探花大神

AD-joined

A device that is joined to an Active Directory (AD) domain and inherits its configurations and policies from the parent domain.

ADI

The Active Directory Integration enables the syncing of users, groups, and passwords between 探花大神 and Active Directory. The integration consists of two agents: the Import Agent and Sync Agent. The integration can be configured to use one or both of the agents. Your use case determines which agents are required, the direction of the sync, and which system (探花大神 or Active Directory) is the authority.

Administrator with Billing

This role is considered a "super administrator." These administrator accounts have all privileges, including the ability to manage billing, other 探花大神 administrators, and the Multi-Tenant Portal (if applicable). This includes access to manage users, groups, devices, user authentication, directory integrations, security, and account management.

ADMU

The 探花大神 Active Directory Migration Utility (ADMU) is a tool that automates the migration of Active Directory (AD) domain users to 探花大神 managed users. The utility converts a Windows non-local domain user profile to a local profile, simultaneously leaving the domain and installing 探花大神.

Agent

• Also known as daemon, service, or client, a computer program that runs as a background process, rather than being under the direct control of an interactive user. Agent may refer to:
  • 探花大神 Agent - 探花大神鈥檚 client that runs on managed devices. It communicates with 探花大神 servers every 60 seconds (鈥淎gent heartbeat鈥�) to look for jobs. If jobs are available, the Agent downloads the work request and executes it. See Understand the 探花大神 Agent.
  • Remote Assist Agent - The Remote Assist app is included with the 探花大神 Agent and is installed by default. The 探花大神 Agent is required to launch the initial Remote Assist client installation, but the app is intentionally deployed as separate from the 探花大神 Agent to ensure Admins are able to address customer issues even if the 探花大神 Agent is not running. See Understand the Remote Assist Agent.
  • For AD Import Agent and AD Sync Agent, see ADI

Allow list

An explicitly identified list of entities that are allowed a particular privilege, service, mobility, access or recognition. For its opposite, see blocklist.

API Key

A code used to authenticate to an application programming interface (API). API keys are considered 鈥渒eys to the castle鈥� and should be secured and protected. In the event of compromise, they should be rotated immediately. In 探花大神, your API Key is only viewable at the time it's generated. If you've lost it, you can generate a new API Key from the initials (avatar) menu in the top right corner of the Admin Portal.

Apple Business Manager

(ABM) is a tool that Apple created to streamline several programs (Automated Device Enrollment, VPP, Managed Apple IDs) into a single platform for businesses to assign iOS, iPadOS, tvOS, and macOS devices to an MDM, as well as purchase apps and Books and manage Managed Apple IDs for User Enrollment. An organization connects their ABM instance to 探花大神 to allow 探花大神 to manage their Apple devices with MDM, provide Automated Device Enrollment and Zero-Touch Enrollment to their Apple devices, and install apps purchased from Apple.

Automated Device Enrollment

A zero-touch Apple MDM enrollment method that enables devices to be supervised during activation without intervention. Requires Apple Business Manager (ABM) or Apple School Manager (ASM).

Bind

A bind is an association or a connection made between two objects in 探花大神. In order to log in to their device using their 探花大神 credentials, your user must first be bound to their device.

There are various types of binds in 探花大神:

• bind users to devices
• bind users, devices, and policies to their respective groups
• bind policy groups, applications, and commands to device groups
• bind applications and resources like RADIUS and LDAP to user groups
• bind user groups to the 探花大神 Password Manager

Bind DN

The LDAP binding user is created to allow an application to gain access to the LDAP directory in order to facilitate authentication requests when a regular LDAP user is attempting to log in. 探花大神 does not support anonymous binds. When a user is designated as the Bind DN (distinguished name), they are automatically bound to the 探花大神 LDAP directory. Any 探花大神 user can be set as a binding user, although it's generally recommended to treat this account as privileged and for use only to facilitate the application's ability to bind/search the LDAP directory.

Biometric

Verifying a user鈥檚 identity based on biological traits such as a fingerprint (Touch ID) or facial recognition (Face ID).

Bitlocker

A disk encryption feature built into Microsoft Windows.

