Idenprotect for iOS Quick Start Guide

From idenprotect Knowledge Base
Jump to: navigation, search


idenprotect For Mobile

This article explains how to download, configure and use idenprotect For Mobile on your iOS device (iPhone/iPad).

This article is aimed at Helpdesk/Admin users so it covers both the settings required on the server as well as the enrollment user experience

Requirements

idenprotect Core Platform 3.7 or higher idenprotect User Portal 1.05

The idenprotect Core Platform and idenprotect User Portal must be reachable from the iOS device.

Installation

The idenprotect For Mobile applications are available from the App Store. You can click here to open the app store. Alternatively, you can view the application on the BlackBerry Marketplace

Enrollment Policies

For enrollment policies see User Enrollment Policies configuration on the idenprotect Core Platform

If you are using an email-based enrollment please configure the Email Content Configuration on the idenprotect Core Platform

For BlackBerry, UEM policies see UEM Configuration on the idenprotect Core Platform

Getting Started

When you first open the idenprotect For Mobile application you will be taken to a "Permissions" screen which will ask you for Push Notification, Location and Camera permissions like below:

IOS Permissions Screen.png

Push notifications are used to open the application when the user is required to authenticate. This is not an essential requirement but it does improve the user experience.

Location is used to inform the server of the user's current country. This may be used to support conditional access, eg access only from certain countries. If this permission is not granted the user may not be able to access applications that have this form of conditional access.

The camera is required to allow for the scanning of QR Codes


After granting the permissions you will be taken to the "idenprotect QR" screen which will give you more details on how to enroll your device.

IOS Scan QR code Screen.png

Enrolling idenprotect on iOS Device

Before you can use the idenprotect For Mobile application you need to go through the enrollment process. Please remember that you can only enroll once with the same QR Code.

There are three ways that idenprotect For Mobile applications can enroll:

  • BlackBerry enrollment with Access Key being manually entered by the user
  • BlackBerry enrollment with Access Key with programmatic authentication
  • Non-BlackBerry SAML enrollment

All of these three journeys can be set up via policies on User Enrollment Policies configuration on the idenprotect Core Platform

If you click on the Scan QR Code button camera will be launched and you can scan a QR code provided via email or onboarding page. After scanning a QR code if you have a FaceID enabled device you will be asked to grant permission to use a FaceID Please click "OK"

IOS Face Id Permission.png

BlackBerry enrollment

After granting the permissions if the idenprotect Core Platform is set up to use an Access Key entered by the user, you will be taken to the BlackBerry Authentication screen, where you have to enter your BlackBerry access key which would be provided to you by your via e-mail ( email field will be prefilled for your)

IOS blackberry auth screen.png

From V3.15.0. If the app type that has been configured on the server is not Blackberry or Both when the user scans the QRcode the user will be redirected to download the correct app for their Server's App Type ie "idenprotect" (saml only app) or "idenprotect for Intune" if the app type is Intune.

After entering the BlackBerry Access key you will proceed to the BlackBerry enrollment (if idenprotect Core Platform is set up to use programmatic BlackBerry authentication you will be taken to this screen straight away without entering the access key manually)

IOS BlackBerry Enrollment.png

When BlackBerry enrollment is finished, you would be presented with the idenprotect enrollment screen which tells you what stages of enrollment are complete.

IOS iDEN Enrollment.png

Throughout the enrollment, with idenprotect Core Platform, you may see your screen go to another page to finalize the enrollment and to authenticate to the BlackBerry runtime. After the enrollment process, you will be taken to the idenprotect Unlocked screen which means that your device is ready to use.

SAML Enrollment

If idenprotect Core Platform is set up to allow users to enroll their devices as SAML they will not be able to use BlackBerry Dynamics applications or interact with BlackBerry Runtime.

After scanning a QR code you will be presented with the idenprotect enrollment screen which tells you what stages of enrollment are complete.

IOS iDEN Enrollment.png

When idenprotect enrollment is complete you will be presented with idenprotect SAML page, which contains a "hamburger" menu and the Scan QR Code button.

IOS Saml page.png

idenprotect Both (BlackBerry and SAML) enrollment

The enrollment process for the idenprotect Both is the same as for idenprotect for BlackBerry (please follow the instructions above)