End User Portal

End User Portal

The End-User Portal allows end-users to learn more about Kolide and their currently registered devices. It also serves as the web interface where end-users can read and resolve issues associated with their devices.

Access & Authentication

Unlike the Kolide Management UI, which is only accessible to Kolide administrators, the End User Portal can be accessed by all end-users listed in the People section of Kolide.

The End User Portal can be accessed by end-users in several ways, including:

Kolide leverages existing authentication sessions and trust relationships to avoid asking the user to authenticate. However, when direct authentication is needed (e.g., when browsing to the portal directly), Kolide will request the user to sign in via Okta.

My Devices

The End-User Portal provides a summary of your registered devices and their current status.

If you are on a currently registered device, it will be highlighted separately at the top above any other registered devices.

From this screen, you can perform the following actions:

Unregistering a Device

As an end-user, unregistering a Device is desirable when you know a device should no longer be used for authentication. By unregistering it, it can no longer be used by you and others to sign in to apps protected by Kolide Device Trust.

Note:
You can learn more about removing device registrations and the associated side effects by reading Devices / Device Registration.

To unregister a device, click on the ellipsis menu next to the desired Device and select Unregister Device….

Important:
For security reasons, unlike when an administrator removes a device, a user who unregisters their sole registered device will NOT have their Trust on First Use status reset. This means any future devices that attempt to register will still require approval by a Kolide administrator.

Requesting a Device Data Download

The End User Portal allows end-users to request a copy of the latest data Kolide has collected about any devices that are currently registered to them. Data exports contain the raw data associated with Check Runs and Device Properties.

To request a Device Data Download, click on the ellipsis menu next to the desired device and select Request Device Data Download.

Typically, exports only take a few minutes to generate, and the UI will automatically update when the data export is ready. You will also receive an email when it’s ready for download.

Note:
Device Data Downloads are only kept on our servers for 24 hours. You can remove them manually beforehand by clicking the Delete action.

Immediately after requesting the data download, you’ll see a card that looks like this. Click Cancel to stop the export in progress.

Once the download is ready, the card will update to look like this.

Once the export is ready, click Download to obtain the data in a zip file.

Privacy Center

The Privacy Center allows administrators and end-users to view answers to the most common privacy and data-collection questions they have about the service.

Philosophy

Most endpoint security companies leave it to the administrators to address questions that end-users may have about the agent installed on their device(s).

Kolide enables our customers to practice Honest Security, a philosophy that believes end-users are best served when they can independently answer questions they have about the data collection capabilities of the Kolide agent.

Note:

The Kolide Privacy Center is an essential component of maintaining compliance with the EU’s GDPR, the UK’s Data Protection Act, and the California Consumer Privacy Act.

If you have a special situation that makes using the Privacy Center untenable for your organization, please contact support to see if you qualify to have it disabled.

Administrators

The Privacy Center provides end-users with a list of Kolide administrators who have access to the data Kolide collects.

Device Properties

Kolide provides an exhaustive list of the additional data collected when a device is enrolled.

For more information about an item, click the link to be taken to a detailed page explaining what that item is, the security/IT rationale for collecting it, and even potential privacy considerations.

Checks

The Privacy Center provides an exhaustive list of the Checks that Kolide administrators have enabled within the solution.

For more information about a Check, click the link, and you will be taken to a detailed page explaining the purpose of the check, example data, and any potential privacy considerations.

Scheduled Queries

If your organization utilizes either Continuous Live Queries or Log Pipeline Query Packs, the Privacy Center will provide end-users with a comprehensive list of all queries running on their assigned devices and a list of queries that may be run on devices they enroll in the future.

Like the Device Properties and Checks sections, end-users can click on a query to view additional details.

Audit Log

Similar to the Kolide audit log, the Privacy Center offers end-user insights into notable changes associated with their registered devices, or if Kolide administrators run a Live Query on their device. This information is viewable in the UI (in the upper-right corner of the Privacy Center) and exportable via CSV using the provided link.

Kolide records several events that are included in this subset of the Audit Log:

  • When a device is registered
  • When a device is unregistered
  • When a device is removed from Kolide
  • When a Kolide administrator runs a live query targeting a device registered to the end-user (including the query and the results returned to the administrator)

Certain events (like the Live Query) contain additional information as shown in the screenshot below:

When the actor performing the auditable action is an API key, the end-user can hover over the key name to find the primary contact associated with the API key and view the documented rationale entered by the key creator for how the API key is being used.

Customizing The Privacy Center

Note:
Only admins with “Full Access” can create a custom resource section in the Privacy Center.

In some cases, Kolide administrators may wish to add additional information to the Privacy Center. Just follow these steps:

  1. Click your avatar in the upper-right corner of the app.
  2. Click Settings.
  3. Select Privacy Center in the left sidebar menu.
  4. Tick the checkbox labeled Show Custom Resources Section in Privacy Center.
  5. Enter the title and text in the form below.
  6. Preview your changes by clicking Preview Changes until you are satisfied with the result.
  7. Click Save (this action will be logged in the audit log).

The customization supports markdown. Text, links, and any other markdown formatted content can be displayed at the top of the Privacy Center for all end-users.