Limiting users to a single device

Top  Previous  Next

 

(New in 5.18)

mSuite can be configured to limit each mSuite user account to a single device.  When this feature is active, if a user tries to connect with a different device than the one they previously used, they will fail authentication and so will not be allowed to access the system from that "new" device.  They will still be able to use the system with their original device.
 
This serves two purposes:

 

Using more than one EAS device with the same mSuite account is strongly discouraged since it results in data regularly being removed from the device and reloaded from the server every time each different device tries to sync.  For more information, please click here.
It helps to prevent unapproved devices connecting to the system.  Without this capability, a user could swap from an approved device to an unapproved device without the knowledge/approval of the administrator.

 

Before you start

Before enabling this feature, you should check to see if any mSuite user accounts currently have more than one device associated with them and, if so, delete the additional devices so that each account only has one device.  Failure to do this will result in some users not being able to access the system.

 

 

To identify all mSuite user accounts that currently have more than one device entry, use SQL Server Management Studio (or equivalent) and run the following query on the mSuite SQL database:

 

 

 

SELECT MAX(u.AuthName) AS [Account Name], MAX(u.DisplayName) AS [Display Name], MAX(p.PVal) AS [Notes Name], COUNT([DeviceID]) as [Devices] FROM

(

SELECT UserID, da.Bin AS [DeviceID] FROM DEVICE_SIGHTINGS ds

INNER JOIN DEVICE_ATTRIBUTES da ON da.DSID=DS.ID AND da.DADID=39

INNER JOIN USERS u ON u.ID=UserID

INNER JOIN DEVICES d ON d.DeviceID=da.Bin AND d.Flags=0

GROUP BY UserID, da.Bin

) x

INNER JOIN USERS u ON x.UserID=u.ID

LEFT OUTER JOIN GROUP_PROPERTIES gp ON u.GID=gp.GID

INNER JOIN PROPERTY_SETS ps ON gp.PSID=ps.ID

LEFT OUTER JOIN PROPERTIES p ON p.PSID=ps.ID

WHERE p.PDID=2002055

GROUP BY [UserID]

HAVING COUNT([DeviceID])>1

ORDER BY MAX(AuthName)

 

 

 

 

 

Enabling 'one user, one device'

 

1.In the mSuite Administration Console, go to Configuration > Server and Groups then double click on the server to display its Properties.
2.Go to the Connection Management tab and run the Authentication Server Settings wizard (the magic wand icon to the right of Default Authentication Server Template) and click Next.
3.On the General Settings page, check the box marked Allow only one device per user.
4.Restart mSuite

 

How it works

The first time a user's device successfully connects to the mSuite system, it is given a Device ID which is stored in the mSuite database.

 

Every time a user's device connects and authenticates, the system checks to see that the current device's Device ID matches the one that is stored in the database for that user account.  If not, the authentication fails and an alert is generated (provided authentication alerts are enabled).

 

 

Changing a user's device

In order to allow a user to connect a "new" device to the system, the administrator needs to delete that user's existing device record from the Devices view in the mSuite Administration Console.

The definition of a "new" device differs between EAS devices and full mCenter clients:

 

EAS devices

The mSuite Device ID is associated with the device's serial number which does not change.  So, even if a device has  been wiped and/or restored to factory settings, provided it is being used with the same mSuite user account, it will still be recognised by mSuite and will not be considered as "new".

 

WM devices running the full 'mCenter' client

If the 'mCenter' client is removed and re-installed (or the device is hard reset and the 'mCenter' client is re-installed), its mSuite identity changes.  So, even though it is the same physical device, it is seen by the mSuite server as "new" and is not therefore allowed to connect to the system.

 

 

 


Page url: http://msuitehelp.commontime.com/index.html?ct_limiting_users_to_a_single_dev.htm