IoT

Using Internet of Things (IoT) Powered Solutions for Data Collection and Cleaner Air

Leave a Comment / Blog, IoT / By / February 13, 2023 / , ,
Photo by CHUTTERSNAP on Unsplash

We all know about the benefits of clean air for our health, lifestyles, and the planet. With emissions increasing globally, improving air monitoring capabilities is becoming even more important for environmental agencies. A part of these improvements lies in having access to data and information about air quality, as it is ultimately these insights that become useful when enacting regulations.

The Air Quality Index (AQI) is the standard for measuring air quality. It includes information about pollutants such as carbon monoxide, sulfur dioxide, nitrogen dioxide, aerosols, and ground level ozone. Air quality sensors measure the quantities of these pollutants present in a particular microclimate.

An IoT powered framework comprises multiple sensors, devices, and communication modems connected to a network. Measuring air quality can be time consuming and costly, however. And sometimes, there may be questions about how best to use the data collected. An IoT powered framework makes this process easier, provides you with a series of options that best fit your budget, and helps you reduce the manual work required. In this blog, we’ll explain how devices function in an air quality measurement system, how an IoT solution works typically, uses of the data collected, and the benefits of an IoT powered data collection system.

The data collection framework: Device capabilities

The sensors, devices, and communication modems of such a system will collect data (i.e. air pollutant quantities). You can select from a range of equipment based on your budget – from low cost, lower precision to expensive, high precision ones. Each type of device will have different capabilities:

  • Security measures – The market contains different communication modes and protocols with varying security measures, so it is important for you to understand these measures in advance.
  • Data collection methods – Some devices collect and transfer data in real time, while others perform these functions in batches. 
  • Computing functions – Some devices function as “dumb” data collectors and others can detect anomalies, sanitize, and perform automatic calibrations.
  • Power sources – Devices deployed indoors in remote locations can use power directly from an electricity grid. There are also devices that use power from solar panels to charge batteries.

The role of an IoT solution

The IoT solution will retrieve the data that your sensors, devices, and communication modems collect. Apart from data retrieval capabilities, the IoT solution will also oversee these functions:

  • Supporting different wire and application level protocols
  • Identifying degrading, rogue, or malfunctioning equipment
  • Collecting, storing, sanitizing, and enriching sensor readings, plus detecting anomalies
  • Integrating with similar weather-associated APIs and validate the data
  • Facilitating data sharing using industry standard managed API patterns
  • Calculating the AQI value and air quality category

How can I use the data collected?

We have discovered that the above question is quite a common one. The answer is that there are many applications and integrations that you can explore to create user-friendly data consumption/visibility models and even new revenue streams.

  • Develop different types of data consumption applications for different audiences. Configure the data so that it is visible on dashboards, embedded widgets, or mobile apps for user convenience.
  • Share data with different audiences – Environmental, aviation or military authorities, educational institutions, research bodies, the general public, etc. If you decide to share data in this way, you can also think about a monetization model.

Benefits of an IoT powered data collection system to determine air quality

A robust data collection system, the possession of a rich set of data, and the above mentioned application options are some of the obvious benefits. Some other ways you can benefit from an IoT powered data collection system are:

  • Cost control – As we mentioned earlier, devices have varying costs and precision levels. You can decide what types of devices that you want to use based on your budget and overall objectives for collecting the data.
  • 24/7 data availability – This is especially important to provide up-to-date AQI information to the public and other organizations; and issue alerts when required. The data will also form the cornerstone of planning air safety regulations.
  • Accessibility – You can use these devices in all environments, in urban and rural areas. It provides you with a mechanism to monitor the air quality in the more remote areas with no personnel being physically present in these areas too.

Once you have an understanding of the devices required for creating a data collection framework, your next step is to work with an IoT solutions provider and select the right technology platform. We built the Entgra IoT Platform with connectivity in mind – it provides you with the application building blocks to integrate all your devices under one platform. The platform addresses key technology needs for a data collection framework, such as extensive integration, data processing, extensible architecture, and data sharing via APIs. Find out how we can help you.

Configuring Asgardeo as an External IDP With Entgra MDM Using OIDC

Leave a Comment / Blog, IoT, MDM / By / February 13, 2023 / , , ,
Photo by Dan Nelson on Unsplash

Entgra MDM is a unified platform for developing, managing, and integrating Unified Endpoints (UEM), Enterprise Internet of Things (IoT), and Enterprise Mobility Management (EMM).

