Website authentication using client-side certificates

You can specify client certificates by configuring key-value pairs in a [email protected] setting in the Admin Portal. Two key-value pairs are needed to use this feature:

  • one key-value pair for the imported certificate
  • one key-value pair for the URL of the website to which you want to present the certificate in response to a challenge

Support of client-side certificates allows users to access internal websites that require certificate-based authentication. The certificate is pushed from Ivanti EPMM to the device and stored in [email protected] memory.


Configuring website authentication using client-side certificates

To configure website authentication using client-side certificates:

  1. Sign in to the Ivanti EPMM Admin Portal.
  2. Go to Policies & Configs > Configurations.
  3. Select the [email protected] setting that applies to the devices of interest.
  4. Click Edit.
  5. Under Custom Configurations, click Add.
  6. Add the following keys and values:


    Value Description


    The name of the Certificate Enrollment that corresponds to the certificate you want to use.

    When the KVP is configured, the certificates are delivered to [email protected] You do not need to explicitly apply certificate to the label.


    The URL for the website to which the certificate will be presented. Wildcards are permitted.

    Examples:, *

  7. Click Save. Apply this [email protected] configuration to labels that identify the devices that should receive this configuration.

[email protected] URL schemes (iOS only)

You can use the following URL schemes to make sure URLs are opened automatically in [email protected] for iOS:

  • mibrowser:// for HTTP connections
  • mibrowsers:// for HTTPS connections
  • mibrowserf:// for full-screen web clips using an HTTP connection
  • mibrowsersf:// for full-screen web clips using an HTTPS connection

For example, a web page opens automatically in [email protected] when the device user:

  • taps a link in Safari that uses one of these URL schemes.
  • taps a web clip that uses one of these URL schemes.

Because iOS otherwise automatically opens HTTP and HTTPS URLs only in Mobile Safari, the native web browser, using these URL schemes in web clips and web pages for mobile devices can improve the user experience when [email protected] is used for tunneling.

Full-screen web clips in [email protected] for iOS

Full-screen web clips allow web apps to be displayed without the browser UI components, such that their look and feel is similar to native iOS apps. [email protected] for iOS enables the same containerization features in full-screen web clips as it does for other web pages, such as copy/paste restrictions, Open In, encrypted browser data, and so on.

For more information about distributing web apps to iOS devices, see the section “Managing Mobile Apps for iOS” in the (Undefined variable: GlobalBookTitles.AAWG)