Blocklist

A basic access control mechanism that allows through all elements (email addresses, users, passwords, URLs, IP addresses, domain names, file hashes, etc.), except those explicitly identified. The items on the block list are denied access. For its opposite, see allow list.

BYOD (bring your own device)

An employee-owned device that is partially managed by the company through a work profile or container.

Conditional Access Policy

Conditional access policies are a set of rules configured to establish which devices can access聽company resources. Use Conditional Access Policies in 探花大神 to establish levels of access (password, password and MFA, or completely restricted) to resources based on conditions such as whether the device is managed, what the device's operating system is, the device's location, and whether the device is disk encrypted.

Connect Key

The Connect Key provides a way to associate devices with your 探花大神 organization. Find your Connect Key when you add a device in the Admin Portal under DEVICE MANAGEMENT > Devices.

Declarative Device Management

A device management protocol in which the device applies updates asynchronously without polling from a server, reporting its status back when an update has been made.

Dedicated device

A corporate-owned, single use device that is fully managed by the company and used for a specific purpose or task, such as a kiosk or point-of-sale.

Delegated authentication

Sometimes called passthrough authentication, a mode of authentication where the experience of "logging in" happens in 探花大神, but another Identity Provider is the validating authority. End users will see no difference in their authentication experience between direct auth and delegated auth in 探花大神.

Device trust

A security concept for ensuring that a device meets minimum security requirements before its user can access protected company resources.

Directory Insights

Directory Insights is 探花大神's event logging and compliance feature that gives a centralized view of user activity that delivers in-depth logging and audit reporting for compliance and security purposes.

Display Name

The Display Name field in the 探花大神 user account record is consumed in account creation and account takeover, and, if present, is used as the display name on the user-bound device.

Dynamic group

A user group or device group in 探花大神 configured to update automatically as new users or devices meet the conditions set for the group or when existing users or groups no longer meet the conditions set for the group. See static group

EMM

Android's Enterprise Mobility Management. You can enroll and manage Android devices using EMM through the 探花大神 Admin Portal. Devices managed through Android EMM utilize a work profile to securely control access to company resources like email, calendar and contacts, and other company apps and data, while keeping personal user data private and secure.

Federated Authentication

A mode of authentication where the experience of "logging in" happens outside of 探花大神 with another Identity Provider.聽

FileVault

FileVault is Apple's disk encryption program. See Apple's

探花大神 offers a preconfigured FileVault policy to enforce FileVault on macOS device. See Create a Mac FileVault 2 Policy

Full-disk encryption (FDE)

Full-disk encryption. See Bitlocker (Windows) and FileVault (macOS)

Use 探花大神 to configure access policies for devices based on their disk encryption status.

Fully managed device

A device that is managed by the company and used exclusively for work purposes, also sometimes referred to as a COBO (company-owned, business only) device.

High-water mark

The greatest number of users present in the 探花大神 directory at any point in the billing period.

Identity Access Management (IAM)

A framework of policies and technologies for ensuring that the proper people in an enterprise have the appropriate access to technology resources. IdM systems fall under the overarching umbrella of IT security and Data Management.

Identity Provider (IdP)

The entity that stores and authenticates the identities that users log in to their systems, applications, file servers, and more with.

JIT provisioning

The technology that creates users and updates them dynamically when they log in (just in time) based on SAML assertions sent by the identity provider.

探花大神 PowerShell Module

The 探花大神 PowerShell Module is a set of Windows PowerShell commands that allow 探花大神 administrators to interact with their 探花大神 directory.

LDAP

The Lightweight Directory Access Protocol is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network.

Least privilege

The concept of least privilege access to infrastructure means you give users access only to the company resources that they need to successfully do their daily job. Having too many admins with unlimited access is prone to human error and increases the attack surface for a security breach. See What is Least Privilege and Why Do You Need It?

Managed Service Provider (MSP)

A company that remotely manages a customer鈥檚 IT infrastructure and/or end user systems, typically on a proactive basis and as part of a subscription model. See Multi-Tenant Portal

MDM

Mobile Device Management; A software solution that allows IT Admins to control, secure, and enforce policies on laptops, mobile devices, tablets, and other endpoints.

mTLS

Mutual TLS; a common security practice that uses client TLS certificates to provide an additional layer of protection by cryptographically verifying the client information.

