Configuring Web@Work to use derived credentials
Applicable derived credential providers and device platforms
|
Derived credential providers |
Any for iOS Entrust for Android |
|
Device platforms |
iOS, Android |
Web@Work can use derived credentials to authenticate the device user to internal websites.
The steps for configuring derived credentials use in Web@Work are:
| 1. | Require a device password for iOS devices |
| 2. | Configure a Web@Work setting |
| • | MobileIron Web@Work for iOS Guide for Administrators for MobileIron Core and MobileIron Cloud |
| • | MobileIron Web@Work for Android Guide for Administrators for MobileIron Core and MobileIron Cloud |
Require a device password for iOS devices
A device password enables iOS data protection, which is necessary for Web@Work for iOS to encrypt browser data.
Procedure
| 1. | On the Admin Portal, go to Policies & Configs > Policies. |
| 2. | Select the security policy that applies to the devices that you want to run Web@Work for iOS. |
| 3. | Click Edit. |
| 4. | For the Password option, select Mandatory. |
| 5. | Fill in the remaining options relating to device passwords. |
| 6. | Click Save. |
| 7. | Click OK. |
| 8. | Repeat steps 2 through 6 for all security policies that apply to devices on which you want to run Web@Work for iOS. |
“Security Policies” in Getting Started with MobileIron Core.
Configure a Web@Work setting
Configure a Web@Work setting so that Web@Work uses derived credentials to authenticate to your websites.
Procedure
| 1. | On the Admin Portal, go to Policies & Configs > Configurations. |
| 2. | Select Add New > Web@Work. |
Alternatively, edit an existing Web@Work setting if you have one already.
| 3. | Enter a name for the Web@Work setting. |
| 4. | In the Custom Configurations section, add the following case-sensitive key-value pairs: |
|
Key |
Value |
||||||
|
IdCertificate_1 |
Select a client-provided certificate enrollment setting from the drop-down list. The setting must have the purpose Authentication. |
||||||
|
IdCertificate_1_host |
The URL for the website to which the certificate from the derived credential will be presented. Wildcards are permitted. For example:
|
Repeat with similar keys with different numbers for other URLs. For example:
|
Key |
Value |
|
IdCertificate_2 |
Select a client-provided certificate enrollment setting from the drop-down list. The setting must have the purpose Authentication. |
|
IdCertificate_2_host |
AnotherHost.mycompany.com |
|
IdCertificate_3 |
Select a client-provided certificate enrollment setting from the drop-down list. The setting must have the purpose Authentication. |
|
IdCertificate_3_host |
YetAnotherHost.mycompany.com |
| 5. | Click Save. |
| 6. | Select the Web@Work setting that you just created. |
| 7. | Click More Actions > Apply to Label. |
| 8. | Select the labels to which you want to apply this policy. |
| 9. | Click Apply. |
| • | “Web@Work configuration” in the MobileIron Web@Work for iOS Guide for Administrators for MobileIron Core and MobileIron Cloud |
| • | “Configuring a Web@Work configuration” in MobileIron Web@Work for Android Guide for Administrators for MobileIron Core and MobileIron Cloud |