DRS Authorization Key

This security feature has been added to DRS where additional security between the DRS application and the device is enabled using an authorization key. This additional security check will confirm that only the initial DRS instance that was used to deploy or configure the device can be used to update the configuration of the embedded client on the device.

The DRS Authorization Key is pinned to a device or group of devices when a Full Install is performed, the DRS Authorization Key is pinned to the device the first time the device is configured within the DRS application and is kept on the device and this authorization key cannot be changed. If any DRS configuration actions, such as Sync Assets, Sync Workflow Buttons or Configure and Reboot do not contain the pinned authorization key, the request will fail and failure message will be displayed in DRS.

The DRS Authorization Key is stored in the DRS database and it is uniquely generated every time a device is added into the same used DRS application. If the same device is added to another DRS instance, then the DRS Authorization Key will be different.

Note:
  • If TLS is not enabled on the device, the DRS Authorization Key pinning will not be engaged. Once the device is pinned to a given DRS instance, only that DRS instance can perform the following actions of the install and configuration options: Sync Assets, Sync Workflow Buttons, and Configure and Reboot.
  • If you go from TLS enabled to TLS disabled, the Authorization Key Pinning must be reset.
  • If want to move the control from one DRS to another DRS, the second DRS must run Full Install.
  • To reset Authorization Key pinning, DRS must run Full Install or Uninstall.