OAuth

OAuth is an open standard authorization protocol that enables applications to obtain limited access to user accounts on an HTTP service without exposing user credentials.

What to Know

OAuth enables secure, delegated access where applications can access resources on behalf of users without ever seeing or storing user passwords. Instead of sharing credentials with every application, users authenticate once with the identity provider and grant specific permissions to applications through access tokens. This reduces credential exposure risk, enables fine-grained permission control, and allows users to revoke application access without changing passwords. For MDM platforms, OAuth integration with cloud identity providers enables single sign-on, automated user provisioning, and seamless integration with enterprise authentication systems.

OAuth 2.0 (the current standard) supports various authorization flows optimized for different scenarios — web applications, mobile apps, server-to-server communication, and device authorization. Token-based authentication eliminates the need for applications to store user credentials, improving security and compliance posture. OAuth also enables centralized audit trails showing which applications access what resources, supporting security monitoring and compliance reporting.

Common Scenarios

Enterprise IT: Corporate MDM platforms integrate with Azure AD or Okta via OAuth to enable SSO for administrator console access and automate user provisioning based on directory group memberships. OAuth tokens secure API integrations between MDM and other enterprise systems (ticketing, asset management, SIEM). IT must register MDM as an OAuth client in the identity provider, configuring redirect URIs and permission scopes appropriate for MDM operations. Refresh token management and token expiration policies require attention to prevent integration failures when tokens expire.

MSP: MSPs leverage OAuth to integrate client MDM instances with each client’s identity provider, enabling MSP technicians to access multiple client accounts through federated authentication. OAuth simplifies multi-tenant management by eliminating per-client credential management and enabling standardized authentication flows across diverse client identity systems. MSPs should implement OAuth best practices including secure client secret storage, proper scope limitation, and token refresh logic in custom integrations.

Education: School districts use OAuth to integrate MDM with Google Workspace for Education or Microsoft 365 Education, automatically syncing student and staff accounts, class rosters, and organizational units. OAuth-enabled integrations allow education admins to authenticate to MDM using their existing school credentials. OAuth scopes must be carefully configured to access only necessary directory information while respecting student privacy regulations like FERPA and COPPA.

In Addigy

Addigy supports OAuth-based authentication for administrator SSO, integrating with identity providers like Okta and Azure AD to enable single sign-on for the Addigy console. Administrators authenticate through their corporate identity provider, and Addigy receives OAuth tokens that establish authenticated sessions. Addigy’s Addigy Identity feature leverages OAuth protocols for directory integration, enabling automated user provisioning and device assignment based on identity provider data.

When configuring OAuth integrations, Addigy admins provide client credentials from their identity provider and configure the appropriate permission scopes. Addigy handles OAuth token management, refresh flows, and error handling automatically. Addigy’s API can be accessed using OAuth-style authentication patterns, enabling custom integrations that follow industry-standard security practices for API access control.