Asgardeo is an IDaaS developed by WSO2. It is a developer-friendly platform for managing user identities and accessing management seamlessly. This blog will explain the configurations that you need to do on Asgardeo and Entgra MDM. 

What is an external IDP?

In a nutshell, an external identity provider is a service that manages and stores user identities. It provides authentication and authorization services to other applications and services. Although Entgra MDM has an in-built identity server that can leverage all identity and access management (IAM) related services, it also provides flexibility to developers as they can connect with external IDPs.

Configuring Asgardeo

First, create an Asgardeo account and the rest is easy. Use the following link to sign up.

Creating an organization

The concept of organization is something similar to the term tenant of WSO2 Identity Server. Create an organization by clicking on the dropdown menu on the top-left corner of the page.

This will prompt a simple form where we have to enter the name of the organization we are trying to create. (Note: this will allow only simple alphabetic characters and does not support other numerical, special characters or capital letters.)

For the purposes of this blog, I’ve created an organization named “devorganization”. Once the organization is set, create a new  OIDC application.

Creating a new OIDC application

Click “Develop” on the top menu of the Asgardeo console and it will take you to the following page.

Then click on the “New Application” button and choose “Standard-based application”.

Give a name to the application and make sure to choose OIDC as the protocol. Check “Management application” if the application needs to access any management APIs of the organization. Finally, click on “Register” to create the application.

Inside the application settings, go to protocols and update the grant types as follows:

Add https://localhost:9443/commonauth as the Authorized redirect URL. This is the URL to which the Asgardeo will redirect after completing authentication.

Creating new custom user-attributes

When using external IDPs, although the users will be stored inside the external IDP, they might have to be provisioned inside Entgra MDM using just-in-time provisioning (JIT). Map attributes such as username, role, etc. with the local attributes. To create a new attribute, click “Manage” on the top menu and then navigate to the attributes section.

Click on “Attributes” and then proceed to “New attributes” to add a new attribute. Create a couple of attributes for username and role, namely the “asgardeo-username” and “asgardeo-role”.

After creating the attributes, it will redirect you to the configuration page of the attribute. Under this configuration, check the two configurations below and click on the update button to save the configurations.

These two configuration will enable the display of these attributes in the user profile and make them mandatory.

Configuring the scopes

Configure the scopes to map the above attributes against “openid” scope, so that these attributes will pass during JIT provisioning. Under the “Manage” section, click on “Scopes”.

Click the edit icon of the “Open ID” scope and then click the “New Attribute” button inside it to add an attribute to this scope.

Check the “Asgardeo Username” and “Asgardeo Role” attributes and click on the “Save” button

Go to the created application and edit the user attributes as follows and click “Update” to save these changes:

Creating a new user account

You must then create a new user account to test the Asgardeo authentication flow. Under the “Manager” section, click on the “Users” section to view the user management page. Click on the “Add User” button to create a new user.

Create a new user by filling out the following fields along with a temporary password.

After creating the user account, go to the user’s profile and update the attributes that were created earlier and click on the “Update” button to save the changes.

Changing the subject claim of Asgardeo to username

By default, the User ID is set as the subject claim in Asgardeo. Entgra MDM will be looking for a username under the subject claim of the ID token. Therefore, we might have to update the subject claim of Asgardeo using their management APIs. Invoke the following APIs using the CURLs provided in the given order to change the subject claim.

Generate an access token using the client credentials of the application.

curl --location --request POST 'https://api.asgardeo.io/t/<organization_name>/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=<client_id>' \
--data-urlencode 'client_secret=<client_secret>' \
--data-urlencode 'scope=internal_application_mgt_view internal_application_mgt_update'

Search for all the applications under the organization and find the application-ID of the application you have created.

curl --location --request GET 'https://api.asgardeo.io/t/<organization_name>/api/server/v1/applications' \
--header 'Authorization: Bearer <access_token>'

Retrieve the application details using the above application-ID.

curl --location --request GET 'https://api.asgardeo.io/t/<organization_name>/api/server/v1/applications/<application_id>' \
--header 'Authorization: Bearer <access_token>'

Patch the application by changing the sub-claim to asgardeo_username. Change the values of the claim mappings and requested claims, based on the response received in step 3.

