Shipping SSO With Device Code Flow in Digital Receptionist

Why Digital Receptionist SSO needs a different playbook

Single sign-on inside Digital Receptionist sounds straightforward until you remove the keyboard, the trusted browser, and the ability to keep operators signed in all day. Digital Receptionist runs in hundreds of unattended locations where staff rotate every shift. We needed a flow that:

• let staff authenticate without touching the Digital Receptionist credentials
• avoided storing long-lived secrets on devices that live in public spaces
• complied with enterprise identity requirements (Azure AD, Entra ID, and Okta)

That pushed us toward OAuth 2.0’s device code flow—a pattern designed for screens that can request approval but cannot enter credentials directly.

Mapping the device code flow to Digital Receptionist

Our Digital Receptionist app starts the flow by requesting a device_code + user_code from the identity provider. The screen displays a branded “Approve sign-in” prompt with a QR code and short URL. Staff scan the code, complete their company SSO on a personal or shared device, and Digital Receptionist polls for completion.

We hardened the experience in four layers:

1. Attestation & rate limiting — each Digital Receptionist unit registers with a signed device certificate. Unknown hardware never reaches the identity endpoints.
2. Polling orchestration — PM2 supervises the Digital Receptionist process while a helper service handles the device-code polling window with exponential backoff.
3. Scoped tokens — the access token only exposes Digital Receptionist APIs scoped to the tenant. Everything else (settings, analytics, billing) stays behind admin roles in our web console.
4. Ephemeral storage — refresh tokens live in an encrypted tmpfs volume on the Digital Receptionist device and auto-expire on logout, crash, or remote wipe.

Operational guardrails for the field team

Device code flow gave us the security properties we needed, but the roll-out hinged on operations:

• Zero-touch provisioning — Microsoft Intune enrols every Digital Receptionist deployment, pushes the config bundle (tenant ID, environment endpoints, certificates), and the first staff member to sign in activates the device. Intune also applies kiosk lockdown policies and guards OS updates.
• Visual diagnostics — the Digital Receptionist UI exposes a support overlay with last successful token issue, remaining validity, and a QR code to re-trigger the flow without rebooting the device.
• Remote controls — operations can revoke a Digital Receptionist session or force a token refresh from our admin dashboard; Azure AD logs stay aligned with the Digital Receptionist ID so compliance teams can audit events. Intune compliance alerts kick in if a device falls out of policy.

Intune’s device groups also let us schedule OS patches, rotate local machine credentials, and deploy hotfix bundles without physical site visits—critical when you manage hardware across multiple facilities.

What changed for our customers

• Faster shift changes — staff authenticate in under 30 seconds with no shared Digital Receptionist passwords.
• Happier security teams — identity providers remain the source of truth, and we reuse their MFA, risk signals, and conditional access policies.
• Simpler multi-tenant scaling — each organisation grants only the scopes they approved during onboarding, so adding a new building is a config change, not a code update.

Next on the roadmap: extending the same device code pattern to our mobile Digital Receptionist companion app so facility managers can unlock scheduled sessions from their phone without calling IT.