We are considering deploying Jabber for mobile devices but I need to know how to setup the iPhones and Androids to require two factor authentication of some sort when configuring on a mobile device. This could be an RSA token prompt, or an IOS client certificate, or other options that authenticate somehow. This is a high priority for me as it's a security requirement and we won’t be able to proceed unless we can get this to work. The problem we have seen is if my network credentials were obtained somehow, they can be used to configure Jabber on another mobile device without an issue. Any help regarding this matter is greatly appreciated.
Then you need to get in touch with your AM/SE in order to submit a PER on this topic.
I asked and followed up on this topic often because we have the same scenario we are trying to avoid.
I was told that the Jabber client does not support MFA (multifactor),
However. I was just reading that if you IDP supports it, you can do it. I am researching that now.
Regardless, we only want you using it from a firm device, and even with MFA you can still use it from a non firm device. We are hoping that with MFA that it will be an acceptable risk.
Cisco Jabber doesn't support true external authentication. It allows you to use AD credentials, but only after a synchronization has occurred. What it does support is SAML-based SSO. This can be leveraged, using either our own IdP or Active Directory Federation Services (ADFS) to put MFA in front of the SSO process.
Here is the third party software document about integrating with ADFS: https://duo.com/docs/adfs-30