curl --location --request PATCH https://api.asgardeo.io/t/<organization_name>/api/server/v1/applications/<application_id>' \
--header 'Authorization: Bearer <access_token>' \
--header 'Content-Type: application/json' \
--data-raw '{
   "claimConfiguration": {
       "dialect": "LOCAL",
       "claimMappings": [
           {
               "applicationClaim": "http://wso2.org/claims/asgardeo_username",
               "localClaim": {
                   "uri": "http://wso2.org/claims/asgardeo_username"
               }
           },
           {
               "applicationClaim": "http://wso2.org/claims/asgardeo_role",
               "localClaim": {
                   "uri": "http://wso2.org/claims/asgardeo_role"
               }
           }
       ],
       "requestedClaims": [
           {
               "claim": {
                   "uri": "http://wso2.org/claims/asgardeo_username"
               },
               "mandatory": true
           },
           {
               "claim": {
                   "uri": "http://wso2.org/claims/asgardeo_username"
               },
               "mandatory": true
           }
       ],
       "subject": {
           "claim": {
               "uri": "http://wso2.org/claims/asgardeo_username"
           },
           "includeUserDomain": false,
           "includeTenantDomain": false,
           "useMappedLocalSubject": false
       }
   }
}'

Configuring Entgra MDM

So far we have completed the Asgardeo configuration successfully. Now let’s move on to configuration of Entgra MDM.

Creating a new user role

To explore various features of Entgra’s web applications, a user might need certain permissions. You have to create a new role for that and assign a few permissions. Inside the carbon console, click on “Add” under the “Users and Roles” section and then click on “Add New Role”. Let’s create a role called “test-role” and then click “Next” to add permissions.

You can now see a permission tree with a list of permissions. Click on the “device-mgt” permission and it will choose the child permissions automatically.

Adding a new Identity Provider

Log into the carbon console of Entgra MDM via https://localhost:9443/carbon and click on “Add” under the Identity Provider sections on the left vertical menu. You will see the following page and can configure the basic configuration as shown below:

Configure the “Claim Configuration” as shown below. Here we are mapping the Asgardeo Role attribute with our internal role claim.

Configure the “Role Configuration” as shown below. We are trying to map the “Asgardeo Role” attribute value against an internal role named “Internal/devicemgt-user” that is already configured inside the product.

Configure the” Federated Authenticators” as shown below. Replace the client-id and client-secret with your Asgardeo application’s credentials.

The endpoints are as follows:

Authorization Endpoint URL: https://api.asgardeo.io/t/devorganization/oauth2/authorize
Token Endpoint URL: https://api.asgardeo.io/t/devorganization/oauth2/token
Callback URL: https://localhost:9443/commonauth
Userinfo Endpoint URL: https://api.asgardeo.io/t/devorganization/oauth2/userinfo
Logout Endpoint URL: https://api.asgardeo.io/t/devorganization/oidc/logout
Additional Query Parameters: scope=openid

Configure the Just-in-Time provisioning to “Silent provisioning”.

Configuring Service Provider

Entgra MDM comes with multiple web applications. Each of these web applications will have a service provider created inside the carbon console. To view the service providers, navigate to the Service Providers page. For this tutorial purpose, let’s try to configure Entgra’s Endpoint Management application with Asgardeo. Edit the Endpoint Management application’s service provider from the Service Providers page. If you cant see the service provider, try to log in to the endpoint management application at least once through the following URL:  https://localhost:9443/endpoint-mgt.

Under the service provider, change the Authentication type to “Federated Authentication” and chose “Asgardeo” as the identity provider.

Voila! Now, we have successfully configured an Entgra MDM application, to SSO with Asgardeo IDaaS. Now you can log in to the https://localhost:9443/endpoint-mgt application using Asgardeo.

I hope that you found this blog useful. If you have any questions, do reach out to us here.

Post-Pandemic Business Revival: Where Are We Headed?

3 Comments / Blog, IoT, MDM, Pandemic, Tech / By / January 11, 2022 / , , ,
Photo by Alec Favale on Unsplash

The effects of the COVID-19 pandemic continue to loom over us. With hopes of opening countries and returning to normalcy, we take one step forward, only to fall back two, with tightened masks. It surely will be a while before life as we once knew it can be restored.

Thrust with incertitude at all levels from economic subsistence, vocational hardship, healthcare exigencies, and the unpredictability of life in general, our core existential strategy for the last two years has primarily been inclined towards that of basic survival centered around us as individuals, our close-knit families and communities, and the associated temporal assets. The pandemic epiphany has brought about drastic changes in our lifestyles, calling us to revise our priorities with a new reality check in life. 

