Enable Zero Trust Access with Scalefusion UEM Signals
Zero Trust Access to devices and apps driven by Unified endpoint management
Scalefusion OneIdP enables Zero Trust access by leveraging compliance signals from the Scalefusion UEM product to ensure that only UEM-managed compliant devices can securely access corporate emails and SaaS apps (e.g., Gmail, Salesforce).
Use-case preview Video
Scalefusion OneIdP SSO Configuration for Android
What is OneIdP Zero Trust Access?
Scalefusion OneIdP enforces Zero Trust access by ensuring secure and controlled access to apps and emails (e.g., Gmail, HubSpot) for Scalefusion UEM-managed compliant devices. For unmanaged devices, it adds an extra layer of security with enhanced authentication methods like OTPs or third-party authenticators.
With dynamic policy enforcement, it applies real-time access rules based on compliance status, location, and network. Integrated SSO simplifies user workflows, allowing seamless access to web applications and select native apps using a single set of credentials while ensuring secure endpoints.
Integration with leading IdP providers
Authentication
Device authentication
Enable user to login to device after checking conditions such as
- Device management status
- Wifi
- IP Address
- Location
Authorization
Conditional SS0 applications
Grant access to applications based on
- Context-Aware Signals
- UEM Compliant Device Checks
- Multi-factor authentication (MFA)
Access
Use Case Spotlight
Restrict corporate Gmail access to devices not owned or managed by your organization
Gain full control over corporate Gmail access by combining Scalefusion UEM with OneIdP for a comprehensive Zero Trust solution. Whether your users are on company-owned (COD) or bring-your-own (BYO) devices, ensure that Gmail is accessed only on managed and secure endpoints, giving IT admins complete peace of mind.
How it works?
For Company-Owned Devices (COD)
Allow Gmail access only on devices owned and managed by your organization.
Restrict Gmail access to managed COD devices using Scalefusion OneIdP.
Apply UEM policies to secure devices and ensure compliance.
For Bring-Your-Own Devices (BYO)
Require users to enroll their personal devices in the UEM system.
Apply security policies to protect Gmail access on personal devices.
Use OneIdP to ensure Gmail is accessible only on enrolled, compliant devices.
Unlock the full potential of zero
trust access solution
Key features
Always on, always secure
zero trust features you can count on
Conditional SSO
Conditional SSO
Use device signals to validate user access and restrict access based on browser versions for enhanced control.
Device authentication
Device authentication
Grant device access by evaluating context-aware signals and device signals/device trust signals.
Just-in-Time Admin
Just-in-Time Admin
Empower your standard users by allowing temporary admin access to perform necessary tasks without compromising security.
User Identities
Device trust-based
Single Sign-On
Enable your users to access work apps in one click—seamlessly and securely! Grant access only when your device management checks out or through trusted third-party authenticator apps.
Validate
Authenticate
Control
Restrict
Control access to apps via device management status
OTP-based authentication for unrecognized devices
Apply per-app access conditions to specific users
Prevent access based on the browser version
Validate
Control access to apps via device management status
Authenticate
OTP-based authentication for unrecognized devices
Control
Apply per-app access conditions to specific users
Restrict
Prevent access based on the browser version
Use Case Spotlight
Flexible access policies for secure and convenient email access
Scalefusion OneIdP empowers organizations to create custom access policies that balance security and flexibility. Whether enforcing strict access through managed devices or offering secure options for unmanaged endpoints, Scalefusion adapts to your business needs.
Scenario 1 : Acme Corporation
Policy: Work Email access restricted to Scalefusiom UEM-managed devices.
Paul, an Acme Corporation employee, needs to access his work email from public PC while traveling.
Because this device is not managed by Scalefusion UEM, he is unable to log in, ensuring strict compliance with Acme Corp’s security policies.
Scenario 2: OnPlex Inc
Policy: Secure email access from unmanaged devices with enhanced authentication.
Tony, a OnPlex Inc employee, is traveling and needs to check his work email from a public PC.
OnePlex Inc’s policy prompts Tony to enter an OTP sent to his Scalefusion-managed device or a verified third-party authenticator, ensuring secure access even from an unmanaged device.
OneIdP Keycard
Conditional access for device authentication
Allow device access based on contextual and device signals. Your users can log in securely with identity provider credentials, no need for local passwords.
Contextual access control
Ensure only authorized users can access devices under specific conditions such as location, IP address, WiFi network, date, and time.
Compliance check frequency
Schedule checks at intervals, for every 5, 30, or 60 minutes. Make way for a comprehensive monitoring approach and identify any compliance issue before it takes place.
Customizable login screen
Personalize the login screen to reflect your brand identity. Customize with your logos, wallpapers, and utility settings for an elevated login experience.
JIT Admin
Privilege elevation with Just-in-Time Admin
Temporarily elevate your user's device access privileges to the administrator level. Extend time-sensitive access and automatically revoke privileges to eliminate the risk of shadow IT.
-
Keep device admin credentials confidential -
Enable admin privileges for quick actions -
Available on macOS and Windows devices -
Track actions with detailed logs
Achieve total control over your
security with OneIdP
User Identities
Directory sync for centralized user repository
Manage users like a pro—set password complexities, integrate directories, and automate identity provisioning in a snap. Streamline identity management and enhance security, all in one place.
Integrations with your favorite tools for zero trust protection
Obsessed with seamless access, exceptional user experience, and strengthened security? All the tools you use and love, are available on a single console.
Simplify your zero trust journey with
OneIdP's unified approach
Frequently asked questions
Zero Trust is a security framework designed to protect identities, infrastructure, and data in modern multi-cloud networks. It operates on the principle of “never trust, always verify,” meaning no user or device is implicitly trusted, even inside the network. Unlike traditional models that focus on network perimeters, Zero Trust enforces security policies for every connection between users, devices, applications, and data.
Zero Trust Application Access (ZTAA) is a key component of the Zero trust access solution, focusing on securing application-level access. It ensures that users, devices, and applications are continuously authenticated and authorized based on identity and context. ZTAA eliminates traditional perimeter security, providing granular access control and reducing risks like lateral movement and insider threats.
Zero Trust Application Access (ZTAA) enhances security by continuously verifying users, devices, and applications. It offers granular access control, ensuring users can only access necessary applications based on their role and context. ZTAA also reduces the attack surface by protecting applications from direct exposure to the internet.
Zero Trust authentication ensures secure access by verifying every user, device, and connection, regardless of location. It operates on a “never trust, always verify” principle, requiring continuous authentication and strict access controls to protect sensitive data.
Core components include identity verification, device security, least-privilege access, continuous monitoring, micro-segmentation, and robust policy enforcement across users, devices, and applications.
Yes, Zero Trust solutions are designed to integrate with existing IT infrastructure. They work with tools like identity management systems, endpoint security platforms, and network security solutions, enhancing security without disrupting workflows.
