Enterprise mobility management (“EMM”) systems have gained tremendous popularity. They generally enable employees to use their own personal computing devices for work purposes, allowing enterprises to save money by purchasing fewer dedicated computing devices. Enterprises gain productivity by implementing an EMM system because employees can conveniently perform work tasks from their own devices. In addition, the management features of EMM systems can prevent sensitive data from leaving work applications, which are often managed by the EMM system.
The EMM system can grant the user access to third-party applications, such as email, by logging into the third-party application on behalf of the user. For example, the user can sign into the EMM system using single sign on (“SSO”). Then, when the user attempts to open their corporate email, the EMM system can log into the email application on behalf of the user. This can allow the EMM system to control a user's access to corporate email and other third-party applications.
Another growing technology is that of digital assistants, such as SIRI, ALEXA, GOOGLE Assistant, and CORTANA. Users can speak a request, such as a question or command, to the digital assistant. The associated audio is parsed and a relevant service attempts to fulfill the request. The detected audio request can be turned into an API call to a third-party server, and the digital assistant can provide user credentials to log in and retrieve a result. For example, a user can say “ALEXA, play me a song from the Rolling Stones” and the digital assistant can contact a service, supply user credentials, and retrieve an appropriate song.
However, digital assistants have not yet been successfully integrated with enterprise applications. This is because EMM systems have not yet had a way to manage the security of digital assistants. The EMM system often does not directly control either the digital assistant or the third-party service. Instead, the EMM system needs to act as an intermediary in order to retain control over the user's access to enterprise data. Integrating digital assistants while maintaining the EMM system as an intermediary has proven problematic. Normally, a digital assistant would store the access credentials for directly accessing a third-party application. But doing so would compromise the EMM system's control over enterprise data.
Likewise, the EMM system needs some way to verify that the person using the digital assistant is actually an enrolled user of the EMM system. For example, anyone near a digital assistant associated with the user could say, “SIRI, open my email and read it.” If the digital assistant could directly access the email, it could read sensitive information to someone other than the user without appropriate control and oversight by the EMM system.
The security measures of an EMM system can also negate convenience advantages of a digital assistant. For example, if the user must log into an application each time the digital assistant tries to carry out a request, there would be little point in using a digital assistant. The main reason to do so is the convenience of just talking to the device. If each request required the user to log in, digital assistants would not be useful for accessing enterprise data in the third-party applications.
As a result, a need exists for managing access of third-party applications by digital assistants.