cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7146
Views
0
Helpful
10
Replies

Jabber For Mobile Devices - Two Factor Authentication

jacob0612
Level 1
Level 1

We are considering deploying Jabber for mobile devices but I need to know how to setup the iPhones and Androids to require two factor authentication of some sort when configuring on a mobile device.  This could be an RSA token prompt, or an IOS client certificate, or other options that authenticate somehow.  This is a high priority for me as it's a security requirement and we won’t be able to proceed unless we can get this to work.  The problem we have seen is if my network credentials were obtained somehow, they can be used to configure Jabber on another mobile device without an issue.  Any help regarding this matter is greatly appreciated.    

  

10 Replies 10

Jaime Valencia
Cisco Employee
Cisco Employee

Are you asking about doing this over MRA?

HTH

java

if this helps, please rate

However possible.  What are my options?  We can use MobileIron if needed. 

See here:

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/11_7/cjab_b_planning-guide-jabber-117/cjab_b_planning-guide-jabber-117_chapter_011.html#CJAB_RF_S3DFB912_00

HTH

java

if this helps, please rate

we want to Jabber-MRA, multifactor only from firm devices

The available option is in the link I posted.

HTH

java

if this helps, please rate

nothing against you.. that frankly is quite sucky

Then you need to get in touch with your AM/SE in order to submit a PER on this topic.

HTH

java

if this helps, please rate

JAMES THOMAS
Level 1
Level 1

I asked and followed up on this topic often because we have the same scenario we are trying to avoid.

I was told that the Jabber client does not support MFA (multifactor),

https://supportforums.cisco.com/document/12302441/jabber-mracollaboration-edge-detailed-call-fow

However. I was just reading that if you IDP supports it, you can do it. I am researching that now.


Regardless, we only want you using it from a firm device, and even with MFA you can still use it from a non firm device. We are hoping that with MFA that it will be an acceptable risk.

hi James,

 

do you have any luck?

mind share how to if you able to?

K

Sushant Sharma
Level 1
Level 1

Cisco Jabber doesn't support true external authentication. It allows you to use AD credentials, but only after a synchronization has occurred.  What it does support is SAML-based SSO. This can be leveraged, using either our own IdP or Active Directory Federation Services (ADFS) to put MFA in front of the SSO process.

 

Here is the third party software document about integrating  with ADFS: https://duo.com/docs/adfs-30

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: