cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
5694
Views
0
Helpful
10
Replies
jacob0612
Beginner

Jabber For Mobile Devices - Two Factor Authentication

We are considering deploying Jabber for mobile devices but I need to know how to setup the iPhones and Androids to require two factor authentication of some sort when configuring on a mobile device.  This could be an RSA token prompt, or an IOS client certificate, or other options that authenticate somehow.  This is a high priority for me as it's a security requirement and we won’t be able to proceed unless we can get this to work.  The problem we have seen is if my network credentials were obtained somehow, they can be used to configure Jabber on another mobile device without an issue.  Any help regarding this matter is greatly appreciated.    

  

10 REPLIES 10
Jaime Valencia
Hall of Fame Cisco Employee

Are you asking about doing this over MRA?

HTH

java

if this helps, please rate

However possible.  What are my options?  We can use MobileIron if needed. 

Jaime Valencia
Hall of Fame Cisco Employee

See here:

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/11_7/cjab_b_planning-guide-jabber-117/cjab_b_planning-guide-jabber-117_chapter_011.html#CJAB_RF_S3DFB912_00

HTH

java

if this helps, please rate

we want to Jabber-MRA, multifactor only from firm devices

Jaime Valencia
Hall of Fame Cisco Employee

The available option is in the link I posted.

HTH

java

if this helps, please rate

nothing against you.. that frankly is quite sucky

Jaime Valencia
Hall of Fame Cisco Employee

Then you need to get in touch with your AM/SE in order to submit a PER on this topic.

HTH

java

if this helps, please rate
JAMES THOMAS
Beginner

I asked and followed up on this topic often because we have the same scenario we are trying to avoid.

I was told that the Jabber client does not support MFA (multifactor),

https://supportforums.cisco.com/document/12302441/jabber-mracollaboration-edge-detailed-call-fow

However. I was just reading that if you IDP supports it, you can do it. I am researching that now.


Regardless, we only want you using it from a firm device, and even with MFA you can still use it from a non firm device. We are hoping that with MFA that it will be an acceptable risk.

hi James,

 

do you have any luck?

mind share how to if you able to?

K

Sushant Sharma
Beginner

Cisco Jabber doesn't support true external authentication. It allows you to use AD credentials, but only after a synchronization has occurred.  What it does support is SAML-based SSO. This can be leveraged, using either our own IdP or Active Directory Federation Services (ADFS) to put MFA in front of the SSO process.

 

Here is the third party software document about integrating  with ADFS: https://duo.com/docs/adfs-30

Create
Recognize Your Peers
Content for Community-Ad