More control over user devices

[F1L337]

Is your feature request related to a problem? Please describe. Users should only be able to configure one (or a limited number of) devices. For example: Every user should have a single notebook that they use for work, with the DefGuard client active only on that device. It should not be possible to use the client on multiple devices. As a workaround, a user could uninstall the client and reinstall it on another device, but this is not a desired behavior.

Describe the solution you'd like

• Users should only be able to configure one (or a limited number of) devices. -> Disable self-enrollment and send the token via email to admins upon request. (?)
• Prevent the deletion of the configured device to avoid re-configuration on another device.
• Provide an option to disable phone configuration.
• Allow exceptions for certain users to configure more devices, enable phone configuration, self-enrollment, etc.
• Admins might have to make sure that the token is enabled on the work notebook (hostname + serial number of device?)

Describe alternatives you've considered None

Additional context In general, each basic user should only have the DefGuard client on their work notebook. If a user gets a new notebook, the admin should assist with reconfiguration, unless another solution is implemented. Special users, such as the CEO, may require exceptions for additional devices, like a second notebook or a phone.

Depending on the progress of Issue #955, there may already be partial solutions for this feature.

[kchudy]

Thank you for the suggestion. We'll consider adding it to our roadmap.

We have a simplified version of the feature you're asking for: Disable for users to manage their devices. In that case, only admins can add devices, and you can achieve the limits.