Documentation
Introduction

Use this guide to enable 2-Factor Authentication and Single Sign-on (SSO) access via SAML 2.0 to MobileIron's BYOD Portal.

Prerequisites

1. Have a BYOD Portal account; contact your MobileIron rep to obtain an account

2. Create a New Realm or access the current realm for the MobileIron integration in the SecureAuth IdP Web Admin

3. Configure the following tabs in the Web Admin before configuring the Post Authentication tab:

  • Overview – the description of the realm and SMTP connections must be defined
  • Data – an enterprise directory must be integrated with SecureAuth IdP
  • Workflow – the way in which users will access this application must be defined
  • Registration Methods – the SSO Authentication method that will be used to access this page must be defined
SecureAuth IdP Configuration Steps
Post Authentication

 

1. In the Post Authentication section, select SAML 2.0 (SP Initiated) Assertion Page from the dropdown

User ID Mapping

 

2. Use the dropdown to select the User ID Mapping field to federate

SAML Assertion / WS Federation

 

3. Specify the following values in these fields

a. SAML Offset Minutes: Enter 5

b. SAML Valid Hours: Enter 1 

c. Sign SAML Assertion: Set to True

d. Sign SAML Message: Set to False

4. Click certificate.wse3.cer to download the Assertion Signing Certificate locally

Use this certificate in the BYOD Portal

BYOD Portal Configuration Steps

 

1. Browse to the BYOD Portal at http://yourcompany.byodportal.com/admin

2. Enable SAML SSO

3. Configure the SSO iDP URL to use this format

https://secureauth.yourcompany.com/secureauthX/

4. When pasting the certificate into the x.509 Certificate field, be sure to include these beginning and ending lines

-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

5. Configure the Logout URL to use this format

https://secureauth.yourcompany.com/secureauthX/

6. On a mobile device, browse to this URL to register the device

http://yourcompany.byodportal.com/reg