Skip to main content

MobileIron BYOD Portal (SP-initiated) Integration Guide


Use this guide to enable Multi-Factor Authentication and Single Sign-on (SSO) access via SAML 2.0 to MobileIron's BYOD Portal.


1. Have a BYOD Portal account; contact your MobileIron rep to obtain an account

2. Create a New Realm or access the current realm for the MobileIron integration in the SecureAuth IdP Web Admin

3. Configure the following tabs in the Web Admin before configuring the Post Authentication tab:

  • Overview – the description of the realm and SMTP connections must be defined

  • Data – an enterprise directory must be integrated with SecureAuth IdP

  • Workflow – the way in which users will access this application must be defined

  • Multi-Factor Methods – the SSO Authentication method that will be used to access this page must be defined

SecureAuth IdP Configuration Steps

Post Authentication


1. In the Post Authentication section, select SAML 2.0 (SP Initiated) Assertion from the dropdown

User ID Mapping


2. Use the dropdown to select the User ID Mapping field to federate

SAML Assertion / WS Federation


3. Specify the following values in these fields

a. SAML Offset Minutes: Enter5

b. SAML Valid Hours: Enter 1

c. Sign SAML Assertion: Set to True

d. Sign SAML Message: Set to False

4. Click certificate.wse3.cer to download the Assertion Signing Certificate locally


Use this certificate in the BYOD Portal

BYOD Portal Configuration Steps


1. Browse to the BYOD Portal at

2. Enable SAML SSO

3. Configure the SSO iDP URL to use this format

4. When pasting the certificate into the x.509 Certificate field, be sure to include these beginning and ending lines



5. Configure the Logout URL to use this format

6. On a mobile device, browse to this URL to register the device