Configuring Zero Sign-on in MobileIron Core
Create a Zero Sign-on configuration in MobileIron Core and sync with MobileIron Access.
Before you begin
You have set up Access with MobileIron Core. See Overview of configuration with MobileIron Core.
Procedure: Overview of steps
- Creating a Zero Sign-on policy in MobileIron Core
- Syncing the Zero Sign-on policy with MobileIron Access
Creating a Zero Sign-on policy in MobileIron Core
In MobileIron Core, create a Zero Sign-on policy.
Before you begin
Ensure that you have configured Zero Sign-on in Access.
Procedure
- In MobileIron Core, go to Policies & Configs > Policies > Add New > SaaS Sign-on.
- In the Name field, enter a name for the configuration.
- For Status, select Active.
Active is default status. - (Optional) Add a description for the policy.
- For Identity Certificate, select the certificate enrollment setting you created for Tunnel.
The Tunnel certificate is the same certificate you used to set up mobile app single sign-on in Access. - Turn on the Enable FIDOtoggle switch to enable FIDO authentication.
- Click Save.
- Apply the policy to a label.
- Select the SaaS sign-on policy.
- Click Actions > Apply To Label.
- Select the labels to apply and click Apply.
- For more information about configuring mobile app single sign-on (SSO):
- For a federated pair, see Configuring Mobile App Single Sign-on (SSO).
- For delegated IdP, see Configuring Access as the delegated IdP .
Syncing the Zero Sign-on policy with MobileIron Access
Sync with MobileIron Access to pull the Zero Sign-on configuration from the UEM.
Procedure
- In MobileIron Access, navigate to the UEM tab.
- Select the Core UEM and click the Sync UEM icon.
- Enter the credentials and click Verify.
- Click Done.