View federated pairs

You can view the list of configured federated pairs in the MobileIron Access administration portal in Profile > Federated Pairs.

•

Information and metadata for a SP and IdP pair

•

Assigning a policy to a federated pair

•

Editing a federated pair

•

Deleting a federated pair

Information and metadata for a SP and IdP pair

For information and metadata for a federated pair, expand the row for the federated pair or click on the icons under Actions.

Figure 1. Federated pairs details

Table 1. Federated pairs details

Item

Description

Name

Name you entered for the federated pair.

Policy

Name of the conditional policy applied to the federated pair.

For an Office 365 federated pair, the Passive Policy name is displayed.

Certificate SSO

Indicates whether certificate-based single sign-on is configured for the pair.

Access SP Metadata

(Upload to IdP)

MobileIron Access generates proxy metadata by combining the service provider metadata and the signing certificate. You upload the Access (SP) metadata to the IdP.

•

Click Download to download the MobileIron Access proxy metadata for the SP.

•

Click View to view the MobileIron Access proxy metadata for the SP.

•

Click Copy URL to copy the proxy metadata and upload to IdP.

Access IDP Metadata

(Upload to SP)

MobileIron Access generates proxy metadata by combining the IdP metadata and the signing certificate. You upload the Access (IdP) proxy metadata to the cloud service provider.

•

Click the Download to download the MobileIron Access proxy metadata for the IdP.

•

Click the View to view the MobileIron Access proxy metadata for the IdP.

•

Click Copy URL to copy the proxy metadata and upload to SP.

Actions

Assign policy icon

Click to assign a conditional policy.

For an Office 365 federated pair, you can choose a passive policy or an active logon policy.

Edit icon

Click to edit the settings for the federated pair.

Vertical three dots

Click for additional actions available for the federated pair:

•

Delete: Click to delete the federated pair

•

View SP Metadata: Click to view the metadata you uploaded for the cloud service provider (SP) .

•

View IDP Metadata: Click to view the metadata you uploaded for the identity provider (IdP).

•

Download PowerShell Commands for ADFS: Click to download the PowerShell script to run the commands.

•

Download PowerShell Commands for Office 365: Click to download the PowerShell script to run the commands.

Assigning a policy to a federated pair

If a policy is not applied to a federated pair, the default policy is applied.

NOTE:

During the initial setup, MobileIron recommends that you do not make changes to the default policy.

Procedure

In the MobileIron Access administration portal, go to Profile > Federated Pairs.

For the federated pair, click

In the Assign Policy dialog, from the Policy drop down list select a policy.

Click Assign.

Click Publish.

If you do not Publish the changes, the updates are not applied.

Editing a federated pair

If you make changes to a federated pair, change the metadata file, or the signing certificate, you must upload an updated proxy metadata file to the service provider and the IdP.

Procedure

In the MobileIron Access administration portal, go to Profile > Federated Pairs.

For the federated pair, click Actions > Edit.

After editing, click Publish.

If you do not Publish the changes, the updates are not applied.

Deleting a federated pair

The following provides the steps for deleting a federated pair.

Procedure

In the MobileIron Access administration portal, go to Profile > Federated Pairs.

For the federated pair, click Actions > Delete.

In the pop-up box, click Delete.

After deleting, click Publish.

If you do not Publish the changes, the updates are not applied.

NOTE:

Delete, removes the Federated pair from Access. However, to also remove Access from the federated login path to the service provider, you must establish or restore the direct federation between your service provider and identity provider.