Multi-Factor Authentication (MFA)

Multi-Factor Authentication requires users to provide something in additional to a password when logging in. MFA tightens account security by making it harder for unauthorized users to access the account. This second factor can be:

• something you know, like a PIN;
• something you have, like a smartphone or USB key; or
• something you are, such as your fingerprint or facial recognition

With 探花大神, you have the option to enforce MFA using 探花大神 Go, 探花大神 Protect (Push MFA), Verification Code (TOTP) MFA, WebAuthn MFA, and/or Duo Security MFA.聽

Multi-Tenant Portal (MTP)

The dashboard for Managed Service Providers to log in and manage all of their tenant organizations.

Network Attached Storage (NAS)

A file-level computer data storage server connected to a computer network that provides data access to a heterogeneous group of clients. NAS is specialized for serving files either by its hardware, software, or configuration.

On-prem

As opposed to a cloud solution, an in-house, physical appliance, such as an Active Directory server.

OrgID

The numeric identifier for a 探花大神 organization. This number is case sensitive.

PowerShell Module

A set of related PowerShell commands that are grouped together. PowerShell modules are hosted by Microsoft and available for installation from the PowerShell Gallery. See 探花大神 PowerShell Module

Provisioning

The process of importing or creating user identities and pushing those identities to other resources.

探花大神's Identity Management integration allows you to provision, update, and deprovision users and groups from 探花大神 in applications that support SCIM.

RADIUS

Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol and software that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service.

Remote Access

探花大神 Remote Access is a cloud-based solution that provides IT teams with robust remote support capabilities, including Remote Assist for remote screen access and control, as well as Background Tools for remote command line and file management.

Remote Assist

探花大神 Remote Assist is a cloud-based remote screen access and control solution from 探花大神 for IT teams.

RMM

Remote Monitoring and Management (RMM) systems let IT admins manage multiple organizations and their systems without needing physical access to target machines.

SAML

Security Assertion Markup Language (SAML) is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based markup language for security assertions. 探花大神 uses SAML 2.0 to connect applications to 探花大神. SAML 2.0 uses security tokens containing assertions to pass information between Identity Provider and Service Provider.

Secure Shell (SSH)

A network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network.

Secure Token

Apple feature that secures and provides access to encryption keys that are required for FileVault decryption. See .

Service Account

On Mac systems, the system account that is created automatically to grant secure tokens for new users and provide security-level services to other user accounts managed by 探花大神. Because it doesn't have an accessible password or valid home directory, this account can鈥檛 be logged in to by other users. See Install and Use the Service Account for MacOS

Service Provider

A software application that needs an identity from an Identity Provider to allow a user to sign in to the application using Single Sign-On.

Shadow IT

Systems and solutions implemented within organizations without the knowledge and approval of an IT or SecOps department.

Static group

A user group or device group that does not have automated membership enabled. See dynamic group

Step-up Authentication

A security principle for requiring additional authentication (above and beyond MFA) when accessing critical resources.

Sudo user

A program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user, by default the superuser. It originally stood for "superuser do," as the older versions of sudo were designed to run commands only as the superuser.聽

Super admin

An administrator with the Administrator with Billing role; the highest level of privilege in the 探花大神 Admin Portal.

TOTP

Time-based, one-time passwords, a form of MFA, are temporary passcodes generated by an algorithm for use in authenticating access to computer systems.

VPP

Apple's Volume Purchase Program, used with MDM to manage App Store licenses through an integration with 探花大神's Software Management. See Manage Software with Apple's VPP

Work profile

The partition on an Android company-owned or employee-owned device that contains work apps and data visible to and managed by the company.

Zero Trust

An IT security model that assumes no user or device is trusted and must be verified to access resources.

Zero-touch

A method of provisioning devices that automates their configuration, allowing companies to purchase and ship devices directly to end users. Upon startup, these devices are automatically enrolled in device management, allowing IT admins to remotely configure them with the correct apps, licenses, and policies, and bind them to a user identity when the user logs in. See Configure Zero-Touch Enrollment for Android and Configure Automated Device Enrollment for Apple.

Zero-touch portal

The Android zero-touch portal that allows admins to configure zero-touch enrollment for Android device management. See Configure Zero-Touch Enrollment for Android