MobileIron with sharepoint for authentication

Question

Do we have any in-built feature to authenticate and authorize a user from mobile iron to SharePoint?

User will be authenticated via mobile iron now he must be login

Answer 1

With MobileIron you can use Kerberos Constrained Delegetion (KCD) for seamless authentication to a system behind the MobileIron Sentry / accessed through the Sentry. There is a dedicated document available through support access from MobileIron where this stuff is explained in detail.

At this point I'll only point out the overall process to access SharePoint with the MobileIron Web@Work browser:

• You have to deploy a user certificate through MobileIron for user authentication.
• Also you need to setup KCD for the Sharepoint Site / Webserver: Active Directory (AD) ServíceAccount for obtaining Kerberos Ticktes from Domain Controller (DC), Configuring Service Prinicipal Name for the ressource you want to access, and authentication delegation for the service account & ressource.
• Configure an Web@Work config with service definition to access the dedicated SharePoint Site with KCD.

If all is in place the access / authentication process is as follows: When the device connects to the sentry to access the configured Sharepoint Site / Webserver it authenticates with the user certificate to the Sentry and sends the requests to the ressource. The Sentry goes to to the Key Distribution Center (KDC), that's a service on an AD DC, requests a Kerberos ticket for the user with the service account and attaches this ticket to the forwarded web request to the SharePoint web server.

As you can see it's not very simple to set it up but works fine and the users will love you ;-)