netbirdio
Ability to use setup keys with Android / IPhone
Is your feature request related to a problem? Please describe.
Setup keys are awesome. We want to be able to use them on android/iphone ;-)
Especially because it makes configuration in the right groups simple, client just installs netbird and it works immediatly.
Describe the solution you'd like
Ability to use setup keys :-)
Describe alternatives you've considered
For the moment we use a generic user.
+1
I suggest adding the ability to directly include server url and the key via a QR code. This would enhance professionalism and improve usability.
I just found out reading the source code of the mobile clients: Using Setup Keys for iOS is already supported! BUT only for selfhosted netbirds!
Prerequisites:
- Selfhosted management server
Steps:
- Backup your management.json
- Delete the the complete blocks
DeviceAuthorizationFlowandPKCEAuthorizationFlowin management.json - Restart the management server
- Connect your mobile devices via Setup Key (Menu - Change Server - type in your server URL - hit change and the textfield for setup key will appear)
Downsides:
- You can't choose or switch between the authorization flows without adapting the JSON
- All clients (whether mobile or not) need to use setup keys. SSO will be completely disabled.
- This is only available for selfhosted instances
@mad73923 nice finding, but when you say "SSO will be completely disabled", how does login work for the dashboard UI? or is SSO only disabled for peers?
Hi @Silex no worries, this only applies to the device authorization flow. SSO for the dashboard still works. BR
+1 for this feature on both iOS and Android
my workaround for now is setting up a generic user used for my employee devices (so they can't tamper with admin page of my netbird.io).
Hello, as a part of answering the customer, I have synced with the team about the state of the feature.
The general consensus was that Setup Keys is not a feature intended for user-owned devices (which mobile devices almost exclusively are) due to:
- they're not tied to User identity in any way
- they reduce security due to the above and the fact that they do not expire
- using Setup Keys on user-devices wouldn't pass even the most basic of security certifications
We are willing to revisit the decision when we gather enough valid use cases for the feature to exist. Please describe your use cases in addition to/instead of giving thumbs up/+1 on this feature request. We would expect the use cases to be generally unfit for periodical (or permanent/non-expiring) user logins.
I have so far seen/came up with those use cases to give you some idea:
- persistently streaming proprietary CCTV system results through a set of iPad devices, simply because there was no other client application available/allowed to be used for this purpose,
- managing a large fleet of devices through MDM, automatically logging them in (this requires much more than simply allowing the Setup Key to be passed through the UI),
Hello there,
Thanks for considering the possibility of bringing this feature to Android.
In my team’s opinion, setting devices up using a Serial key is a more user-friendly/peace of mind.
Regular users do not need to manage user accounts, which can be prone to forgetting credentials. Instead, they can simply obtain a Serial key from their administrator to add their new device to the NetBird network (either computer or iPhone/iPad).
Generating Serial keys with associated tags is a convenient way for administrators to predefine communication boundaries, ensuring each newly added device automatically inherits the correct access policies and knows which peers it’s allowed to interact with.
So indeed, bringing Setup Key support to Android —just like on iOS— would be very helpful for us.
Hello, as a part of answering the customer, I have synced with the team about the state of the feature.
The general consensus was that Setup Keys is not a feature intended for user-owned devices (which mobile devices almost exclusively are) due to:
- they're not tied to User identity in any way
- they reduce security due to the above and the fact that they do not expire
- using Setup Keys on user-devices wouldn't pass even the most basic of security certifications
We are willing to revisit the decision when we gather enough valid use cases for the feature to exist. Please describe your use cases in addition to/instead of giving thumbs up/+1 on this feature request. We would expect the use cases to be generally unfit for periodical (or permanent/non-expiring) user logins.
I have so far seen/came up with those use cases to give you some idea:
- persistently streaming proprietary CCTV system results through a set of iPad devices, simply because there was no other client application available/allowed to be used for this purpose,
- managing a large fleet of devices through MDM, automatically logging them in (this requires much more than simply allowing the Setup Key to be passed through the UI),
"In Android, it is more convenient to introduce the setup-key for registration, and it is quite necessary. If security is considered, it would be a good idea to have the user confirm the phone permissions via fingerprint when connecting to NetBird."
With organization without SSO in place or that need to cope with external visitors, setup key is actually more relevant and flexible to quickly setup any user device:
- Setup key can be made to expire every day if needed
- Setup key do not grant any access to any web console of any kind
- Setup key can be turned into qr-code for quick enrollment of mobile devices
