Before you configure Ivanti Standalone Sentry for AppTunnel

1. You must have installed Ivanti Standalone Sentry. See the Ivanti Standalone Sentry Installation Guide.
2. If your UEM is Ivanti Neurons for MDM, the Ivanti Standalone Sentry must be registered to your cloud instance.
3. You must have the required certificate setup in your UEM.

AppTunnel uses either an Identity certificate for device authentication and pass through or Kerberos for server authentication. The Identity certificate can be local or a trusted CA. If you are using an Identity certificate, you will upload the identity certificate in the Sentry configuration you create on your UEM. See Configuring authentication using SCEP Identity (Ivanti Neurons for MDM only).

About Ivanti Standalone Sentry for AppTunnel

Configuring Ivanti Standalone Sentry for AppTunnel

Configuring authentication using SCEP Identity (Ivanti Neurons for MDM only)

For Ivanti Neurons for MDM only, if you intend to use a SCEP identity certificate you must add the Certificate to Ivanti Neurons for MDM and create the associated App Identity Certificate configuration.

Procedure 

1. Add a local or external certificate authority in Admin > Certificate Authority.

A Connector installation is required if you are using an external certificate authority.

2. Add an App Identity Certificate Configuration. For source, select the certificate you configured in Admin > Certificate Authority. This is the SCEP identity you will use when you configure device authentication in the Standalone Sentry configuration.
3. Create an Identity Certificate setting, in Configurations > Add > Identity Certificate. For Certificate Distribution, select Dynamically Generated and for Source, select the certificate you configured in Admin > Certificate Authority. If the app configuration requires, you will reference the Identity Certificate configuration in the app’s configuration that uses an AppTunnel service or the Tunnel service.