Setting up derived credentials on iOS devices

When using derived credentials on an iOS device from a provider other than Entrust or DISA Purebred, the device user does the following tasks:

• Authenticating to the Ivanti Neurons for MDM Self-Service Portal with a smart card

• Generating the one-time registration PIN

• Installing Go

• Registering Go

• Installing the derived credential app

• Installing AppConnect apps

• Running AppConnect apps

Authenticating to the Ivanti Neurons for MDM Self-Service Portal with a smart card

A device user authenticates to the Ivanti Neurons for MDM Self-Service Portal with a smart card. This procedure is supported only on desktop computers. It is not supported with:

• mobile devices

• Firefox

This procedure assumes you have sent the device user an email invitation to register with Ivanti Neurons for MDM. The email provides a link to the Self-Service Portal sign-in page because you have configured both of the following for the device user:

• A Self Service Portal Authentication setting where the Self Service Portal Authentication Type is Certificate

• A Device Registration Setting where the Device Registration Authentication Type is PIN Only

Procedure 

1. Connect a smart card reader, with a smart card inserted, to a desktop computer.

2. On the desktop computer, point a supported browser to the link specified in the email.

3. Click Sign in with Certificate.

4. Select the certificate from the smart card.

5. When prompted, enter the PIN for the smart card.

Generating the one-time registration PIN

After signing in to the Ivanti Neurons for MDM Self-Service Portal, a device user requests a one-time registration PIN on the Portal.

Procedure 

1. Click Request a PIN.

   A one-time registration PIN displays.

2. Copy the registration PIN and user name to enter later into Go on the device.

Installing Go

Instruct your device users to install the Go for iOS app on their devices, if it is not already there. Device users get the app from the Apple App Store.

Registering Go

The device user registers Go for iOS to Ivanti Neurons for MDM using the one-time registration PIN that the device user generated on the Ivanti Neurons for MDM Self-Service Portal.

Procedure 

1. Launch Go on the device.

2. Enter the user name.

3. Tap Next.

4. Enter the one-time registration PIN generated from the Ivanti Neurons for MDM Self-Service Portal.

5. Tap Sign In.

6. Follow the Go instructions to complete registration.

Installing the derived credential app

The device user installs the derived credential app obtained from a derived credential provider. Provide the device user instructions on using the app based on documentation from the app vendor or developer.

Procedure 

1. Launch the App Catalog on the device.

2. Tap the listing for the derived credential app.

3. Tap Install.

4. On the pop-up, tap Install.

Installing AppConnect apps

The device user installs each AppConnect app that uses derived credentials.

Procedure 

1. Launch the App Catalog on the device.

2. Tap the listing for the AppConnect app.

3. Tap Install.

4. On the pop-up, tap Install.

Running AppConnect apps

To run an iOS AppConnect app, including Web@Work, Docs@Work, or Email+, the device user launches the app, and then enters the secure apps passcode if prompted by Go.The app then receives the derived credential from Go.

If an AppConnect app expects certificates from a derived credential but the derived credential is not available in Go, the app becomes unauthorized. Some apps, such as Web@Work, display the unauthorized message. It says: “Missing required credentials. Please ensure you provisioned the credentials”.