Configuring AppTunnel to use derived credentials on iOS devices
Applicable derived credential providers and device platforms
|
Derived credential providers |
Any |
|
Device platforms |
iOS |
You can configure these AppTunnel scenarios to use derived credentials on iOS devices:
| • | Configuring AppTunnel with HTTP/S tunneling to use derived credentials |
| • | Configuring the MobileIron Tunnel app to use derived credentials |
Configuring AppTunnel with HTTP/S tunneling to use derived credentials
| NOTE: | This use of derived credentials is supported only on iOS devices. |
When using AppTunnel with HTTP/S tunneling, you can use Kerberos authentication to the backend resource. In this scenario, you authenticate the iOS device to the Standalone Sentry using a certificate that identifies the user, not just the device. This identity certificate can be a derived credential.
Procedure
| 1. | Follow the instructions in the MobileIron Sentry Guide to set up Standalone Sentry for AppTunnel with HTTP/S tunneling and Kerberos authentication. |
| 2. | Follow the instructions in the MobileIron Core AppConnect and AppTunnel Guide to set up the AppConnect app to use AppTunnel. |
| 3. | In the AppTunnel Rules section in the app’s AppConnect app configuration (or Web@Work setting or Docs@Work setting), for the Identity Certificate field, select a client-provided certificate enrollment setting from the drop-down list. The setting must have the purpose Authentication. |
Configuring the MobileIron Tunnel app to use derived credentials
| NOTE: | This use of derived credentials is supported only on iOS devices. |
When using the MobileIron Tunnel app (AppTunnel with TCP tunneling) with iOS devices, you can authenticate the device user to a backend or web resource using a derived credential. This identity certificate can be a derived credential.
Procedure
| 1. | Follow the instructions in the MobileIron Tunnel for iOS Guide for Administrators for MobileIron Core and MobileIron Cloud to set up TCP tunneling for the AppConnect app. |
| 2. | For Web@Work, in the Web@Work setting, set up the key-value pairs for certificate authentication. |
See Configuring Web@Work to use derived credentials.
| 3. | For Docs@Work, in the Docs@Work setting, set up the key-value pairs for certificate authentication. |
See Configuring Docs@Work to use derived credentials.
| 4. | For a third-party or in-house AppConnect app, in the AppConnect app configuration, set up the key-value pairs for certificate authentication. |