For business enterprises, this is bad news and has been so for the past two years. 

The Trending Story In Numbers

As with every historical industrial revolution, the effects of the pandemic will shape the economic trends for the future. Unsurprisingly, there will be an evident increase in remote working. A recent Gartner poll found that 48% of employees will likely work remotely at least part of the time after COVID-19 compared to 30% before the pandemic. Similarly, the McKinsey Global Institute estimates that more than 20% of the global workforce could work the majority of its time away from the office – and equally importantly, be just as effective. A consequent HR trend analysis by them indicates that 32% of organizations are replacing full time employees with contingent workers as a cost-saving measure. Prepped up for this, in a recent Gartner poll, 90% of HR leaders said employees would be allowed to work remotely even once COVID-19 vaccines are widely available.

As indicated by these statistics, we have embraced what worked well from the pandemic and are progressing forward retaining the lessons learned. There’s no going back now. Digitally enabled productivity gains have accelerated the Fourth Industrial Revolution powered by technology and defined by operational models that survived above the pandemic predicaments. 

Remote Working or the ability to Work From Anywhere (WFA) is clearly here to stay. So is the hybrid work model as has been discovered in a recent HR trend analysis by Gartner.

Accordingly, the most favorable operational model driving business transformations in the predictable future is that of the Hybrid Work model where employees interact with each other with a mix of distributed, co-located premises synchronously, and/or asynchronously.

Future of Hybrid Working – Gartner

Your employees are now empowered with the choice of how best productivity is accomplished – your job is to ensure they are sufficiently equipped to do so. 

Are We Ready? Fitting Device Strategy for Your Ecosystem

Managing a digital ecosystem of disparate devices on different platforms can be quite a challenge. Even more so are the conundrums involved with the smooth operation of digital systems whilst being caught unawares by the virus. It is therefore imperative that we make the most of what we have for continued existence of operations under the prevailing constraints.

In one of our recent undertakings, we set out to empower public field officers by helping them digitize their routine tasks. Whilst managing to effectively map the skill sets to devices and the appropriate technology during the project, we also analyzed and outlined how the government administrators in Sri Lanka can benefit from a centralized strategy to monitor and manage the devices deployed in the field. 

Ideally, a complete device strategy is woven around the business requirements of the enterprise, its device engagement criteria, product building, operational efficiency, scaling potential, and the extent of available technical support. Value creation from a long-term perspective and sustainability of device deployment with integration are vital aspects to be considered for a productive device strategy. 

With our varied Mobile Device Management (MDM) solutions and Internet of Things (IoT) technologies, Entgra can help you formulate the most fitting strategy for your enterprise. Our recommendations precede a comprehensive analysis of your device specifications, their functionality and configurations, defined ownership and administrative policies, pre-work device check, monitoring and their distribution,  complete with a pilot run on device deployment in the field.  As part of our assistance in managing your ecosystem, we will also help you with App development, identity and access management (IAM) and storage options. 

Resilience and Agility: The Way Forward

Resilience, in enterprise terms, is a measure of your ability to swiftly adapt to disruptions while maintaining continuous business operations and safeguarding your employees, assets, and overall brand equity. Resilient organizations are better able to respond and correct their course quickly with changes. 

Faced with the adversities introduced by the pandemic, enterprises that are actively taking measures to optimally tackle the changes are positioned with a competitive edge to be able to progressively move forward retaining most of their strength in vying to make the most of the situation. 

Building a more responsive organization in terms of infrastructure and operational flow to increase agility and flexibility with room for flexing is therefore of utmost importance. This in turn translates into facilitating seamless workflows and remote working environments against a backdrop of changing and evolving technology usage, both by organizations and individuals. 

Entgra offers you a single platform for device integration with comprehensive endpoint management capabilities where you are able to expose devices as APIs securely with identity federation for managing human and device identities. Enabling custom integrations with broad built-in capabilities, and for developing end-to-end applications, our secure, customizable platform can manage all types of devices and applications. Complete with device and endpoint data analytics for systematic decision making, our IoT platform together with our Enterprise Mobility Management (EMM) solutions will enable you to remain resilient, relevant, and flexible to respond to present and future changes.

Get in touch with us to learn more about how we can help you.

References