An Authenticator Only deployment requires an Ivanti Access deployment with UEM, as well as additional configurations for Zero Sign-on in Ivanti Access and in the UEM. The configurations for Authenticator Only are done in UEM. The following steps provide an overview of the configuration steps for deploying Authenticator Only and pointers to the relevant content in the Ivanti Neurons for MDM Guide.
Before you begin
Ensure that you have an Ivanti Access deployment with UEM.
See Overview of configuration with Ivanti Neurons for MDM.
Ensure that Zero Sign-on is configured.
See "Zero Sign-on" in the Ivanti Access Guide.
Procedure: Overview of steps
Create a user group to deploy Authenticator Only and manually add users to the group.
See "Creating a manually managed user group" in the Ivanti Neurons for MDM Guide.
Create a dynamically managed device group with the rule "user group," which equals to the user group created for Authenticator Only.
See "Adding a device group" in the Ivanti Neurons for MDM Guide.
If devices had been previously enrolled in an Ivanti Neurons for MDM tenant, users will not be able to register with the same Ivanti Neurons for MDM tenant using Authenticator Only. Delete the devices from the Ivanti Neurons for MDM tenant, then register again with the same Ivanti Neurons for MDM tenant using Authenticator Only.
- Create an Authenticator Only configuration and assign it to the dynamically managed device group created for Authenticator Only.
See Adding an Authenticator Only configuration on Ivanti Neurons for MDM.
Sync with Ivanti Access.
- Download and register Go.
If Always require client registration is enabled in Users > User Settings > Device Registration Setting in Ivanti Neurons for MDM, users automatically get emails for registering their device using Go. Device users download Go to their device directly from the Apple App Store or from Google Play Store.
See What users see for Authenticator Only for information about how device users can register their devices to your Ivanti Neurons for MDM instance.
Create an Authenticator Only configuration on Ivanti Neurons for MDM.
Before you begin
You can create the Authenticator Only configuration only if a SaaS Sign on configuration is available. Therefore, verify that a SaaS Sign on configuration has been created. The SaaS Sign on configuration is created for a Zero Sign-on deployment. See "Zero Sign-on" in the Ivanti Access Guide.
In Ivanti Neurons for MDM, go to Configurations > + Add > Authenticator Only.
Figure 1. Authenticatory only configuration
- In the Name field, enter a name for the configuration.
- (Optional) Expand + Add Description, to add a description for the configuration.
For SaaS Sign-On config, select a SaaS sign on configuration.
The selected SaaS Sign-On configuration is pushed to the device. Ivanti Access uses the SaaS sign-on configuration to authenticate the device.
- Click Next.
Verify that the the check box for Enable this configuration is selected.
The option is selected by default.
- Select the distribution group created for Authenticator Only.
The configuration is distributed to the devices in the selected option.
- Click Done.
Sync with Ivanti Access to pull the UEM configurations.
- In Ivanti Access, navigate to the UEM tab.
- Select the Ivanti Neurons for MDM UEM and click the Sync UEM icon.
- Enter the UEM administrator credentials and click Verify.
- Click Done.