OAuth for Sentry on MobileIron Cloud

OAuth is supported with Standalone Sentry for Office 365. The following scenarios must be compliant for OAuth to function correctly:

• The email client must support OAuth (iOS Native Mail, iOS Email+ and Android Email+)

• UEM must push an OAuth configuration to the email client

• UEM must enable Sentry for OAuth

Configuring Sentry on MobileIron Cloud for OAuth

You must configure Sentry to enable OAuth and provide the endpoints.

Before you begin 

• Verify that you have Sentry 9.12 and MobileIron Cloud 75.

Procedure 

1.

Login to MobileIron Cloud with admin credentials.

2.

Click Admin > Sentry > Add Sentry Profile.

3.

Select ActiveSync with Basic Auth and/or OAuth and click Next.

4.

Enter the Name, Hostname, and Port details and click Next.

5.

Enter the Sentry Server Configuration details and click Next.

6.

Click Exchange ActiveSync and enter the following details:

• Destination OAuth2 Authorization Endpoint: https://login.windows.net/common/oauth2/authorize

• Destination OAuth2 Token Endpoint: https://login.windows.net/common/oauth2/token

• Sentry Resource: https://<SentryHostname>

• Destination Resource: https://outlook.office365.com
  
  
  

7.

Click Next > Save.

Configuring iOS native email configuration with OAuth

You must enter the Sentry OAuth Sign In URL.

Before you begin 

Verify that you have added the Sentry profile with OAuth settings.

Procedure 

1. Login to MobileIron Cloud with admin credentials.

2. Click Configurations> Add> Exchange.

3. Enter the name and description.

4. In Configuration Setup, select Enable OAuth for exchange payload.
   
   

5. Enter the following details:

   1. OAuth Sign In URL: https://<Sentry HostName>/proxyservice/oauth2/authorize

   2. OAuth Token Request URL: https://<Sentry HostName>/proxyservice/oauth2/token

6. Click Next > Done.

Configuring Android and iOS Email+ configuration with OAuth

1. Login to MobileIron Cloud with admin credentials.

2. Click Apps> App Catalog> Add.

3. Select Email+ 3.8.0. (Android AppConnect) for Android configuration.

4. Enter the details and click Next to add the application.
   

   Figure 1. android email+ configuration
   
   
   

   Figure 2. ios email+ configuration
   
   

For more information on adding an application on MobileIron Cloud, see "Adding an In-house app" in the MobileIron Cloud Administrator Guide.

KVPs for Email+ configuration

• eas_min_allowed_auth_mode: modern_auth

• modern_auth_authority_url: https://<SentryHostname>/proxyservice

• modern_auth_resource_url: https://<SentryHostname>

• email_exchange_host =<sentry_address>