Configuring certificate authentication to the MobileIron Cloud Self-Service Portal
Applicable derived credential providers and device platforms
|
Derived credential providers |
Required for Entrust, typical for all others |
|
Device platforms |
iOS, Android |
Device users use the MobileIron Cloud Self-Service Portal to get a one-time registration PIN (and for Entrust, to request an Entrust derived credential.) The device users authenticate to the MobileIron Cloud Self-Service Portal with the identity certificate on their smart cards.
Before you begin
| • | To allow device users to authenticate to the MobileIron Cloud Self-Service Portal with the identity certificate on their smart cards, you need a PEM-formatted file that you upload to MobileIron Cloud. The file contains either a valid issuing (CA) certificate or a valid supporting certificate chain. When a user signs in to the MobileIron Cloud Self-Service Portal, they provide an identity certificate from a smart card. The user identity in the identity certificate must contain the User Principal Name (UPN) in the Subject Alternative Name (SAN).The MobileIron Cloud Self-Service Portal validates the identity certificate against the certificate that you upload to MobileIron Cloud. |
IMPORTANT: The certificate that you upload to MobileIron Cloud is not immediately available for device users to authenticate against. It is only available for authentication after the next MobileIron Cloud upgrade. Contact MobileIron Technical Support to ask MobileIron to make your certificate available for use after the next upgrade.
| • | This procedure creates a Self Service Portal Authentication Setting that you apply to the appropriate user groups. Therefore, create the appropriate user groups at Users > User Groups > +Add. |
If you want to apply the setting to all users, you can edit the default Self Service Portal Authentication Setting.
Procedure
| 1. | In the Admin Portal, select Users > User Settings. |
| 2. | Under Self Service Portal Authentication Setting, select +Add setting for specific user groups. |
| 3. | Enter a name for the setting. |
| 4. | For Self Service Portal Authentication Type, select Certificate. |
| 5. | Click Choose File. |
| 6. | Select the PEM-formatted file that contains either the issuing CA certificate or the supporting certificate chain. |
| 7. | Click Next. |
if you are editing the default Self Service Portal Authentication Setting, click Done.
| 8. | Select the appropriate user groups for the setting. |
| 9. | Click Done. |