Before you configure Standalone Sentry for AppTunnel

You must have installed Standalone Sentry. See the Standalone Sentry Installation Guide.

If your UEM is MobileIron Cloud, the Standalone Sentry must be registered to your MobileIron Cloud instance.

You must have the required certificate setup in your UEM.

AppTunnel uses either an Identity certificate for device authentication and pass through or Kerberos for server authentication. The Identity certificate can be local or a trusted CA. If you are using an Identity certificate, you will upload the identity certificate in the Sentry configuration you create on your UEM. See Configuring authentication using SCEP Identity (MobileIron Cloud only).

Configuring authentication using SCEP Identity (MobileIron Cloud only)

For MobileIron Cloud only, if you intend to use a SCEP identity certificate you must add the Certificate to MobileIron Cloud and create the associated App Identity Certificate configuration.

Procedure

Add a local or external certificate authority in Admin > Certificate Authority.

A Connector installation is required if you are using an external certificate authority.

Add an App Identity Certificate Configuration. For source, select the certificate you configured in Admin > Certificate Authority. This is the SCEP identity you will use when you configure device authentication in the Standalone Sentry configuration.

Create an Identity Certificate setting, in Configurations > Add > Identity Certificate. For Certificate Distribution, select Dynamically Generated and for Source, select the certificate you configured in Admin > Certificate Authority. If the app configuration requires, you will reference the Identity Certificate configuration in the app’s configuration that uses an AppTunnel service or the Tunnel service.