topic However possible. What are in Unified Communications Infrastructure

Jabber For Mobile Devices - Two Factor Authentication

jacob0612 — Tue, 19 Mar 2019 19:16:41 GMT

We are considering deploying Jabber for mobile devices but I need to know how to setup the iPhones and Androids to require two factor authentication of some sort when configuring on a mobile device. This could be an RSA token prompt, or an IOS client certificate, or other options that authenticate somehow. This is a high priority for me as it's a security requirement and we won’t be able to proceed unless we can get this to work. The problem we have seen is if my network credentials were obtained somehow, they can be used to configure Jabber on another mobile device without an issue. Any help regarding this matter is greatly appreciated.

Are you asking about doing

Jaime Valencia — Wed, 29 Mar 2017 15:42:01 GMT

Are you asking about doing this over MRA?

However possible. What are

jacob0612 — Wed, 29 Mar 2017 15:45:36 GMT

However possible. What are my options? We can use MobileIron if needed.

See here:

Jaime Valencia — Wed, 29 Mar 2017 15:47:05 GMT

See here:

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/11_7/cjab_b_planning-guide-jabber-117/cjab_b_planning-guide-jabber-117_chapter_011.html#CJAB_RF_S3DFB912_00

I asked and followed up on

JAMES THOMAS — Wed, 29 Mar 2017 16:52:23 GMT

I asked and followed up on this topic often because we have the same scenario we are trying to avoid.

I was told that the Jabber client does not support MFA (multifactor),

https://supportforums.cisco.com/document/12302441/jabber-mracollaboration-edge-detailed-call-fow

However. I was just reading that if you IDP supports it, you can do it. I am researching that now.

Regardless, we only want you using it from a firm device, and even with MFA you can still use it from a non firm device. We are hoping that with MFA that it will be an acceptable risk.

we want to Jabber-MRA,

JAMES THOMAS — Wed, 29 Mar 2017 19:07:35 GMT

we want to Jabber-MRA, multifactor only from firm devices

The available option is in

Jaime Valencia — Wed, 29 Mar 2017 19:10:12 GMT

The available option is in the link I posted.

nothing against you.. that

JAMES THOMAS — Wed, 29 Mar 2017 19:11:54 GMT

nothing against you.. that frankly is quite sucky

Then you need to get in touch

Jaime Valencia — Wed, 29 Mar 2017 19:13:35 GMT

Then you need to get in touch with your AM/SE in order to submit a PER on this topic.

Cisco Jabber doesn't support

Sushant Sharma — Fri, 31 Mar 2017 18:27:50 GMT

Cisco Jabber doesn't support true external authentication. It allows you to use AD credentials, but only after a synchronization has occurred. What it does support is SAML-based SSO. This can be leveraged, using either our own IdP or Active Directory Federation Services (ADFS) to put MFA in front of the SSO process.

Here is the third party software document about integrating with ADFS: https://duo.com/docs/adfs-30

Re: I asked and followed up on

karen.johnson5801 — Tue, 23 Oct 2018 20:34:13 GMT

hi James,

do you have any luck?

mind share how to if you able to?