automate remediation of non-compliances of remote devices accessing an enterprise system. Remediation may be controlled based on different levels of non-compliance, each defined by one or more different non-compliances. In some embodiments, a level of non-compliance may be conditionally defined by one or more user roles for which non-compliance is assessed. Access to computing resources of an enterprise system may be controlled for a remote device based on compliance of the remote device. Access may be inhibited for those resources not permitted during a time period of a non-compliance.

Abstract: The present disclosure relates generally to managing access to an enterprise system using remote devices. Techniques are disclosed for provisioning applications on remote devices to access resources in an enterprise system. Specifically, applications may be automatically configured with access information (e.g., account information) and connection information to access a resource in an enterprise system using a remote device. Configuring an application may include determining an account for accessing a resource using the application. An account may be provisioned if one has not been established. Upon configuring an application, the device access management system may provide a configured application to the remote device(s) for which the application is configured. Once the configured application is received, the application may be automatically installed on the remote device, after which the application may be executed to access a resource.

Abstract: Techniques for providing enrollment services for various types of electronic devices in a communication network is disclosed. The electronic devices may include devices associated with a user and headless devices not associated with any user. In certain embodiments, a device enrollment system is disclosed that controls the authentication and enrollment of both user devices and headless devices within a communication network. The device enrollment system detects a particular device within a communication , identifies a type of enrollment policy to be applied to the device based on a type of the device, applies a set of enrollment rules to the device in accordance with the enrollment policy and enrolls the device if the device satisfies one or more criteria specified by the enrollment rules.

Abstract: A virtual directory server (VDS) provided according to an aspect of the present disclosure maintains attribute data identifying a corresponding set of stored attributes associated with each data source, with each data source storing values for associated set of stored attributes. Upon receiving a first request based on query attributes, the VDS identifies a set of data sources based on the stored attribute data, with each data source storing values for at least one of the query attributes. The VDS then forms constituent requests, with each constituent request having a corresponding pruned filter suitable for the respective data source. The constituent requests are sent to the respective data sources. The VDS forms a final response from the constituent responses received from the corresponding data sources by joining the constituent entries, and sends the final response to a client system from which the first request is received.

Abstract: Techniques are disclosed for generating, utilizing, and validating traceable image CAPTCHAs. In certain embodiments, a traceable image is displayed, and a trace of the image is analyzed to determine whether a user providing the trace is human. In certain embodiments, a computing device receives a request for an image, and in response, creates a traceable image based upon a plurality of image elements. The computing device transmits data representing the traceable image to cause a second computing device to display the traceable image via a touch-enabled display. The computing device receives a user trace input data generated responsive to a trace made at the second computing device, and determines whether the trace is within an error tolerance range of the set of coordinates associated with the traceable image. The computing device then sends a result of the determination.

Abstract: Techniques for providing enrollment services for various types of electronic devices in a communication network is disclosed. The electronic devices may include devices associated with a user and headless devices not associated with any user. In certain embodiments, a device enrollment system is disclosed that controls the authentication and enrollment of both user devices and headless devices within a communication network. The device enrollment system detects a particular device within a communication network, identifies a type of enrollment policy to be applied to the device based on a type of the device, applies a set of enrollment rules to the device in accordance with the enrollment policy and enrolls the device if the device satisfies one or more criteria specified by the enrollment rules.

Abstract: Protection of resources hosted on enterprise systems. In an embodiment, an enterprise system receives a request from a portable device to download a resource, and in response formulates multiple security actions and associated conditions for the requested resource. The enterprise system sends the requested resource, the security actions and the conditions to the portable device. The portable device determines whether each condition is satisfied and performs the security actions associated with the conditions determined to have been satisfied. Due to the ability to send multiple security actions and associated conditions, better control in protection and retention of downloaded resources is obtained.

Abstract: Techniques are disclosed for generating, utilizing, and validating traceable image CAPTCHAs. In certain embodiments, a traceable image is displayed, and a trace of the image is analyzed to determine whether a user providing the trace is human. In certain embodiments, a computing device receives a request for an image, and in response, creates a traceable image based upon a plurality of image elements. The computing device transmits data representing the traceable image to cause a second computing device to display the traceable image via a touch-enabled display. The computing device receives a user trace input data generated responsive to a trace made at the second computing device, and determines whether the trace is within an error tolerance range of the set of coordinates associated with the traceable image. The computing device then sends a result of the determination.

Abstract: The present disclosure relates generally to managing compliance of remote devices that access an enterprise system. More particularly, techniques are disclosed for using a compliance policy to manage remediation of non-compliances of remote devices that access an enterprise system. A device access management system may be implemented to automate remediation of non-compliances of remote devices accessing an enterprise system. Remediation may be controlled based on different levels of non-compliance, each defined by one or more different non-compliances. In some embodiments, a level of non-compliance may be conditionally defined by one or more user roles for which non-compliance is assessed. Access to computing resources of an enterprise system may be controlled for a remote device based on compliance of the remote device. Access may be inhibited for those resources not permitted during a time period of a non-compliance.

Abstract: The present disclosure relates generally to managing access to an enterprise system using remote devices. Techniques are disclosed for provisioning applications on remote devices to access resources in an enterprise system. Specifically, applications may be automatically configured with access information (e.g., account information) and connection information to access a resource in an enterprise system using a remote device. Configuring an application may include determining an account for accessing a resource using the application. An account may be provisioned if one has not been established. Upon configuring an application, the device access management system may provide a configured application to the remote device(s) for which the application is configured. Once the configured application is received, the application may be automatically installed on the remote device, after which the application may be executed to access a resource.

Abstract: Techniques for providing enrollment services for various types of electronic devices in a communication network is disclosed. The electronic devices may include devices associated with a user and headless devices not associated with any user. In certain embodiments, a device enrollment system is disclosed that controls the authentication and enrollment of both user devices and headless devices within a communication network. The device enrollment system detects a particular device within a communication network, identifies a type of enrollment policy to be applied to the device based on a type of the device, applies a set of enrollment rules to the device in accordance with the enrollment policy and enrolls the device if the device satisfies one or more criteria specified by the enrollment rules.

Abstract: Methods, devices, and systems are described for enrolling a user's bring-your-own-device for secure connection to a company's enterprise computer network. From her mobile device, user clicks on a uniform resource locator (URL) to connect with the login web page on the enterprise network. After authentication, checks are performed to verify that the user has authorization to enroll the type of electronic device, and the profile is installed on the device. A notification is sent to the device by a server on the enterprise network, and a secure workspace application is pushed to the device along with configuration data that automatically links the workspace with the parent device enrollment. Once the user launches the secure workspace application the workspace access configuration data and initializes enrollment with the enterprise network, resulting in a linking of the secure workspace application with its parent device enrollment.