Website authentication using client-side certificates

You can specify client certificates by configuring key-value pairs in a Web@Work setting in the Admin Portal. Two key-value pairs are needed to use this feature:

  • one key-value pair for the imported certificate
  • one key-value pair for the URL of the website to which you want to present the certificate in response to a challenge

Support of client-side certificates allows users to access internal websites that require certificate-based authentication. The certificate is pushed from Ivanti EPMM to the device and stored in Web@Work memory.

Limitations

  • Web@Work supports one certificate per host.

Configuring website authentication using client-side certificates

To configure website authentication using client-side certificates:

  1. Sign in to the Ivanti EPMM Admin Portal.
  2. Go to Policies & Configs > Configurations.
  3. Select the Web@Work setting that applies to the devices of interest.
  4. Click Edit.
  5. Under Custom Configurations, click Add.
  6. Add the following keys and values:

    Key

    Value Description

    IdCertificate_<number>

    The name of the Certificate Enrollment that corresponds to the certificate you want to use.

    When the KVP is configured, the certificates are delivered to Web@Work. You do not need to explicitly apply certificate to the label.

    IdCertificate_<number>_host

    The URL for the website to which the certificate will be presented. Wildcards are permitted.

    Examples: myhost.mycompany.com, *.mycompany.com/myfolder

  7. Click Save. Apply this Web@Work configuration to labels that identify the devices that should receive this configuration.

Ivanti Web@Work URL schemes (iOS only)

You can use the following URL schemes to make sure URLs are opened automatically in Web@Work for iOS:

  • mibrowser:// for HTTP connections
  • mibrowsers:// for HTTPS connections
  • mibrowserf:// for full-screen web clips using an HTTP connection
  • mibrowsersf:// for full-screen web clips using an HTTPS connection

For example, a web page opens automatically in Web@Work when the device user:

  • taps a link in Safari that uses one of these URL schemes.
  • taps a web clip that uses one of these URL schemes.

Because iOS otherwise automatically opens HTTP and HTTPS URLs only in Mobile Safari, the native web browser, using these URL schemes in web clips and web pages for mobile devices can improve the user experience when Web@Work is used for tunneling.

Full-screen web clips in Ivanti Web@Work for iOS

Full-screen web clips allow web apps to be displayed without the browser UI components, such that their look and feel is similar to native iOS apps. Web@Work for iOS enables the same containerization features in full-screen web clips as it does for other web pages, such as copy/paste restrictions, Open In, encrypted browser data, and so on.

For more information about distributing web apps to iOS devices, see the section “Managing Mobile Apps for iOS” in the Ivanti EPMM Apps@Work Guide