MobileIron BYOD Portal (SP-initiated) Integration Guide
Introduction
Use this guide to enable Multi-Factor Authentication and Single Sign-on (SSO) access via SAML 2.0 to MobileIron's BYOD Portal.
Prerequisites
1. Have a BYOD Portal account; contact your MobileIron rep to obtain an account
2. Create a New Realm or access the current realm for the MobileIron integration in the SecureAuth IdP Web Admin
3. Configure the following tabs in the Web Admin before configuring the Post Authentication tab:
Overview – the description of the realm and SMTP connections must be defined
Data – an enterprise directory must be integrated with SecureAuth IdP
Workflow – the way in which users will access this application must be defined
Multi-Factor Methods – the SSO Authentication method that will be used to access this page must be defined
SecureAuth IdP Configuration Steps
Post Authentication
1. In the Post Authentication section, select SAML 2.0 (SP Initiated) Assertion from the dropdown
User ID Mapping
2. Use the dropdown to select the User ID Mapping field to federate
SAML Assertion / WS Federation
3. Specify the following values in these fields
a. SAML Offset Minutes: Enter5
b. SAML Valid Hours: Enter 1
c. Sign SAML Assertion: Set to True
d. Sign SAML Message: Set to False
4. Click certificate.wse3.cer to download the Assertion Signing Certificate locally
Note
Use this certificate in the BYOD Portal
BYOD Portal Configuration Steps
1. Browse to the BYOD Portal at http://yourcompany.byodportal.com/admin
2. Enable SAML SSO
3. Configure the SSO iDP URL to use this format
https://secureauth.yourcompany.com/secureauthX/
4. When pasting the certificate into the x.509 Certificate field, be sure to include these beginning and ending lines
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
5. Configure the Logout URL to use this format
https://secureauth.yourcompany.com/secureauthX/
6. On a mobile device, browse to this URL to register the device
http://yourcompany.byodportal.com/reg