About Identity Guardian

Identity Guardian 1.0

Overview

Zebra's Identity Guardian provides a secure login solution for both enterprise shared or personally assigned mobile computers, ensuring not only easy access to devices but also the security and privacy of user and corporate data. It leverages facial biometrics and single sign-on (SSO) compatibility for effortless and secure access to devices and applications.

In a shared device environment, user data is securely encrypted and encapsulated within a personal barcode, generated via facial recognition and can be easily discarded to erase personal data. On personally assigned devices, the user data is securely embedded within the Android framework, making it inaccessible even to the organization.

Key benefits of Identity Guardian:

  • User Data Protection - Multiple layers of protection ensure that employee data is protected, while employees have control over their data.
  • Application Authentication - Integration with identity providers (IdPs) simplifies authentication by only requiring users to log in once and then leveraging single sign-on (SSO) to streamlines the process.
  • Facial Biometrics - Users seamlessly and securely unlock their mobile device using facial biometrics.
  • Multifactor Login - For enhaanced security, users can be prompted to provide multiple authentication factors to sign into a device: facial recognition, user passcode, and/or SSO authentication
  • Accountability - Empowers administrators with comprehensive visibility into devices and their associated users.
  • Personalization - Enables organizations to customize on-device experiences that are specifically tailored to align with the roles of the users.

Main Features

Identity Guardian main features:

  • Supports user enrollment and authentication for shared and personally-assigned devices
  • Multi-factor authentication support:
    • Facial biometric authentication
    • User passcode authentication
    • SSO authentication using Microsoft Entra ID or PingID
  • Supports other apps and device events that invoke the lock screen
  • Installation and configuration can be performed through Zebra DNA Cloud
  • Device usage details and user information is visible from the Zebra DNA Cloud console

Usage Notes

  • Screen lock in Android device settings must be set to “None.” Other types of screen locks, such as swipe or pin, are not supported.
  • When using the 42Gears EMM system, apps installed via ZDNA in app update mode must be assigned as high priority.
  • While performing facial biometric authentication on a Zebra ET45, the device must not be rotated.

Known Issues

  • If Microsoft Entra ID is used as the SSO provider, Microsoft applications such as Teams, Word, etc., are not using the shared log-in session to facilitate single sign-on. Consequently, users are required to re-enter their login credentials when using these Microsoft apps.

See Also