The Problem: Hundreds of Devices, Zero Visibility
The client's field team operated iPads, Android tablets, and Windows laptops across regional offices and field locations. Each device had been configured manually by the local IT contact, which meant configurations varied widely between regions. Some devices were running outdated OS versions.
Others had unauthorised applications installed. There was no central inventory, no remote management capability, and no way to enforce a security policy across the estate. When a device was lost or a staff member left, there was no reliable way to remotely wipe it.
The risk was not theoretical — it was an active compliance exposure for a company operating under pharmaceutical regulatory requirements. They had looked at commercial MDM platforms but rejected them on two grounds: per-device licensing costs at scale were significant, and they were unwilling to hand all device data to a third-party SaaS platform.
Building the IAM Layer First
Before we could manage devices, we needed a reliable identity layer. We deployed an open source Identity and Access Management system to centralise authentication across the entire device estate and internal applications. This gave us single sign-on, role-based access control, and an audit trail for every login and access event — without any proprietary vendor dependency.
All field staff were enrolled with individual identities tied to their devices, so access could be revoked immediately on departure or device loss. The IAM layer also enabled us to enforce multi-factor authentication for sensitive internal tools, which was a separate compliance requirement the client needed to address. Standing up a self-hosted IAM is not trivial — it requires careful configuration of realms, clients, and token policies — but it is a one-time investment that provides a permanent, owned identity foundation.
Field Service App: Real-Time Transparency
In parallel with the IAM deployment, we built a field service application that gave management real-time visibility into field operations. Field staff could log jobs, update task status, capture signatures, and submit reports from their devices. Management had a live dashboard showing job progress, location check-ins, and completion rates by region and by individual.
The app was built to work offline-first — field locations frequently had poor connectivity — with background sync when the device reconnected. All data was encrypted in transit and at rest. The combination of MDM for device management and the field service app for operational visibility gave the client something they had not had before: a complete picture of what their field team was doing, on what devices, in real time.
The Open Source Stack
Every component we used was open source and self-hosted on the client's own infrastructure. The MDM layer used an open source mobile device management platform. IAM used a self-hosted identity provider.
The field service app was a custom React Native build backed by a Node.js API and PostgreSQL. The monitoring and alerting layer used Prometheus and Grafana to give the IT team visibility into system health. The client owns every component.
There are no per-seat licence fees, no vendor renewal negotiations, and no risk of a platform being sunset or acquired. The total ongoing cost is infrastructure hosting — a fraction of what a comparable commercial MDM stack would cost at their device count.
Outcomes: Full Visibility, Real Compliance
Within six weeks of deployment, every device in the estate was enrolled, configured to a consistent baseline, and remotely manageable. The compliance gap that had been an audit risk was closed. Three devices were remotely wiped in the first two months following staff departures — a process that previously required the device to be physically returned.
The field service app reduced reporting lag from two days to real-time. Regional managers reported that job completion rates improved because staff could no longer mark tasks complete without submitting the required evidence through the app. The client has since extended the system to two additional regions.
Need visibility across your device estate?
We design and deploy full MDM and field service systems — open source, self-hosted, and owned by you. Free 30-minute assessment to scope your requirements.
Talk to Our Enterprise TeamFrequently Asked Questions
What open source tools did you use for the MDM system?
We used open source mobile device management software for device enrolment and policy management, a self-hosted identity provider for IAM, React Native for the field service app, and Prometheus and Grafana for monitoring. All components are self-hosted on the client's infrastructure with no per-device licensing.
Why use open source MDM instead of a commercial platform?
For organisations with large device estates and regulatory data sensitivity, open source MDM eliminates per-seat licensing costs and removes the requirement to send device inventory and usage data to a third-party SaaS provider. The trade-off is that you need a team capable of deploying and maintaining the stack — which is where we come in.
How long does a full MDM deployment take?
For an estate of 100–500 devices, a full deployment including IAM, device enrolment, and policy configuration typically takes four to eight weeks. A phased rollout starting with one region is usually faster and lower risk than attempting a full estate cutover simultaneously.