Device user tasks to use derived credentials
After you have configured MobileIron Cloud to support the use of derived credentials, the tasks that a device user does to use derived credentials depends on:
-
whether the device is Android or iOS
-
whether the derived credential provider is Entrust, DISA Purebred, or another provider
The tasks are listed in:
| NOTE: | These task lists assume that you want device users to register to MobileIron Cloud using a registration PIN rather than with a user ID and password, since typically, device users who use smart cards do not have passwords. However, using a registration PIN is a requirement only with Entrust derived credentials. For other derived credential providers, it is not a requirement, and therefore the related tasks are optional. |
Device user tasks to use Entrust derived credentials
Device users who have not yet registered with MobileIron Cloud can get Entrust derived credentials by doing the following:
-
Authenticate to the MobileIron Cloud Self-Service Portal with a smart card.
-
Generate a one-time registration PIN.
-
Request a derived credential from Entrust, which generates a one-time Entrust activation password.
-
Install MobileIron Go on the device. For Android, this includes installing the Secure Apps Manager.
-
Register MobileIron Go with MobileIron Cloud using the one-time registration PIN.
-
For Android devices, install the PIV-D Manager app, and any AppConnect apps on the device.
-
For iOS devices, install the Install the PIV-D Manager app and any AppConnect apps on the device.
-
For iOS devices, launch the PIV-D Manager app and select the Entrust option to activate the derived credential with the one-time Entrust activation password.
-
For Android devices, launch the PIV-D Manager app to activate the derived credential with the one-time activation password.
-
Use the AppConnect apps.
Device users who are already registered with MobileIron Cloud can get derived credentials by doing the following:
-
Get a QR code and Entrust activation password from the Entrust self-service portal.
-
Get a derived credential using the PIV-D Manager app for iOS or the PIV-D Manager app for Android.
The following diagrams summarize what happens when:
-
A device user requests a registration PIN and Entrust derived Credential
-
An Android AppConnect user activates an Entrust derived Credential
Figure 1. A device user requests a registration PIN and Entrust derived Credential
Figure 2. An iOS user activates an Entrust derived Credential
Figure 3. An Android AppConnect user activates an Entrust derived Credential
Device user tasks to use DISA Purebred derived credentials
Using DISA Purebred derived credentials is supported only on iOS devices.
| 1. | Authenticate to the MobileIron Cloud self-service user portal with a smart card. |
| 2. | Generate a one-time registration PIN. |
| 3. | Install MobileIron Go on the device. |
| 4. | Register MobileIron Go with MobileIron Go using the one-time registration PIN. |
| 5. | Install the DISA Purebred Registration app on the device. |
| 6. | Install the PIV-D Manager app for iOS on the device. |
| 7. | Launch the DISA Purebred Registration app to get the derived credential |
| 8. | Launch the PIV-D Manager app and select the DISA Purebred option to import the derived credential’s certificates from the DISA Purebred Registration app. The PIV-D Manager app then sends all the certificates to MobileIron Go. |
| 9. | Install the AppConnect apps on the device. |
| 10. | Use the AppConnect apps. |
The following diagram displays the what happens when the device user gets a DISA Purebred derived credential.
Figure 4. An iOS user activates a DISA Purebred derived credential
Device user tasks to use another provider’s derived credentials
Third-party derived credential apps are supported on iOS devices.
| 1. | Authenticate to the MobileIron Cloud self-service user portal with a smart card. |
| 2. | Generate a one-time registration PIN. |
| 3. | Install MobileIron Go on the device. |
| 4. | Register MobileIron Go with MobileIron Cloud using the one-time registration PIN. |
| 5. | For Android devices, install the Secure Apps Manager for Android on the device, followed by any AppConnect apps. |
| 6. | For iOS devices, install the third-party derived credential app for iOS and any AppConnect apps on the device. |
| 7. | Launch the derived credential app and follow its instructions. |
| 8. | Use the AppConnect apps. |