9.2 Configuring the MobileAccess App

You must configure an appmark for the application. Users can access the application through its appmark. For information about appmarks, see Section 8.0, Appmarks.

After creating appmarks, you must configure MobileAccess to enable users to register their mobile devices through MobileAccess (iOS or Android). Users can access appmarks through a browser on a desktop without enabling MobileAccess.

MobileAccess communicates only over an HTTPS connection. It does not work with HTTP.

IMPORTANT:Ensure that the certificate of the Identity Server cluster contains a Subject Alternate Name. MobileAccess does not work if the Subject Alternate Name field is empty.

To configure MobileAccess:

  1. Log in as an administrator to Administration Console.

  2. In Administration Console Dashboard under Administration Tasks, click MobileAccess.

  3. Select the cluster that contains the appmarks you want to enable for MobileAccess.

  4. Select Enable MobileAccess to enable users to register their devices if they have installed MobileAccess.

  5. Navigate to Dashboard > Branding, specify your company name in Title.

    This name appears in the bar at the top of MobileAccess on users’ mobile devices.

  6. In Roles, select the roles of users who can view the appmarks on MobileAccess.

    If you do not select a role, all users can view appmarks on MobileAccess. If you add a role, only users with that role can view the appmarks. If you add multiple roles, users in any of those roles can view and access appmarks.

  7. In Mobile device registration contract, select the contract that users will see to register their devices through MobileAccess. You can select any contracts listed. However, not all Access Manager contracts work with mobile devices.

    IMPORTANT:Ensure that the selected contract works with mobile devices. In general, any basic authentication or certificate contracts do not work on mobile devices.

  8. In Methods satisfied by mobile authentication, select the authentication methods that are satisfied after users have successfully registered a mobile device.

  9. In Password Prompt, select how long users can continue to use an authenticated password on mobile devices before re-authentication is required.

  10. In PIN Prompt, select whether users must set a PIN for MobileAccess on their mobile devices, and whether they must re-enter the PIN after a period of inactivity. You can change this requirement anytime. For more information, see Understanding the MobileAccess PIN.

    NOTE:By default, users can enter their PIN incorrectly five times.

  11. Click Save.

  12. Repeat the procedure for each Identity Server cluster that contains appmarks.