03-28-2017 09:50 PM - edited 03-19-2019 12:16 PM
We are considering deploying Jabber for mobile devices but I need to know how to setup the iPhones and Androids to require two factor authentication of some sort when configuring on a mobile device. This could be an RSA token prompt, or an IOS client certificate, or other options that authenticate somehow. This is a high priority for me as it's a security requirement and we won’t be able to proceed unless we can get this to work. The problem we have seen is if my network credentials were obtained somehow, they can be used to configure Jabber on another mobile device without an issue. Any help regarding this matter is greatly appreciated.
03-29-2017 08:42 AM
Are you asking about doing this over MRA?
03-29-2017 08:45 AM
However possible. What are my options? We can use MobileIron if needed.
03-29-2017 08:47 AM
See here:
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/11_7/cjab_b_planning-guide-jabber-117/cjab_b_planning-guide-jabber-117_chapter_011.html#CJAB_RF_S3DFB912_00
03-29-2017 12:07 PM
we want to Jabber-MRA, multifactor only from firm devices
03-29-2017 12:10 PM
The available option is in the link I posted.
03-29-2017 12:11 PM
nothing against you.. that frankly is quite sucky
03-29-2017 12:13 PM
Then you need to get in touch with your AM/SE in order to submit a PER on this topic.
03-29-2017 09:52 AM
I asked and followed up on this topic often because we have the same scenario we are trying to avoid.
I was told that the Jabber client does not support MFA (multifactor),
https://supportforums.cisco.com/document/12302441/jabber-mracollaboration-edge-detailed-call-fow
However. I was just reading that if you IDP supports it, you can do it. I am researching that now.
Regardless, we only want you using it from a firm device, and even with MFA you can still use it from a non firm device. We are hoping that with MFA that it will be an acceptable risk.
10-23-2018 01:34 PM
hi James,
do you have any luck?
mind share how to if you able to?
K
03-31-2017 11:27 AM
Cisco Jabber doesn't support true external authentication. It allows you to use AD credentials, but only after a synchronization has occurred. What it does support is SAML-based SSO. This can be leveraged, using either our own IdP or Active Directory Federation Services (ADFS) to put MFA in front of the SSO process.
Here is the third party software document about integrating with ADFS: https://duo.com/docs/adfs-30
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide