We’re running CM/IMP 11.5(SU4) with latest (MRA) Expressway load and Jabber for IPhone client. Has anyone implemented a two factor authentication solution or found a way to limit the number of IPhone Jabber clients that can register with a user’s LDAP account? We only want our users to use their company IPhone for Jabber and not install it on their personal device. It would be great if you could tie the IPhones Caller-ID to the Jabber TCT device (Mobility Identity) and limit it that way but I don’t see that option or whitelisting devices in Expressway. Can we do this through certificates? I’ve seen something with SSO and IDP mentioned but no details on anyone who has implemented this solution.
Solved! Go to Solution.
Other customers have used their Mobile Device Management (MDM) to push a certificate onto the corporate mobile / paid for mobile phone and used that to authenticate the device before it is allowed onto the network via Jabber and MRA. This needs assistance from the customer/your MDM team. There is some reference to this method on the Cisco website but as there are so many MDM vendors its hard to create a guide.
Search for Certificate-Based Authentication for Cisco Jabber for Android or Certificate-Based Authentication for Cisco Jabber for iPhone and iPad. I think you have referneced this already. There will be a need to test this to ensure you get it right.