Intro
Connhex Device Ownership is a service that enables users to associate themselves with specific device(s).
Features
Connhex Device Ownership supports two association modes:
- One-to-One: each device can be associated with a single user
- One-to-Many: each device can be associated with multiple users
Each association flow starts by requesting the user for a device identifier. If the association is configured as standard, no additional information is needed - whereas if the association is protected an additional verification step is needed.
A typical choice for a device identifier is the serial number - but any unique ID can be used too.
Protected association mode
Connhex Device Ownership can be configured in protected association mode, thus enabling an extra level of security during the association process. Merely possessing the device identifier is not sufficient for association: a second condition must also be verified.
The service includes a default verification step (see below), but external validations can also be included.
The default verification check consists in the device sending a predefined message (registration enable) during the association phase. If this message fails to arrive within a (configurable) specified timeframe, the registration process times out and fails.
Use cases
This service integrates with Connhex IAM to provide convenient management of user-device associations, allowing users to take ownership and access relevant resources.