add device identity video (#3304)

2025-05-01 03:16:31 +02:00 · 2022-04-29 10:20:46 -05:00 · 2022-04-29 10:20:46 -05:00 · eda30cbf86
commit eda30cbf86
parent 464ccdf767
3 changed files with 8 additions and 0 deletions
--- a/docs/docs/topics/device-identity.md
+++ b/docs/docs/topics/device-identity.md
@ -55,6 +55,8 @@ The nature of cross-platform keys mean they are not associated with a single end

 Pomerium supports policies that use device identity since version [0.16.0](/docs/upgrading.md#policy-for-device-identity). We use the [Web Authentication][webauthn-api] (**WebAuthN**) API to bring authentication and authorization based on device identity into your security framework. Pomerium's device identity support enables users to register their devices, and administrators to enforce access to applications and services to a particular set of trusted devices.

+<iframe width="800" height="500" src="https://www.youtube.com/embed/aJzgnaXEpLo?rel=0" frameborder="0" allow="accelerometer; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen />
+
 To get started, review the following pages:

 - [Pomerium Policy Language](/docs/topics/ppl.md) to learn how to build policies that use device ID.
--- a/docs/guides/admin-enroll-device.md
+++ b/docs/guides/admin-enroll-device.md
@ -14,6 +14,9 @@ description: >-

 If a Pomerium route is configured to [require device authentication](/docs/topics/ppl.md#device-matcher), then the user must register a [trusted execution environment](/docs/topics/device-identity.md#authenticated-device-types) (**TEE**) device before accessing the route. In Enterprise environments, policies can require that devices be approved in the Pomerium Enterprise Console.

+
+<iframe width="800" height="500" src="https://www.youtube.com/embed/aJzgnaXEpLo?rel=0" frameborder="0" allow="accelerometer; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen />
+
 To make the management of approved devices easier, the Enterprise Console lets administrators create registration links that will allow users to register devices as pre-approved, following the [**TOFU**](https://en.wikipedia.org/wiki/Trust_on_first_use) authentication scheme.

 This guide instructs Pomerium Enterprise admins on how to create user-specific enrollment links.
--- a/docs/guides/enroll-device.md
+++ b/docs/guides/enroll-device.md
@ -14,6 +14,9 @@ description: >-

 If a Pomerium route is configured to [require device authentication](/docs/topics/ppl.md#device-matcher), then the user must register a [trusted execution environment](/docs/topics/device-identity.md#authenticated-device-types) (**TEE**) device before accessing the route. Registration is easy, but different depending on the device being used to provide ID.

+
+<iframe width="800" height="500" src="https://www.youtube.com/embed/aJzgnaXEpLo?rel=0" frameborder="0" allow="accelerometer; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen />
+
 This guide covers enrollment of a device by a user. This is available for both open-source Pomerium and [Pomerium Enterprise](/enterprise/readme.md) installations. However, Enterprise users may also receive registration links [generated by their administrators](/guides/admin-enroll-device.md), which will mark the newly enrolled device as approved in the Pomerium Enterprise Console.

 1. Users are prompted to register a new device when accessing a route that requires device authentication: