Setting up Purebred derived credentials on iOS devices

After device users register their devices with MobileIron Core, they can set up DISA Purebred derived credentials for use by AppConnect apps. The device user does the following tasks:

Authenticating to the user portal with a smart card
Generating the one-time registration PIN
Installing Mobile@Work for iOS
Registering Mobile@Work for iOS
Installing the DISA Purebred Registration app
Installing the PIV-D Manager app for iOS
Getting a DISA Purebred derived credential
Installing AppConnect apps for iOS
Running AppConnect apps for iOS

Authenticating to the user portal with a smart card

A device user authenticates to the user portal with a smart card. This procedure is supported only on desktop computers. It is not supported with:

mobile devices
Firefox

Procedure 

1. Connect a smart card reader, with a smart card inserted, to a desktop computer.
2. On the desktop computer, point a supported browser to https://<Your MobileIron Core domain>.

For example: https://core.mycompany.com

3. Click Sign in with Certificate.
4. Select the certificate from the smart card.
5. When prompted, enter the PIN for the smart card.

Generating the one-time registration PIN

After signing in to the user portal, a device user generates a one-time registration PIN on the user portal.

Procedure 

1. Click Request Registration PIN.

A form called Request Registration PIN displays.

2. For Platform, select iOS.
3. Fill in the remaining required fields.
4. Click Request PIN.

A registration PIN displays along with the user name.

5. Copy the registration PIN and user name to enter later into Mobile@Work on the device.

Installing Mobile@Work for iOS

Instruct your device users to install the Mobile@Work for iOS app on their devices. Typically, device users download the app from the Apple App Store. However, if your environment provides Mobile@Work for iOS through the MobileIron Core App Catalog, instruct the device users appropriately.

Registering Mobile@Work for iOS

The device user registers Mobile@Work for iOS to MobileIron Core using the one-time registration PIN that the device user generated on the user portal.

Procedure 

1. Launch Mobile@Work on the device.
2. Enter the user name.
3. Enter the MobileIron Core address

For example: core.mycompany.com

4. Enter the one-time registration PIN generated from the user portal.
5. Tap Register.
6. Follow the Mobile@Work instructions to complete registration.

Installing the DISA Purebred Registration app

The DISA Purebred Registration app gets the Purebred derived credential and passes the credential’s certificates to the PIV-D Manager app, which in turn passes them to Mobile@Work for iOS. Make sure the app is installed on applicable devices. Instruct the device users appropriately.

Installing the PIV-D Manager app for iOS

The device user installs the PIV-D Manager app for iOS. This app gets the DISA Purebred derived credential from the DISA Purebred Registration app, and passes the derived credential’s certificates to Mobile@Work for iOS.

Procedure 

1. Launch Apps@Work on the device.
2. Tap the listing for the PIV-D Manager app.
3. Tap Install.
4. On the pop-up, tap Install.

Getting a DISA Purebred derived credential

The device user gets the DISA Purebred derived credential by using the DISA Purebred Registration app. Then the device user uses the PIV-D Manager app for iOS to import the derived credential’s certificates from the DISA Purebred Registration app. The PIV-D Manager app imports the authentication, signing, encryption, and decryption certificates, and then sends all the certificates to Mobile@Work for iOS. These certificates overwrite any existing DISA Purebred derived credential certificates that the PIV-D Manager had previously sent to Mobile@Work.

Procedure 

1. Launch the DISA Purebred Registration app.
2. Follow the app’s instructions to get a DISA Purebred derived credential.
3. Launch the PIV-D Manager app for iOS.

The app switches control to Mobile@Work, which prompts the device user to create a secure apps passcode.

4. Follow the Mobile@Work instructions to create a secure apps passcode.
5. After creating the secure apps passcode, tap Done.

Control switches back to the PIV-D Manager app.

6. Tap DISA Purebred.
7. Tap Import All.
8. Tap Browse.
9. Tap Locations.
10. Tap the Purebred option.
11. Tap the first entry.
12. Follow the instructions to import the derived credential to the PIV-D Manager app and send it to Mobile@Work.

Installing AppConnect apps for iOS

The device user installs each AppConnect app for iOS that uses derived credentials.

Procedure 

1. Launch Apps@Work for iOS on the device.
2. Tap the listing for the AppConnect app.
3. Tap Request.
4. Tap Install.

Running AppConnect apps for iOS

To run an iOS AppConnect app, including Web@Work, Docs@Work, or Email+, the device user launches the app, and then enters the secure apps passcode if prompted by [email protected] app then receives the derived credential from Mobile@Work.

NOTE: If an AppConnect app expects certificates from a derived credential but the derived credential is not available in Mobile@Work, the app becomes unauthorized. Some apps, such as Web@Work, display the unauthorized message. It says: “Missing required credentials. Please ensure you provisioned the credentials”.