PingID Administration Guide

Configuring MobileIron for PingID

To manage the PingID app using MobileIron, you must apply several configuration settings .

The initial MobileIron configuration comprises the following:

  1. Installing an APNs certificate for iOS in MobileIron

  2. Configuring Android for Work for MobileIron

  3. Configuring MobileIron for PingID MDM integration

Ongoing maintenance

As part of mobile device management (MDM) maintenance activities, new tokens for the PingID app can be generated and old tokens revoked. For more information, see the following topics:

The previous configuration steps are for use cases where PingID multi-factor authentication (MFA) authenticating devices are managed by the MobileIron MDM. In cases where PingFederate is used to apply policies on accessing devices managed by MobileIron, see PingFederate MobileIron Integration Kit.

Installing an APNs certificate for iOS in MobileIron

To support iOS devices, install an Apple mobile device management (MDM) certificate in the organization’s MDM.

Steps

  1. In the MobileIron admin console, download an Apple Push Notification service (APNs) Certificate Signing Request (CSR):

    1. Go to Admin → Apple/iOS → MDM Certificate → Download.

    2. Click Download File.

  2. Sign on to the Apple Push Certificates Portal.

    Screen capture of the Apple Push Certificates Portal.

  3. Click Create a Certificate on either the Get Started window, or the Certificates for Third-party Servers window.

    If your organization does not yet have any Apple Push Certificates, the Get Started section is displayed. Otherwise, the Certificates list view window is displayed.

    Screen capture of the Apple Push Certificates Portal Get Started window. The Create a Certificate button is highlighted.

  4. To browse for the CSR file created earlier, click Choose File, and then click Upload.

    Screen capture of the Create a New Push Certificate window with Choose File highlighted.

  5. Click Download.

    Screen capture of the Apple Push Certificates Portal showing the Certificates for Third-Party Servers section and the Download option highlighted.

  6. Upload the APNs certificate in MobileIron.

    1. Go to Admin → Apple/iOS → MDM Certificate.

      Screen capture of the MDM Certificate window. The Certificate Info is displayed and the status is Successfully Installed. There is a button to Renew Certificate if needed.

  7. Click Save.

Configuring Android for Work for MobileIron

Configure Android for Work for the organization’s mobile device management (MDM) so the PingID app configuration can be pushed to Android devices.

About this task

This is an example configuration of Android for Work with G Suite. You can configure Android for Work MDM without G Suite.

Steps

  1. Go to Admin → Google/Android → Android for Work, and then click Use Alternate Setup.

    Screen capture of the Android for Work window with the Alternate Setup Method option highlighted.

  2. In Get Started section, click Google Developers Console, and follow the on-screen instructions.

    Screen capture of the Android for Work window showing the Get Started, Enter Token and Connect and Authorize sections.

  3. In MobileIron’s admin portal, under Enter Token and Connect, connect to your organization’s Google service.

  4. In the MDM Token field, enter the token from the previous step.

  5. In the Domain field, enter the domain by uploading the JSON file created earlier from the Google Developers Console, and click Connect.

  6. To enable MobileIron to manage your Google users, click Authorize.

Configuring MobileIron for PingID MDM integration

Configure PingID as a mobile device management (MDM) managed app in MobileIron.

About this task

The procedure detailed below is the iOS example for the configuration of MobileIron for PingID MDM integration. The procedure for Android is identical. If the organization’s MDM manages both iOS and Android devices, configure and save the entire procedure separately for each platform.

Steps

  1. In the MobileIron admin console, go to Apps → App Catalog.

  2. Choose the desired app store, and then search for PingID.

    Screen capture of the App Catalog with the search bar highlighted.

    The following steps describe the procedure for managing the PingID app for iOS. Repeat the procedure for the PingID app for Android.

  3. Select the PingID mobile app for iOS.

    Screen capture of the App Catalog with multiple apps listed.

  4. On the App Configurations tab, select iOS Managed App Configuration.

    Screen capture of the PingID app with the App Configurations tab and iOS Managed App Configuration highlighted.

  5. Click Add.

    Screen capture of the PingID App Configurations tab with the Add button highlighted.

  6. Enter the Configuration Setup parameter values.

    Parameter Value

    Name

    PINGID_MDM_TOKEN

    Token value

    The token string value for MDM, as generated in the PingID admin web configuration page.

    Screen capture of the PingID App Configurations tab with the iOS Managed App Settings fields for Key and Value highlighted.

  7. Click Save.

  8. Click Application Configurations Summary.

  9. Click Install on device.

  10. Click Install Application configuration settings.

    Screen capture of the PingID App Configurations tab with Install Application configuration settings highlighted.

  11. For iOS 9 and later, set the Install on device switch to ON.

  12. Select the Convert to Managed App check box.

    Screen capture of the Configuration Setup section with the Install on Device toggle and Convert to Managed App check box highlighted.

    This option transitions a non-managed app downloaded from the app store to a managed app. The user must approve it on their device.
    For Apple devices earlier than iOS 9, and Android devices

    Users must execute the following steps:

    1. Unpair the PingID mobile app on the iOS device.

    2. Uninstall the PingID mobile app from the iOS device.

    3. Reinstall the PingID mobile app, from the MDM’s app catalog.

    4. Pair the newly installed, MDM managed PingID mobile app.

    For Apple devices with iOS 9 and later

    The user receives a notification on their device to approve the transition to MDM management. After user approval, the PingID mobile app installed on the iOS device is managed by the MDM.

  13. Click Save/Update.

    • When creating a new managed app entry, the button is marked Save.

    • When editing an existing entry, the button is marked Update.

      Repeat the entire configuration process for Android. The admin accesses the Android for Work options instead ofiOS Managed App Configuration. The prerequisite to the Android app configuration is Configuring Android for Work for MobileIron.

Updating a PingID token in MobileIron

Update a PingID token in MobileIron.

About this task

The procedure detailed here is the iOS example for updating the token PingID managed app in MobileIron. The procedure for Android is identical. If the organization’s mobile device management (MDM) manages both iOS and Android devices, configure and save the entire procedure separately for each platform.

Steps

  1. In the MobileIron admin console, go to Apps → App Catalog.

  2. Select the PingID mobile app for iOS.

    Screen capture of the App Catalog.

  3. On the App Configurations tab, select iOS Managed App Configuration.

    Screen capture of the PingID app with the App Configurations tab and iOS Managed App Configuration highlighted.

  4. Update the Configuration Setup parameter values.

    Parameter Value

    Name

    PINGID_MDM_TOKEN.

    Token value

    The token string value for MDM, as generated in the PingID admin web configuration page.
    Screen capture of the PingID App Configurations tab with the iOS Managed App Settings fields for Key and Value highlighted.

  5. Click Save.

    Repeat the entire process for Android.