Single Sign on for iOS Devices?

pghmobility's picture


Joined: Sep 17, 2012
No votes yet


I am faced with an issue that I think may become more common as iOS deployments reach more enterprises.

Once signed into a VPN or on a corporate Wireless Network, most of our intranet sites require authentication; in Windows your credentials get passed to the browser. What are people currently doing to enable Single Sign On (SSO) from a mobile device? Are there 3rd party applications? Are there configurations that can be set to factilitate this?

EpaL's picture


Joined: Apr 5, 2011

Good question! We are

Your rating: None

Good question!

We are exploring these options as well. A favourite at the moment is to have our single sign on provider (we have a product internally that most Intranet sites use) detect an iOS device and perform an SSL Client Authentication challenge. This pops up the certificate choice dialog where the user would choose the Identity certificate we pushed down via MDM for VPN and ActiveSync. This would then auto populate the email address portion of the login form, leaving just the password for the user to enter.

Not perfect but quicker than typing the username each time. We thought of having the certificate fully authenticate the user but this is probably a step too far security-wise.

It's just an idea at this stage - we haven't actually tested all the pieces in motion but hope to have something going in the next few weeks.

Would be interested to know if anyone has tried this or if anyone has any suggestions to improve?

mrxx2001's picture


Joined: Oct 15, 2011

Client certificates

Your rating: None

We are also thinking about similar scenarios, as we don't wanna have our users to enter their credentials for the WiFi, proxy, some applications, etc. Using client certificates seems reasonable to us - the only problem is that we don't have any experience with that.
We are currently enganged in a trial with a MDM product, but the trial limitations and the missing in-depth documentation makes it difficult for us to understand how the devices, the MDM plattform, an internal CA would have to work together (don't have a PKI or CA in place, right now).

Any best-practices, infrastructure proposals are welcome!

hobbyman's picture


Joined: Mar 28, 2012

Exactly my problem...

Your rating: None

Has anybody got any ideas on this subject?

I have been searching for a LONG time for the right answer to this problem.

Is Client Certificates the way to go?


Who is online?

There are currently 0 admins, 0 users and 17 guests online. Connected users: .

Recent Activity