Configuring Web@Work to use derived credentials

 

Applicable derived credential providers and device platforms

Derived credential providers

Any for iOS

Entrust and Intercede for Android

Device platforms

iOS, Android

 

Web@Work can use derived credentials to authenticate the device user to internal websites.

The steps for configuring derived credentials use in Web@Work are:

  1. Require a device password for iOS devices

  2. Configure a Web@Work setting

Related topics 

  • Web@Work for iOS Guide

  • Web@Work for Android Guide

Require a device password for iOS devices

A device password enables iOS data protection, which is necessary for Web@Work for iOS to encrypt browser data.

Procedure 

  1. On the Admin Portal, go to Policies & Configs > Policies.

  2. Select the security policy that applies to the devices that you want to run Web@Work for iOS.

  3. Click Edit.

  4. For the Password option, select Mandatory.

  5. Fill in the remaining options relating to device passwords.

  6. Click Save.

  7. Click OK.

  8. Repeat steps 2 through 6 for all security policies that apply to devices on which you want to run Web@Work for iOS.

Related topics 

“Security Policies” in Core System Manager Guide.

Configure a Web@Work setting

Configure a Web@Work setting so that Web@Work uses derived credentials to authenticate to your websites.

Procedure 

  1. On the Admin Portal, go to Policies & Configs > Configurations.

  2. Select Add New > Web@Work.

    Alternatively, edit an existing Web@Work setting if you have one already.

  3. Enter a name for the Web@Work setting.

  4. In the Custom Configurations section, add the following case-sensitive key-value pairs:

    Key

    Value

    IdCertificate_1

    Select a client-provided certificate enrollment setting from the drop-down list. The setting must have the purpose Authentication.

    IdCertificate_1_host

    The URL for the website to which the certificate from the derived credential will be presented. Wildcards are permitted.

    For example:

    • myhost.mycompany.com

    • *.mycompany.com/myfolder

  5. Repeat with similar keys with different numbers for other URLs. For example:

    Key

    Value

    IdCertificate_2

    Select a client-provided certificate enrollment setting from the drop-down list. The setting must have the purpose Authentication.

    IdCertificate_2_host

    AnotherHost.mycompany.com

    IdCertificate_3

    Select a client-provided certificate enrollment setting from the drop-down list. The setting must have the purpose Authentication.

    IdCertificate_3_host

    YetAnotherHost.mycompany.com
  6. Click Save.
  7. Select the Web@Work setting that you just created.
  8. Click More Actions > Apply to Label.
  9. Select the labels to which you want to apply this policy.
  10. Click Apply.

Related topics 

  • “Web@Work configuration” in theWeb@Work for iOS Guide

  • “Configuring a Web@Work configuration” in Web@Work for Android Guide