MobileIron Integration Kit

Overview of the SSO flow

The following figure shows a basic SSO scenario in which a PingFederate server authenticates users to an SP application using the MobileIron Adapter.

lsi1563995483660

Processing Steps

  1. A user with an MobileIron enrolled device requests access to an SP resource. The request is redirected to PingFederate to perform X.509 Authentication.

  2. The browser requests the user’s X.509 certificate. The PingFederate X.509 Certificate Adapter validates the certificate against a list of issuers. If no issuers are specified in the Adapter setup, it uses the server’s list of trusted CAs instead.

  3. The certificate is validated and the Device Identifier is parsed from the certificate. The Device Identifier is then passed to the MobileIron Adapter.

  4. The Device Identifier is used to contact the MobileIron Device API to retrieve the device’s posture.

  5. The result of the authentication is returned, and if successful, the user is redirected to the requested resource.