Configuring MobileIron for PingID
To manage the PingID app using MobileIron, you must apply several configuration settings .
The initial MobileIron configuration comprises the following:
Ongoing maintenance
As part of mobile device management (MDM) maintenance activities, new tokens for the PingID app can be generated and old tokens revoked. For more information, see the following topics:
-
For PingID:
-
For MobileIron:
The previous configuration steps are for use cases where PingID multi-factor authentication (MFA) authenticating devices are managed by the MobileIron MDM. In cases where PingFederate is used to apply policies on accessing devices managed by MobileIron, see PingFederate MobileIron Integration Kit. |
Installing an APNs certificate for iOS in MobileIron
To support iOS devices, install an Apple mobile device management (MDM) certificate in the organization’s MDM.
Steps
-
In the MobileIron admin console, download an Apple Push Notification service (APNs) Certificate Signing Request (CSR):
-
Go to Admin → Apple/iOS → MDM Certificate → Download.
-
Click Download File.
-
-
Sign on to the Apple Push Certificates Portal.
-
Click Create a Certificate on either the Get Started window, or the Certificates for Third-party Servers window.
If your organization does not yet have any Apple Push Certificates, the Get Started section is displayed. Otherwise, the Certificates list view window is displayed.
-
To browse for the CSR file created earlier, click Choose File, and then click Upload.
-
Click Download.
-
Upload the APNs certificate in MobileIron.
-
Go to Admin → Apple/iOS → MDM Certificate.
-
-
Click Save.
Configuring Android for Work for MobileIron
Configure Android for Work for the organization’s mobile device management (MDM) so the PingID app configuration can be pushed to Android devices.
About this task
This is an example configuration of Android for Work with G Suite. You can configure Android for Work MDM without G Suite. |
Steps
-
Go to Admin → Google/Android → Android for Work, and then click Use Alternate Setup.
-
In Get Started section, click Google Developers Console, and follow the on-screen instructions.
-
In MobileIron’s admin portal, under Enter Token and Connect, connect to your organization’s Google service.
-
In the MDM Token field, enter the token from the previous step.
-
In the Domain field, enter the domain by uploading the JSON file created earlier from the Google Developers Console, and click Connect.
-
To enable MobileIron to manage your Google users, click Authorize.
Configuring MobileIron for PingID MDM integration
Configure PingID as a mobile device management (MDM) managed app in MobileIron.
About this task
The procedure detailed below is the iOS example for the configuration of MobileIron for PingID MDM integration. The procedure for Android is identical. If the organization’s MDM manages both iOS and Android devices, configure and save the entire procedure separately for each platform. |
Steps
-
In the MobileIron admin console, go to Apps → App Catalog.
-
Choose the desired app store, and then search for PingID.
The following steps describe the procedure for managing the PingID app for iOS. Repeat the procedure for the PingID app for Android.
-
Select the PingID mobile app for iOS.
-
On the App Configurations tab, select iOS Managed App Configuration.
-
Click Add.
-
Enter the Configuration Setup parameter values.
Parameter Value Name
PINGID_MDM_TOKEN
Token value
The token string value for MDM, as generated in the PingID admin web configuration page.
-
Click Save.
-
Click Application Configurations Summary.
-
Click Install on device.
-
Click Install Application configuration settings.
-
For iOS 9 and later, set the Install on device switch to ON.
-
Select the Convert to Managed App check box.
This option transitions a non-managed app downloaded from the app store to a managed app. The user must approve it on their device.
- For Apple devices earlier than iOS 9, and Android devices
-
Users must execute the following steps:
-
Unpair the PingID mobile app on the iOS device.
-
Uninstall the PingID mobile app from the iOS device.
-
Reinstall the PingID mobile app, from the MDM’s app catalog.
-
Pair the newly installed, MDM managed PingID mobile app.
-
- For Apple devices with iOS 9 and later
-
The user receives a notification on their device to approve the transition to MDM management. After user approval, the PingID mobile app installed on the iOS device is managed by the MDM.
-
Click Save/Update.
-
When creating a new managed app entry, the button is marked Save.
-
When editing an existing entry, the button is marked Update.
Repeat the entire configuration process for Android. The admin accesses the Android for Work options instead ofiOS Managed App Configuration. The prerequisite to the Android app configuration is Configuring Android for Work for MobileIron.
-
Updating a PingID token in MobileIron
Update a PingID token in MobileIron.
About this task
The procedure detailed here is the iOS example for updating the token PingID managed app in MobileIron. The procedure for Android is identical. If the organization’s mobile device management (MDM) manages both iOS and Android devices, configure and save the entire procedure separately for each platform. |
Steps
-
In the MobileIron admin console, go to Apps → App Catalog.
-
Select the PingID mobile app for iOS.
-
On the App Configurations tab, select iOS Managed App Configuration.
-
Update the Configuration Setup parameter values.
Parameter Value Name
PINGID_MDM_TOKEN
.Token value
The token string value for MDM, as generated in the PingID admin web configuration page.
-
Click Save.
Repeat the entire process for Android.