Device Management

DeployStack automatically tracks and manages devices across your organization to enable secure multi-device MCP configurations, enterprise governance, and seamless user experiences. Every device that accesses DeployStack is registered and managed through our comprehensive device management system.

Why Device Management Matters

Device management is essential for DeployStack's three-tier MCP configuration system and enterprise security:

🏢 Enterprise Governance

Visibility: Administrators can see which devices access which MCP servers across the organization
Compliance: Complete audit trails for regulatory requirements and security policies
Access Control: Ability to manage and revoke device access when needed
Risk Management: Identify and respond to unauthorized or compromised devices

👥 Team Collaboration

Multi-Device Workflows: Users seamlessly work across laptops, desktops, and cloud workstations
Device-Specific Configurations: Different MCP settings for different environments (development vs. production machines)
Team Visibility: Team administrators can see device usage patterns and optimize configurations

🔒 Security & Trust

Device Authentication: Each device is uniquely identified and authenticated
Hardware Fingerprinting: Secure device identification based on system characteristics
Trust Management: Mark devices as trusted or untrusted based on organizational policies
Automatic Registration: Devices are registered securely during OAuth2 login flow

How Device Registration Works

Device registration happens automatically and securely during the CLI login process:

Automatic Registration Process

User Initiates Login: User runs deploystack login command
OAuth2 Flow Begins: Standard OAuth2 authorization with PKCE security
Device Detection: Gateway automatically detects device information:
- Device name (hostname)
- Hardware fingerprint (unique identifier based on MAC addresses and system info)
- Operating system and version
- System architecture
- Node.js version for compatibility
Secure Registration: Device info is included in OAuth2 token exchange
Backend Processing: Device is registered or updated in the database
User Confirmation: User sees "📱 Device registered: [device-name]" message

Security Benefits of Integrated Registration

No Separate Endpoints: Device registration only happens during authenticated login sessions
OAuth2 Security: Leverages existing OAuth2 security with PKCE
Hardware Fingerprinting: Unique device identification without user input
Automatic Process: No manual device management required

For technical details on the OAuth2 integration, see Gateway OAuth Implementation.

Device Information Collected

DeployStack collects minimal device information necessary for identification and configuration management:

🔍 Device Identification

Device Name: User-friendly name (defaults to hostname, can be customized)
Hardware ID: Unique fingerprint based on MAC addresses and system characteristics
Hostname: System hostname for identification

💻 System Information

Operating System: Type and version (macOS, Windows, Linux)
Architecture: System architecture (x64, arm64, etc.)
Node.js Version: For compatibility tracking and troubleshooting
User Agent: CLI version and platform information

📊 Usage Metadata

Last Login: When the device was last used for authentication
Last Activity: Most recent MCP server interaction
Trust Status: Whether the device is marked as trusted
Active Status: Whether the device is currently active

Multi-Device User Experience

Users can seamlessly work across multiple devices with device-specific configurations:

Device-Specific MCP Configurations

Each device maintains its own personal MCP configuration while inheriting team settings:

Example: Filesystem MCP Server

MacBook Pro: /Users/alice/Development, /Users/alice/Projects
Work Desktop: C:\Users\alice\Projects, C:\Company\Shared
Cloud Workstation: /home/alice/workspace, /data/projects

Shared Team Settings (inherited on all devices):

Team API keys and credentials
Shared project directories
Team-wide configuration standards

Device Management Interface

Users can manage their devices through the DeployStack interface:

Your Devices

📱 MacBook Pro (Current Device)
   ├─ Last Login: 2 minutes ago
   ├─ Status: Active, Trusted
   ├─ MCP Configurations: 5 active
   └─ [Configure] [View Details]

🖥️ Work Desktop
   ├─ Last Login: Yesterday
   ├─ Status: Active, Trusted
   ├─ MCP Configurations: 3 active
   └─ [Configure] [View Details]

☁️ Cloud Workstation
   ├─ Last Login: 3 days ago
   ├─ Status: Inactive
   ├─ MCP Configurations: 2 configured
   └─ [Configure] [Reactivate]

Administrator Perspective

Enterprise Device Visibility

Administrators have comprehensive visibility into device usage across the organization:

