Setting up derived credentials on iOS devices

The device user does the following tasks as part of the derived credential setup process:

Authenticating to the user portal with a smart card
Generating the one-time registration PIN
Installing Mobile@Work for iOS
Registering Mobile@Work for iOS
Installing the derived credential app
Installing AppConnect apps for iOS
Running AppConnect apps for iOS

Authenticating to the user portal with a smart card

A device user authenticates to the user portal with a smart card. This procedure is supported only on desktop computers. It is not supported with:

mobile devices
Firefox

Procedure 

1. Connect a smart card reader, with a smart card inserted, to a desktop computer.
2. On the desktop computer, point a supported browser to https://<Your MobileIron Core domain>.

For example: https://core.mycompany.com

3. Click Sign in with Certificate.
4. Select the certificate from the smart card.
5. When prompted, enter the PIN for the smart card.

Generating the one-time registration PIN

After signing in to the user portal, a device user generates a one-time registration PIN on the user portal.

Procedure 

1. Click Request Registration PIN.

A form called Request Registration PIN displays.

2. For Platform, select iOS.
3. Fill in the remaining required fields.
4. Click Request PIN.

A registration PIN displays along with the user name.

5. Copy the registration PIN and user name to enter later into Mobile@Work on the device.

IMPORTANT: Do not register the device until after you request a derived credential and receive the Entrust activation password.

Installing Mobile@Work for iOS

Instruct your device users to install the Mobile@Work for iOS app on their devices. Typically, device users download the app from the Apple App Store. However, if your environment provides Mobile@Work for iOS through the MobileIron Core App Catalog, instruct the device users appropriately.

Registering Mobile@Work for iOS

The device user registers Mobile@Work for iOS to MobileIron Core using the one-time registration PIN that the device user generated on the user portal.

Procedure 

1. Launch Mobile@Work for iOS on the device.
2. Enter the user name.
3. Enter the MobileIron Core address

For example: core.mycompany.com

4. Enter the one-time registration PIN generated from the user portal.
5. Tap Register.
6. Follow the Mobile@Work instructions to complete registration.

Installing the derived credential app

The device user installs the derived credential app that obtains derived credentials from a derived credential provider. Provide the device user instructions on using the app based on documentation from the app vendor or developer.

Procedure 

1. Launch Apps@Work on the device.
2. Tap the listing for the derived credential app.
3. Tap Install.
4. On the pop-up, tap Install.

Installing AppConnect apps for iOS

The device user installs each AppConnect app for iOS that uses derived credentials.

Procedure 

1. Launch Apps@Work for iOS on the device.
2. Tap the listing for the AppConnect app.
3. Tap Request.
4. Tap Install.

Running AppConnect apps for iOS

To run an iOS AppConnect app, including Web@Work, Docs@Work, or Email+, the device user launches the app, and then enters the secure apps passcode if prompted by [email protected] app then receives the derived credential from Mobile@Work.

NOTE: If an AppConnect app expects certificates from a derived credential but the derived credential is not available in Mobile@Work, the app becomes unauthorized. Some apps, such as Web@Work, display the unauthorized message. It says: “Missing required credentials. Please ensure you provisioned the credentials”.