Peter Meuser commented on Jan 17, 2015

Using client certificates to authenticate mail apps against Sentry/Traveler

The perfect solution to make the password management of users in iOS (and some Android) mail apps unnecessary is moving to client certificates:

1. MobileIron Core's build-in CA (or an external one like Microsoft CA) generates a client certificate

2. The client certificate is deployed to the device using iOS MDM or AppConnect mechanism (depends on used mail app)

3. Mail app authenticates against Sentry using the client certificate

4, Sentry authenticates the user against Traveler using Kerberos Constrained Delegation

This just works perfect! Unfortunately MobileIron does only support this solution officially in combination with Exchange.

If you want to use this method in your MobileIron / Traveler environment, too, please ask your MobileIron representative for official support.


Peter Meuser commented on Dec 10, 2013

Product support?

BTW: So far I did not find any official documentation to these products or an official support address. Is this just a leisure-time project or just me looking at the wrong places?

Thank you for any hint!

Peter Meuser commented on Dec 10, 2013

Missing piece for automatic configuration

"Automatically configure user accounts so that no manual setup is required." does not tell the whole story.

Users still have to enter their passwords into the apps. This has to be executed not only after the first start of the apps, but also after every password change! Is it necessary? No!

MobileIron VSP has the ability to cache AD user passwords after every user authentication. I do not want to go in detail here how user passwords might be cached after every password change and how Traveler is able to use AD credentials for authentication, but: If IBM would just add a variable "password" to the configuration set, a full automatic configuration of the apps without user intervention would be possible.

Is anybody of the responsible app developers or product managers listening?