Configuring certificate authentication to the Ivanti Neurons for MDM Self-Service Portal

Applicable derived credential providers and device platforms

Derived credential providers

Required for Entrust, typical for all others

Device platforms

iOS, Android

 

Device users use the Ivanti Neurons for MDM Self-Service Portal to get a one-time registration PIN (and for Entrust, to request an Entrust derived credential.) The device users authenticate to the Ivanti Neurons for MDM Self-Service Portal with the identity certificate on their smart cards.

Before you begin 

  • To allow device users to authenticate to the Ivanti Neurons for MDM Self-Service Portal with the identity certificate on their smart cards, you need a PEM-formatted file that you upload to Ivanti Neurons for MDM. The file contains either a valid issuing (CA) certificate or a valid supporting certificate chain. When a user signs in to the Ivanti Neurons for MDM Self-Service Portal, they provide an identity certificate from a smart card. The user identity in the identity certificate must contain the User Principal Name (UPN) in the Subject Alternative Name (SAN).The Ivanti Neurons for MDM Self-Service Portal validates the identity certificate against the certificate that you upload to Ivanti Neurons for MDM.

IMPORTANT: The certificate that you upload to Ivanti Neurons for MDM is not immediately available for device users to authenticate against. It is only available for authentication after the next Ivanti Neurons for MDM upgrade. Contact Ivanti Technical Support to ask to make your certificate available for use after the next upgrade.

  • This procedure creates a Self Service Portal Authentication Setting that you apply to the appropriate user groups. Therefore, create the appropriate user groups at Users > User Groups > +Add.

If you want to apply the setting to all users, you can edit the default Self Service Portal Authentication Setting.

  1. In the Admin Portal, select Users > User Settings.

  2. Under Self Service Portal Authentication Setting, select +Add setting for specific user groups.

  3. Enter a name for the setting.

  4. For Self Service Portal Authentication Type, select Certificate.

  5. Click Choose File.

  6. Select the PEM-formatted file that contains either the issuing CA certificate or the supporting certificate chain.

  7. Click Next.

  8. If you are editing the default Self Service Portal Authentication Setting, click Done.

  9. Select the appropriate user groups for the setting.

  10. Click Done.