Device Management Using Families #248
Comments
|
Thanks for the request @sm-tradeboox . This is an area we've been working on, and hope to deliver a feature that will help you with this. We'll likely deliver it along with the Client Credentials grant and some other IoT related features we're working on. #155 The high level plan is to support a new CRUD on devices - similar to how you're describing, and these devices will have relationships with a user in some fashion. Feel free to outline your requirements clearly in the issue and we'll use that as we build out this feature. If your requirements are sensitive, feel free to use the Contact Us form on fusionauth.io and we can discuss further that way. |
|
Hello robotdan. Thanks for the quick response. Our own use case requires that we have "families" with "children". But we should be able to define levels of access, kind of like the PG-ratings system for each child. Also, "parents" should be able to decide if the "child" will be allowed to have access in other "families". Perhaps being able to define roles for "child" may also work, but this seems over-complicated to me. The basic roles that come to mind are "read only", "add only", "update" and "admin access". A similar model could be employed for devices. Device owners (parents) would determine if a device can belong in another "family". With similarly defined roles. Now, is a separate section for devices required, or should devices be assigned to entities within the family? Can't say what would work better. SO... our own use case we need to try and meet, which I feel it's not realistic for us to expect FusionAuth to even consider since this is not what you're building, but I'm going to try and articulate anyway. We're considering how we can manage entities with org units where each org unit has its own employees and multiple devices. Some employees/devices can be in multiple org units, others are locked in to a particular unit. The "org unit" may actually be an application. Perhaps this level of complexity ought to be handled at the application level. We're still learning, so please excuse if we've not been able to clearly express our intention/requirements. Thanks again. |
|
Great feedback @sm-tradeboox thanks - we'll take all of that into consideration. |
|
One option to consider - devices are independent entities, and can be assigned to one or more users with a default CRUD roles. The user may then choose to escalate the device to higher auth privileges. We're working on healthcare apps. One particular use case we have is for ICUs. A consulting physician (this could also be a nurse or any other type of specialist) walks into an ICU, picks a device out of a basket and logs in. They become part of the "family" associated with a particular patient. The device is already registered with the patient since the patient is part of the ICU "family". Our specific use case above goes beyond normal CRUD roles. Since the device user may have the ability to only view info, add records, change data, share details, etc. They may also have privileges to access other caregiver notes, and/or to view these outside the ICU, on their own device. What's important here? It's important the device has the necessary auth credentials, and it's also important that so does the consultant. Again, it's possible to manage AAA details at the application level, but if FusionAuth tokens can provide the necessary tags/roles/group/deviceGroup info associated with a particular device/user, it'll simplify app development in a microservices environment. TIA. |
|
I've created an feature request to track the "Entity Management" idea. This could be a solution for this feature request as well. The issue is #881. @sm-tradeboox please review is and see if it will work for your needs and provide additional comments there. |
|
I am going to assume that this is covered by entity management, tracked by #881 and described in-depth in our docs: https://fusionauth.io/docs/get-started/core-concepts/entity-management @sm-tradeboox you can re-open this issue or open a new one if there are any additional asks, or needs not met by FusionAuth entities. |
|
This might be helpful too: https://fusionauth.io/docs/extend/examples/device-limiting |
Managing Multiple Devices for Login
Problem
Users have multiple devices to log in and use different applications. As the service providers, we need to be able to track and audit usage, and at the same time give users the ability to manage their own devices.
I don't currently see any mechanism that will allow us to do this. We've implemented a group called "Devices" and are considering even adding the device ID to the user record as an alternative UserID. This 2nd approach is most suitable for us because we'd like the user to be able to log in using either their user ID, telephone number or email address, then why not device ID? But I feel it'll require major changes.
Long term solution
Would this work if, in FusionAuth, just like you have "Families", you added another section for devices?
Alternatives/workarounds
One possible workaround we're considering is that each device allocated to a user and is added as a member of the family.
I hope the good people who are kind enough to respond to all our queries can suggest a better solution.
Thanks again for your help and support.
The text was updated successfully, but these errors were encountered: