Native Mode Certificate Delivery for Android Devices
This documents describes how to configure a SecureAuth realm for delivery of a native mode certificate to an Android device. These directions are intended for SecureAuth appliance versions 7.0.0 and greater. For information on setting up a realm on older releases please see the document Android Native SecureAuth Configuration Guide.
Background
Native delivery of certificates is most often used in Cisco environments where the mobile devices are utilizing a Cisco AnyConnect client. If your organization uses both iOS and Android devices then you will need to setup a realm for each device type. At the time of this documents creation the SecureAuth built-in mobile redirect functionality can only send users to one specific mobile realm. This means that in a mixed-mobile environment it will be necessary to use the IIS URL Rewrite functionality to determine the mobile browser OS type and redirect to the applicable realm. For further information on configuring URL Rewrite for mobile redirection please see the document Use IIS URL Rewrite for Mobile Redirect.
Discussion
Workflow Tab
Setting | Section | Value |
|---|---|---|
Integration Method | Product Configuration | Mobile Enrollment and Validation |
Client Side Control | Product Configuration | Browser Credential |
Public/Private Mode | Workflow | Public |
Show Userid Textbox | Workflow | True |
Authentication Mode | Workflow | Standard (User / 2nd Factor / Password) |
Validate Cert | Workflow | False |
Renew Cert (After Validation) | Workflow | False |
Note
Please note that in the workflow tab by configuring the realm as Public only we are requiring users to go through second factor authentication every time they visit to obtain a native certificate. This is the most secure method available and is recommended for production deployments. However if your site has different requirements it can be made public\private or private only.
Post Auth\Post Authentication Tab
Setting | Section | Value |
|---|---|---|
Authenticated User Redirect | Post Authentication | Create PFX Link (ASA) |