📊 Device Analytics Dashboard

Total devices across all teams
Active vs. inactive device counts
Device types and operating systems
MCP server usage by device
Security alerts and untrusted devices

🔍 Device Search and Filtering

Search by user, team, or device name
Filter by operating system, trust status, or activity
View device-specific MCP configurations
Export device reports for compliance

Security Management

🛡️ Device Trust Management

Mark devices as trusted or untrusted
Automatically trust devices from known networks
Require manual approval for new devices
Bulk trust management for organizational devices

🚨 Security Monitoring

Detect unusual device activity patterns
Alert on new device registrations
Monitor for potential security threats
Track device access to sensitive MCP servers

⚙️ Device Policies

Set maximum devices per user
Require device naming conventions
Enforce device trust requirements
Configure automatic device cleanup policies

Team Administrator Perspective

Team Device Overview

Team administrators can monitor device usage within their teams:

👥 Team Device Dashboard

All devices used by team members
Device-specific MCP configuration usage
Team member device patterns
Device compliance with team policies

📈 Usage Analytics

Which MCP servers are used on which devices
Device-specific configuration patterns
Team productivity insights
Resource utilization by device type

Device-Aware Configuration Management

Team administrators can optimize configurations based on device usage:

💡 Configuration Insights

See how team members configure MCP servers across different devices
Identify common device-specific patterns
Optimize team configurations for different device types
Provide device-specific guidance and templates

Security & Governance

Compliance Benefits

📋 Audit Trails

Complete history of device access to MCP servers
Track configuration changes by device
Monitor team member device usage patterns
Generate compliance reports for auditors

🔐 Access Control

Revoke access for lost or stolen devices
Temporarily disable suspicious devices
Enforce device trust requirements
Control device access to sensitive MCP servers

Data Protection

🛡️ Device Security

Hardware fingerprinting prevents device spoofing
Encrypted device information storage
Secure device authentication
Protection against unauthorized device access

🔒 Privacy Controls

Minimal device information collection
User control over device naming
Secure storage of device metadata
Clear data retention policies

For platform-level device security details, see Security and Privacy.

Device Lifecycle Management

Device States

✅ Active Devices

Recently used for MCP server access
Receiving configuration updates
Included in team analytics
Full access to team MCP installations

⏸️ Inactive Devices

Not used recently (configurable threshold)
Configurations preserved but not updated
Excluded from active analytics
Can be reactivated by user login

🚫 Disabled Devices

Manually disabled by administrators
No access to MCP servers
Configurations preserved for potential reactivation
Requires administrator action to re-enable

🗑️ Removed Devices

Permanently removed from the system
All configurations deleted
Cannot be recovered
Audit trail preserved for compliance

Automatic Cleanup

⏰ Inactive Device Management

Automatically mark devices inactive after configurable period
Send notifications before marking devices inactive
Preserve configurations for potential reactivation
Clean up truly abandoned devices

🧹 Data Retention

Remove device data after extended inactivity
Preserve audit trails for compliance requirements
User notification before permanent deletion
Administrator override for important devices

Integration with MCP Configuration System

Device management is deeply integrated with DeployStack's three-tier MCP configuration system:

Device-Specific User Configurations

The user tier of the configuration system is inherently device-aware:

Template Level: Global admin defines what can be configured (device-independent)
Team Level: Team admin sets shared settings (inherited by all user devices)
User Level: Individual users configure personal settings per device

For complete details on the three-tier system, see MCP Configuration System.

Configuration Assembly by Device

When a user accesses MCP servers, configurations are assembled per device:

Final Configuration = Template + Team + User (This Device)

Template (Global): Command, package, system flags
+ Team (Shared): API keys, shared directories, team standards
+ User Device (Personal): Device-specific paths, preferences, debug settings
= Runtime Configuration for This Device

For complete understanding of device management in context:

MCP Configuration System - How device-specific configurations work within the three-tier system
MCP User Configuration - User experience for multi-device configuration
Security and Privacy - Platform-level device security implementation
Gateway OAuth Implementation - Technical details of device registration during login
Teams - Team structure and device visibility for team administrators

Device management enables DeployStack to provide secure, scalable, and user-friendly MCP server management across any number of devices while maintaining enterprise-grade governance and compliance capabilities.

On this page