Single Sign on for iOS Devices?

pghmobility's picture

pghmobility

Joined: Sep 17, 2012
No votes yet

Hello,

I am faced with an issue that I think may become more common as iOS deployments reach more enterprises.

Once signed into a VPN or on a corporate Wireless Network, most of our intranet sites require authentication; in Windows your credentials get passed to the browser. What are people currently doing to enable Single Sign On (SSO) from a mobile device? Are there 3rd party applications? Are there configurations that can be set to factilitate this?

Top
EpaL's picture

EpaL

Joined: Apr 5, 2011

Good question! We are

Your rating: None

Good question!

We are exploring these options as well. A favourite at the moment is to have our single sign on provider (we have a product internally that most Intranet sites use) detect an iOS device and perform an SSL Client Authentication challenge. This pops up the certificate choice dialog where the user would choose the Identity certificate we pushed down via MDM for VPN and ActiveSync. This would then auto populate the email address portion of the login form, leaving just the password for the user to enter.

Not perfect but quicker than typing the username each time. We thought of having the certificate fully authenticate the user but this is probably a step too far security-wise.

It's just an idea at this stage - we haven't actually tested all the pieces in motion but hope to have something going in the next few weeks.

Would be interested to know if anyone has tried this or if anyone has any suggestions to improve?

Top
mrxx2001's picture

mrxx2001

Joined: Oct 15, 2011

Client certificates

Your rating: None

We are also thinking about similar scenarios, as we don't wanna have our users to enter their credentials for the WiFi, proxy, some applications, etc. Using client certificates seems reasonable to us - the only problem is that we don't have any experience with that.
We are currently enganged in a trial with a MDM product, but the trial limitations and the missing in-depth documentation makes it difficult for us to understand how the devices, the MDM plattform, an internal CA would have to work together (don't have a PKI or CA in place, right now).

Any best-practices, infrastructure proposals are welcome!

Top
hobbyman's picture

hobbyman

Joined: Mar 28, 2012

Exactly my problem...

Your rating: None

Has anybody got any ideas on this subject?

I have been searching for a LONG time for the right answer to this problem.

Is Client Certificates the way to go?

Top

Who is online?

There are currently 0 admins, 0 users and 17 guests online. Connected users: .

Recent Activity