Solved

Having Mobile Users Authenticate to Wireless Network each Time

Posted on 2013-05-30
12
1,319 Views
Last Modified: 2013-06-13
I would like users to authenticate to our Wireless Network each time they log into there IPADs... Currently when the user first connects they must put in the MobileIron strong password then select the Wireless Network they want to connect to, using Windows AD user ID and Password... The next time they try and connect, they enter there MobileIron password to unlock there IPAD and they automaticlly Join the network... I would like them to reenter there User Name and Password...
0
Comment
Question by:axl13
  • 4
  • 4
  • 2
  • +1
12 Comments
 
LVL 20

Accepted Solution

by:
Jakob Digranes earned 250 total points
ID: 39210400
This is handled by your iPads --- that they remember your credentials. You can set your wireless to reauthenticate users every 60mins - but the users (or clients) will just use already stored credentials.

So unless there's a way to get the iPad to forget network every time - I did try google, but came up with little useful information.

You could however use captive portal in addition to wireless network authentication, so after they've connected - they are redirected to a web page where they must login to get access.

Maybe other solutions aswell, but then - why are you looking for this feature?
0
 
LVL 61

Assisted Solution

by:btan
btan earned 250 total points
ID: 39210456
likewise ipad will remember the credential for known joined wifi (stated under the wifi setting example @ http://www.bleepingcomputer.com/tutorials/connect-ipad-to-wireless-network/) unless it is...
 Forget network setting (@ http://ipad.about.com/od/iPad_Troubleshooting/ss/How-To-Fix-My-Ipad-Wont-Connect-To-Wi-Fi_6.htm) - but back to same issue - it is one time only. Unless there is timeout or power on/off the ipad but it is not solving totally.

I saw in ios5 there is a autologin setting to disable like the link but not sure if it reliable @ http://forums.imore.com/ios-5/222989-saving-wifi-login-details.html

However I saw this para stating autologin of MDM API in IOS5 extracted from link but did not managed to delve further though. It may give us further hints - not sure if MI can disable that
http://news.idg.no/cw/art.cfm?id=E0448736-1A64-6A71-CE414B0E6A2E08E0

Device management API changesThe mobile device management (MDM) APIs in iOS 5 have been updated so that MDM tools from, say, MobileIron will be able to turn off iCloud syncing, require the use of a password to access iTunes, disable email forwarding, delete -- not just render inaccessible -- apps (both individually and for all corporate-provisioned apps), disable voice and data roaming, set policies for the handling of nontrusted certificates, detect and reapply user-deleted MDM configuration profiles, set Web proxies, set autologin for approved Wi-Fi access points, send crash data, and monitor battery levels.
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 39212842
You should be able to set the profile in MI so that the wireless settings pushed to the iPad are configured to not cache the user's credentials.
0
 
LVL 36

Expert Comment

by:ArneLovius
ID: 39213106
Using a "captive portal" is the only way to "force" manual re-authentication on unmanaged devices when using the same credentials each time.
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 39213144
@Arne - that's true, although the devices in this scenario are 'managed' via MDM (Mobile Iron).  That means you 'could' schedule a re-push of the client profile which would force the cached credentials to disappear, although this really isn't practical if you have a lot of devices.
0
 
LVL 36

Expert Comment

by:ArneLovius
ID: 39213255
@craigbeck "pushing" new profiles to "wipe" the existing could have other consequences...

I don't have MI, but having a look at Apple Configurator there is "Use Per-connection Password" which might be the equiv of denying caching...
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 45

Expert Comment

by:Craig Beck
ID: 39213718
No, you set a profile to include only certain settings, so you know exactly what it's doing.

You either use configurator, or MI.  You can't use both.
0
 
LVL 61

Expert Comment

by:btan
ID: 39214999
I was thinking to not saved username and password in safari as is it spelled out in the link
http://www.cultofmac.com/143897/how-to-delete-saved-usernames-passwords-in-mobile-safari-ios-tip/

MI appconnect has some password policy that possibly be set as well for the profile
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 39215044
That's for captive portal though @breadtan.

If I understand correctly the OP wants to forget cached PEAP credentials.
0
 
LVL 61

Expert Comment

by:btan
ID: 39215394
Thanks craigbeck. I was suspecting if it is browser so such form filler disable may do the trick else MI will come in if it has been deployed MI sentry and VSP to enforce password policy per app.
0
 
LVL 20

Expert Comment

by:Jakob Digranes
ID: 39215869
Okay - Mobile Iron is MDM software
That means that he most likely - easily - could deploy certificates to the devices --- i guess
Then setting the wireless network up with EAP-TLS could be an answer ... full device control and security all the way
and with captive portal as a second option???
0
 
LVL 61

Expert Comment

by:btan
ID: 39216187
Nonetheless certificate still a must for server side auth in EAP amd for mobile device support, the ssl vpn for remote access is a need for most enterprise.

MI has apptunnel per app and appconnect to enforce policy on app wrapped or protected. MI is also MAM on top of MDM. Understand there is an Appconnect password policy for defining inactivity period per appconnect protected app i.e. such that  when the device user has not touched the device for the defined max duration of the timeout interval, the device user must reenter the AppConnect passcode to access AppConnect protected apps
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now