Optional pre-populate the enrollment URL
The following optional steps are for organizations that use Microsoft Intune® to manage employee mobile devices. The goal is for administrators to pre-populate the enrollment URL. This will enable end users to bypass entering the enrollment URL to create an account in the SecureAuth Authenticate app. After you configure Intune, end users will need to only register their account to authenticate.
Prerequisites
SecureAuth Identity Platform release 19.07 or later, with a SecureAuth IdP 9.3 or later realm configured for URL enrollment
SecureAuth Authenticate App v19.12 or later
Mobile device management (MDM) tool that supports the AppConfig Community standard, such as Intune, MobileIron, AirWatch, Meraki; ensure your MDM tool is installed
End user iOS mobile devices must be running an operating system of 11.0 or later
End user Android mobile devices must be running an operating system of 5.0 or later
Configure the enrollment URL
Administrators can use the following information to add a policy associated with the correct SecureAuth URL enrollment realm, and assign the policy to end users; Microsoft Intune is an example of setting up the integration in one kind of MDM tool. The policy causes end users to be redirected automatically to the correct realm so all they need to do is register their account to authenticate. Registering an account is discussed at the end of this topic.
You might need to use the iOS integration steps, Android integration steps, or both depending on the types of devices your end users will use to authenticate.
In both sets of instructions, the steps start from the Intune main menu on the left side, as shown in the following example:
End user setup
End users can now use the Authenticate mobile app through the Intune Company Portal. Use the following steps to guide end users, customizing where needed.
To use personal mobile devices to access your company portal and resources, you will need to download and set up Intune Company Portal and the SecureAuth Authenticate mobile app. <Admins: If you set the Authenticate app to Required when you added the app during Intune configuration above, you can remove "and the SecureAuth Authenticate mobile app" from the previous sentence.>
The following steps show you how to do this.
Download the Intune Company Portal from Google Play Store or iTunes. <Admins: Please send Android and iOS links to end users for their convenience.>
Complete the Intune Company Portal setup. Follow your administrator's configuration instructions for details. <Admins: Please provide any configuration steps your end users need to complete.>
Download and install the SecureAuth Authenticate app:
<Admins: If you set the Authenticate app to Required when you added the app during Intune configuration above, you can remove step 3.>
iOS – https://itunes.apple.com/us/app/secureauth-otp/id615536686
Android – https://play.google.com/store/apps/details?id=secureauth.android.token&hl=en_US
Select the Authenticate mobile app and log in. The following occurs:
The time-based one-time passcode (TOTP) is displayed the first time you authenticate and then you are authenticated. The device you used to authenticate with is now a trusted device.
Each successive authentication on the trusted device occurs automatically, after you select the mobile app. A second factor is not required because SecureAuth IdP and Intune are integrated and take care of added security for the device and end user combination.
Note that you must accept push notifications from the mobile app.
Delete and reconnect an account
If you delete the Authenticate mobile app and then need to reconnect, do the following.
Download the mobile app again.
Select the mobile app to log in. If the device is the same one that the admin already configured through Intune, the device will still be configured. You will see the following screen, rather than automatically being authenticated:
Tap Continue to Login, and then authenticate with your password to reconnect your account. After reconnecting, subsequent authentication on the trusted device occurs automatically, after selecting the mobile app.
If you want to enroll your device with a different SecureAuth IdP realm or if you want to use the mobile app for third-party software, such as GitHub, you can Connect with a URL or Connect with a QR code (must have a working camera on the device).
If you want to enroll a different device, for example, a new phone or tablet, you must contact your administrator and ask for the new device to be added through Intune.