Skip to main content

Device Login

Passwordless authentication via device identifier. Allows users to log in by presenting a registered device.

Overview

Device Login enables passwordless authentication for scenarios where users access DMS from shared or dedicated devices. Instead of entering credentials, users authenticate by presenting a registered device (identified by serial number, asset tag, or other identifier).

Important: Standard web browsers cannot access device serial numbers or hardware identifiers. Device Login requires either a custom app or MDM (Mobile Device Management) deployment to inject the device identifier into the URL.

Deployment Methods

Custom App with Embedded Browser

A native app can read the device serial number and construct the login URL dynamically. For example, the Event Sync app uses a custom browser implementation that automatically includes the device serial in all DMS requests.

MDM with Token Substitution

MDM platforms like SimpleMDM can create webclip apps with variable substitution. The MDM replaces placeholder tokens (like {{device_serial}}) with actual device values when deploying the webclip to each device.

Example SimpleMDM webclip URL:

https://your-org.dms.com/device-login?device_id={{serial_number}}&service_token=YOUR_TOKEN

Use Cases

  • Event check-in stations using Event Sync app
  • Managed iPad kiosks deployed via SimpleMDM or similar MDM
  • Training tablets with MDM-deployed webclips
  • Any managed device deployment where frictionless login is needed

Enabling Device Login

  1. Go to Settings > Feature Modules
  2. Find Device Login in the module list
  3. Toggle the module to Enabled
  4. Configure the required settings (see below)

Configuration

Device Identifier Field

Select which user attribute field stores the device identifier. This field links users to their assigned devices.

Setup:

  1. First, create a custom text field in Settings > Custom Fields
  2. Return to Feature Modules > Device Login
  3. Select your custom field from the Device Identifier Field dropdown
  4. Click Save

Example field names:

  • device_serial_number
  • assigned_device
  • kiosk_id

Device Assignment

Assign devices to users by scanning a barcode or entering the identifier manually.

To assign a device:

  1. Click Assign Device
  2. Scan the device barcode, or enter the identifier manually
  3. Select the user to assign to this device
  4. Confirm the assignment

The device identifier is stored in the user's custom field, enabling passwordless login from that device.

Service Token

The service token authenticates device login requests. It proves the request is coming from an authorized integration.

Token management:

  • View: The current token is displayed (partially masked for security)
  • Regenerate: Click Regenerate to create a new token (invalidates the old one)
  • Remove Token: Click Remove Token to disable device-based authentication

Security note: Treat the service token like a password. Store it securely and don't expose it in client-side code.

Integration

URL Format

/device-login?device_id=DEVICE_ID&service_token=TOKEN&redirect=CONTENT_UUID
ParameterRequiredDescription
device_idYesThe device identifier (e.g., serial number)
service_tokenYesYour organization's service token
redirectNoContent UUID to open after login

Authentication Flow

  1. Device navigates to the device login URL with credentials
  2. /device-login authenticates the device against the service token
  3. On success, an auth token is stored and the user is redirected to /index.html
  4. If redirect parameter is provided:
    • The dashboard detects the content parameter
    • The URL is cleared (so refresh doesn't re-trigger)
    • The specified content opens automatically

Example URLs

Basic login (redirect to dashboard):

https://your-org.dms.com/device-login?device_id=SN123456&service_token=382ed140...215a

Login with content redirect:

https://your-org.dms.com/device-login?device_id=SN123456&service_token=382ed140...215a&redirect=a1b2c3d4-e5f6-7890-abcd-ef1234567890

MDM Kiosk Setup

For dedicated kiosk devices managed via MDM:

  1. Create a webclip or managed app configuration in your MDM
  2. Use token substitution to inject the device serial number (e.g., {{serial_number}})
  3. Optionally include a redirect parameter to open specific content on login
  4. Enable single-app mode or kiosk restrictions to lock the device to DMS

Example MDM webclip URL with token substitution:

https://your-org.dms.com/device-login?device_id={{serial_number}}&service_token=YOUR_TOKEN

The exact substitution syntax varies by MDM platform. Consult your MDM documentation for the correct variable format.

Security Considerations

Token Security

  • Store the service token securely on the device or in your deployment configuration
  • Try not to expose the token in user-visible URLs
  • Regenerate the token immediately if it may have been compromised
  • Consider using different tokens for different deployment events

Device Management

  • Regularly audit device assignments
  • Remove assignments for decommissioned devices
  • Use descriptive device identifiers for easy tracking
  • Document which devices are assigned to which locations

Network Security

  • Monitor login patterns for anomalies

Troubleshooting

Login Fails

"Invalid device identifier":

  • Verify the device_id matches a user's device identifier field exactly
  • Check that the correct custom field is selected in module settings
  • Ensure the user has been assigned to this device

"Invalid service token":

  • Verify the service_token is correct and complete
  • Check if the token was recently regenerated
  • Ensure there are no extra spaces or characters in the URL

"Module not enabled":

  • Go to Feature Modules and enable Device Login
  • Verify the toggle is in the enabled position

Redirect Not Working

  • Verify the redirect parameter contains a valid content UUID
  • Check that the content exists and is accessible to the user
  • Check content visibility rules and scheduling dates
  • Ensure the UUID format is correct (8-4-4-4-12 format)

Barcode Scanner Issues

  • Scanning works on most major browsers, and requires permission to access the device camera
  • Check that the barcode contains the correct device identifier