MobileIron with sharepoint for authentication

我是研究僧i 提交于 2019-12-01 11:17:09

问题


Do we have any in-built feature to authenticate and authorize a user from mobile iron to SharePoint?

User will be authenticated via mobile iron now he must be login to SharePoint seamlessly.


回答1:


With MobileIron you can use Kerberos Constrained Delegetion (KCD) for seamless authentication to a system behind the MobileIron Sentry / accessed through the Sentry. There is a dedicated document available through support access from MobileIron where this stuff is explained in detail.

At this point I'll only point out the overall process to access SharePoint with the MobileIron Web@Work browser:

  • You have to deploy a user certificate through MobileIron for user authentication.
  • Also you need to setup KCD for the Sharepoint Site / Webserver: Active Directory (AD) ServíceAccount for obtaining Kerberos Ticktes from Domain Controller (DC), Configuring Service Prinicipal Name for the ressource you want to access, and authentication delegation for the service account & ressource.
  • Configure an Web@Work config with service definition to access the dedicated SharePoint Site with KCD.

If all is in place the access / authentication process is as follows: When the device connects to the sentry to access the configured Sharepoint Site / Webserver it authenticates with the user certificate to the Sentry and sends the requests to the ressource. The Sentry goes to to the Key Distribution Center (KDC), that's a service on an AD DC, requests a Kerberos ticket for the user with the service account and attaches this ticket to the forwarded web request to the SharePoint web server.

As you can see it's not very simple to set it up but works fine and the users will love you ;-)



来源:https://stackoverflow.com/questions/28988121/mobileiron-with-sharepoint-for-authentication

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!