Device User Experience with Intercede on Android devices
The Android device user does the following tasks as part of the derived credential setup process for Intercede:
|
NOTE:
|
Any management of Intercede derived credentials, such as viewing, deleting, or replacing, is provided by the Intercede derived credential app. |
Authenticating to the user portal with a smart card
A device user authenticates to the user portal with a smart card. This procedure is supported only on desktop computers. It is not supported with:
Procedure
|
1.
|
Connect a smart card reader, with a smart card inserted, to a desktop computer. |
|
2.
|
On the desktop computer, point a supported browser to https://<Your MobileIron Core domain>. |
For example: https://core.mycompany.com
|
3.
|
Click Sign in with Certificate. |
|
4.
|
Select the certificate from the smart card. |
|
5.
|
When prompted, enter the PIN for the smart card. |
Generating the one-time registration PIN
After signing in to the user portal, a device user generates a one-time registration PIN on the user portal.
Procedure
|
1.
|
Click Request Registration PIN. |
A form called Request Registration PIN displays.
|
2.
|
For Platform, select Android. |
|
3.
|
Fill in the remaining required fields. |
A registration PIN displays along with the user name.
|
5.
|
Copy the registration PIN and user name to enter later into Mobile@Work on the device. |
Installing Mobile@Work for Android
Instruct your device users to install the Mobile@Work for Android app on their devices. Device users download the app from the Google Play.
Registering Mobile@Work for Android and installing Android AppConnect apps
The device user registers Mobile@Work for Android to MobileIron Core using the one-time registration PIN that the device user generated on the user portal.
The registration process concludes with:
|
•
|
Installing the Secure Apps Manager, the derived credential app, and any other mandatory AppConnect apps that you have assigned to this device. |
Because these apps are specified as mandatory apps in the MobileIron Core App Catalog, they are all installed.
|
•
|
Creating the secure apps passcode. |
Procedure
|
1.
|
Launch Mobile@Work on the device. |
|
2.
|
Enter your email address or tap Or register with server URL to enter the MobileIron Core address, such as core.mycompany.com. |
|
4.
|
If prompted, accept the certificate. |
|
5.
|
Tap Continue on the screen about privacy. |
|
6.
|
Enter the one-time registration PIN generated from the user portal. |
|
8.
|
Follow the Mobile@Work instructions to complete its setup, leading you to the screen for setting up the Secure Apps Manager. |
|
10.
|
Tap Begin to install the Secure Apps Manager, the derived credential app, and any other mandatory AppConnect apps that you have assigned to this device. |
|
11.
|
Follow the instructions to install the apps. |
After the installations complete, the Passcode Setup screen displays.
|
12.
|
Enter a new secure apps passcode. |
|
13.
|
Enter the secure apps passcode again. |
Getting the Intercede derived credential
The device user launches the Intercede derived credential app, and then enters the secure apps passcode if prompted by the Secure Apps Manager. The device user then follows the Intercede instructions for using the Intercede derived credential app.
Running AppConnect apps for Android
To run an Android AppConnect app, the device user launches the app, and then enters the secure apps passcode if prompted by the Secure Apps Manager. The Secure Apps Manager interacts with the derived credential app to obtain the derived credential. The device user experience depends on the implementation of the derived credential app.
|
NOTE:
|
If an AppConnect app expects certificates from a derived credential but the derived credential is not available in the Secure Apps Manager, the app becomes unauthorized. |