Setting up derived credentials on iOS devices
The device user does the following tasks as part of the derived credential setup process:
Authenticating to the user portal with a smart card
A device user authenticates to the user portal with a smart card. This procedure is supported only on desktop computers. It is not supported with:
Procedure
|
1.
|
Connect a smart card reader, with a smart card inserted, to a desktop computer. |
|
2.
|
On the desktop computer, point a supported browser to https://<Your MobileIron Core domain>. |
For example: https://core.mycompany.com
|
3.
|
Click Sign in with Certificate. |
|
4.
|
Select the certificate from the smart card. |
|
5.
|
When prompted, enter the PIN for the smart card. |
Generating the one-time registration PIN
After signing in to the user portal, a device user generates a one-time registration PIN on the user portal.
Procedure
|
1.
|
Click Request Registration PIN. |
A form called Request Registration PIN displays.
|
2.
|
For Platform, select iOS. |
|
3.
|
Fill in the remaining required fields. |
A registration PIN displays along with the user name.
|
5.
|
Copy the registration PIN and user name to enter later into Mobile@Work on the device. |
IMPORTANT: Do not register the device until after you request a derived credential and receive the Entrust activation password.
Installing Mobile@Work for iOS
Instruct your device users to install the Mobile@Work for iOS app on their devices. Typically, device users download the app from the Apple App Store. However, if your environment provides Mobile@Work for iOS through the MobileIron Core App Catalog, instruct the device users appropriately.
Registering Mobile@Work for iOS
The device user registers Mobile@Work for iOS to MobileIron Core using the one-time registration PIN that the device user generated on the user portal.
Procedure
|
1.
|
Launch Mobile@Work for iOS on the device. |
|
3.
|
Enter the MobileIron Core address |
For example: core.mycompany.com
|
4.
|
Enter the one-time registration PIN generated from the user portal. |
|
6.
|
Follow the Mobile@Work instructions to complete registration. |
Installing the derived credential app
The device user installs the derived credential app that obtains derived credentials from a derived credential provider. Provide the device user instructions on using the app based on documentation from the app vendor or developer.
Procedure
|
1.
|
Launch Apps@Work on the device. |
|
2.
|
Tap the listing for the derived credential app. |
|
4.
|
On the pop-up, tap Install. |
Installing AppConnect apps for iOS
The device user installs each AppConnect app for iOS that uses derived credentials.
Procedure
|
1.
|
Launch Apps@Work for iOS on the device. |
|
2.
|
Tap the listing for the AppConnect app. |
Running AppConnect apps for iOS
To run an iOS AppConnect app, including Web@Work, Docs@Work, or Email+, the device user launches the app, and then enters the secure apps passcode if prompted by [email protected] app then receives the derived credential from Mobile@Work.
|
NOTE:
|
If an AppConnect app expects certificates from a derived credential but the derived credential is not available in Mobile@Work, the app becomes unauthorized. Some apps, such as Web@Work, display the unauthorized message. It says: “Missing required credentials. Please ensure you provisioned the credentials”. |