Guru's Verification engine ensures consistency, confidence, and trust in the knowledge your organization shares. Learn more.

Google - Admin Checklist - Device Trust Configuration

Introduction

Device Trust is the idea that a user’s device must be secure before accessing an organization’s sensitive resources (such as networks, cloud apps, and data). In this context, “users” generally means an organization’s employees, contractors, or vendors, and “devices” refers to the endpoints they use for work: laptops, desktops, and mobile devices.

Kolide will directly integrate with any SAML 2.0 applications, for the purposes of adding Device Trust to them while still allowing the end-user to authenticate with their Google credentials.
Apps are taken out of Google SSO and are instead managed by our Device Trust solution directly. With this setup, Google will act as the Identity Provider (IdP) and store user data, and Device Trust/Kolide will act as the SSO provider and handle authentication.

The individual(s) tasked with setting up the integration must have super admin privileges. No specific package tier is needed.

Multi-factor authentication: MFA can be configured but be aware that for Google, the application is in scope for the service meaning that all users on any device accessing that application would be in-scope for MFA.
Context-Aware Access: CAA is a feature in Google that allows you to create granular access control security policies for apps based on attributes such as user identity, location, device security status, and IP address. CAA is not used by XAM because it is specific to applications that are being managed with Google. With Google Device Trust, applications are now being managed through XAM thus removing the application currently being used for Device Trust out of scope for CAA entirely.

device trust google, device trust, admin checklist

You must have Author or Collection Owner permission to create Guru Cards. Contact your team's Guru admins to use this template.