XPressEntry Secure Device Management (SDM)
Secure Device Management (SDM)
Secure Device Management for Mission-Critical Access Control
XPressEntry Secure Device Management (SDM) gives security teams complete authority over their access control devices from the moment they are powered on. Designed for regulated, offline, and high-risk environments, SDM ensures every reader is trusted, locked down, and fully controlled without relying on cloud services, user accounts, or public certificate authorities.
- Secure QR-Based Provisioning – Enroll factory-reset devices in minutes using QR codes that apply Wi-Fi, certificates, and apps automatically.
- Site-Controlled Device Trust – Only approved devices can join your system, with time-limited registration sessions and administrator approval.
- True Hardware Lockdown – Lock devices into XPressEntry and disable USB, SIM, SD card, camera, and settings at the OS level.
- Works without the Cloud – Manage, update, and secure devices entirely from your on-prem XPressEntry server, even during network outages.
- Remote Control and Recovery – Reboot, wipe, reset, or reconfigure lost or misbehaving XPressEntry compatible devices instantly.
- Purpose-Built for Physical Security – Designed for shared handhelds, and critical infrastructure, not employee smartphones.
XPressEntry Secure Device Management (SDM) is Telaeris’ built-in platform for provisioning, securing, updating, and controlling XPressEntry handheld readers and mobile access control devices. Designed specifically for physical security environments, SDM gives organizations full authority over deployed devices without relying on cloud services, user accounts, or public certificate authorities providing infrastructure-grade control for access control handhelds.
SDM is built exclusively for XPressEntry. It secures and manages the handheld readers that function as trusted endpoints of your access control system, not employee mobile devices. From first power-on through daily operations and emergency response, SDM ensures every device remains trusted, locked down, and under the control of the site.
Secure QR-Based Provisioning
Factory-reset devices can be enrolled in minutes using a secure QR code that installs XPressEntry and optional KeyLink, applies Wi-Fi settings and certificates, and registers the device to a specific XPressEntry server. Devices enter a pending state until approved by an administrator, preventing unauthorized readers from joining the system. This controlled enrollment process eliminates manual configuration steps while ensuring every device is securely provisioned and tied to the correct site from first power-on.
Site-Controlled Device Trust
Each device is cryptographically bound to a specific site and XPressEntry server, establishing a trusted relationship that cannot be transferred or reused elsewhere. Time-limited registration sessions restrict when new devices may enroll, and administrator approval workflows ensure that only validated hardware becomes operational. This prevents rogue, duplicated, or improperly configured readers from participating in the access control environment and maintains clear chain-of-custody over deployed devices.
True Hardware Lockdown
SDM runs as the Android device owner, allowing XPressEntry to function as the device’s enforced secure operating environment. Administrators can force kiosk mode to prevent users from exiting the application and restrict hardware features such as USB, SIM, SD card, camera, and system settings at the OS level. By controlling both software and physical interfaces, SDM reduces attack surfaces, blocks unauthorized data extraction, and ensures handheld readers remain dedicated security infrastructure.
Remote Command and Recovery
Security teams can remotely reboot devices, reset application data, enable or disable hardware components, wipe lost or stolen units, and enforce or exit kiosk mode as operational needs change. All commands are initiated from the XPressEntry server and include status confirmation, giving administrators visibility into execution and device health. This enables rapid response to field issues while maintaining centralized control over distributed readers.
App and File Management
Push XPressEntry software updates, deploy KeyLink, and distribute configuration files or supporting assets directly to devices without user intervention. Version control ensures all readers are running approved software builds aligned with site policy. By eliminating manual update procedures, SDM reduces operational overhead and ensures compliance with cybersecurity and regulatory requirements across the deployment.
Offline and On-Prem Operation
All device management functions are delivered from the local XPressEntry server, maintaining complete site authority over provisioning, updates, and enforcement. SDM continues to operate in isolated, firewalled, or fully disconnected environments without reliance on external cloud services. This architecture supports critical infrastructure facilities where internet access is restricted or prohibited, ensuring uninterrupted device control during outages or emergency conditions.
Why SDM
XPressEntry SDM manages security devices. Access control handhelds are security infrastructure, not employee smartphones. XPressEntry Secure Device Management was designed to meet the operational, cybersecurity, and regulatory requirements of physical security teams by providing local control, private certificate support, and true OS-level device enforcement.
CONTACT US for a demo and to learn more.
