Skip to main content

Native Mode Certificate Delivery for Android Devices

This documents describes how to configure a SecureAuth realm for delivery of a native mode certificate to an Android device. These directions are intended for SecureAuth appliance versions 7.0.0 and greater. For information on setting up a realm on older releases please see the document Android Native SecureAuth Configuration Guide.

Background

Native delivery of certificates is most often used in Cisco environments where the mobile devices are utilizing a Cisco AnyConnect client. If your organization uses both iOS and Android devices then you will need to setup a realm for each device type. At the time of this documents creation the SecureAuth built-in mobile redirect functionality can only send users to one specific mobile realm. This means that in a mixed-mobile environment it will be necessary to use the IIS URL Rewrite functionality to determine the mobile browser OS type and redirect to the applicable realm. For further information on configuring URL Rewrite for mobile redirection please see the document Use IIS URL Rewrite for Mobile Redirect.

Discussion

Workflow Tab

Setting

Section

Value

Integration Method

Product Configuration

Mobile Enrollment and Validation

Client Side Control

Product Configuration

Browser Credential

Public/Private Mode

Workflow

Public

Show Userid Textbox

Workflow

True

Authentication Mode

Workflow

Standard (User / 2nd Factor / Password)

Validate Cert

Workflow

False

Renew Cert (After Validation)

Workflow

False

Note

Please note that in the workflow tab by configuring the realm as Public only we are requiring users to go through second factor authentication every time they visit to obtain a native certificate. This is the most secure method available and is recommended for production deployments. However if your site has different requirements it can be made public\private or private only.

Post Auth\Post Authentication Tab

Setting

Section

Value

Authenticated User Redirect

Post Authentication

Create PFX Link (ASA)