Having Mobile Users Authenticate to Wireless Network each Time

I would like users to authenticate to our Wireless Network each time they log into there IPADs... Currently when the user first connects they must put in the MobileIron strong password then select the Wireless Network they want to connect to, using Windows AD user ID and Password... The next time they try and connect, they enter there MobileIron password to unlock there IPAD and they automaticlly Join the network... I would like them to reenter there User Name and Password...
axl13Asked:
Who is Participating?
 
Jakob DigranesConnect With a Mentor Senior ConsultantCommented:
This is handled by your iPads --- that they remember your credentials. You can set your wireless to reauthenticate users every 60mins - but the users (or clients) will just use already stored credentials.

So unless there's a way to get the iPad to forget network every time - I did try google, but came up with little useful information.

You could however use captive portal in addition to wireless network authentication, so after they've connected - they are redirected to a web page where they must login to get access.

Maybe other solutions aswell, but then - why are you looking for this feature?
0
 
btanConnect With a Mentor Exec ConsultantCommented:
likewise ipad will remember the credential for known joined wifi (stated under the wifi setting example @ http://www.bleepingcomputer.com/tutorials/connect-ipad-to-wireless-network/) unless it is...
 Forget network setting (@ http://ipad.about.com/od/iPad_Troubleshooting/ss/How-To-Fix-My-Ipad-Wont-Connect-To-Wi-Fi_6.htm) - but back to same issue - it is one time only. Unless there is timeout or power on/off the ipad but it is not solving totally.

I saw in ios5 there is a autologin setting to disable like the link but not sure if it reliable @ http://forums.imore.com/ios-5/222989-saving-wifi-login-details.html

However I saw this para stating autologin of MDM API in IOS5 extracted from link but did not managed to delve further though. It may give us further hints - not sure if MI can disable that
http://news.idg.no/cw/art.cfm?id=E0448736-1A64-6A71-CE414B0E6A2E08E0

Device management API changesThe mobile device management (MDM) APIs in iOS 5 have been updated so that MDM tools from, say, MobileIron will be able to turn off iCloud syncing, require the use of a password to access iTunes, disable email forwarding, delete -- not just render inaccessible -- apps (both individually and for all corporate-provisioned apps), disable voice and data roaming, set policies for the handling of nontrusted certificates, detect and reapply user-deleted MDM configuration profiles, set Web proxies, set autologin for approved Wi-Fi access points, send crash data, and monitor battery levels.
0
 
Craig BeckCommented:
You should be able to set the profile in MI so that the wireless settings pushed to the iPad are configured to not cache the user's credentials.
0
IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

 
ArneLoviusCommented:
Using a "captive portal" is the only way to "force" manual re-authentication on unmanaged devices when using the same credentials each time.
0
 
Craig BeckCommented:
@Arne - that's true, although the devices in this scenario are 'managed' via MDM (Mobile Iron).  That means you 'could' schedule a re-push of the client profile which would force the cached credentials to disappear, although this really isn't practical if you have a lot of devices.
0
 
ArneLoviusCommented:
@craigbeck "pushing" new profiles to "wipe" the existing could have other consequences...

I don't have MI, but having a look at Apple Configurator there is "Use Per-connection Password" which might be the equiv of denying caching...
0
 
Craig BeckCommented:
No, you set a profile to include only certain settings, so you know exactly what it's doing.

You either use configurator, or MI.  You can't use both.
0
 
btanExec ConsultantCommented:
I was thinking to not saved username and password in safari as is it spelled out in the link
http://www.cultofmac.com/143897/how-to-delete-saved-usernames-passwords-in-mobile-safari-ios-tip/

MI appconnect has some password policy that possibly be set as well for the profile
0
 
Craig BeckCommented:
That's for captive portal though @breadtan.

If I understand correctly the OP wants to forget cached PEAP credentials.
0
 
btanExec ConsultantCommented:
Thanks craigbeck. I was suspecting if it is browser so such form filler disable may do the trick else MI will come in if it has been deployed MI sentry and VSP to enforce password policy per app.
0
 
Jakob DigranesSenior ConsultantCommented:
Okay - Mobile Iron is MDM software
That means that he most likely - easily - could deploy certificates to the devices --- i guess
Then setting the wireless network up with EAP-TLS could be an answer ... full device control and security all the way
and with captive portal as a second option???
0
 
btanExec ConsultantCommented:
Nonetheless certificate still a must for server side auth in EAP amd for mobile device support, the ssl vpn for remote access is a need for most enterprise.

MI has apptunnel per app and appconnect to enforce policy on app wrapped or protected. MI is also MAM on top of MDM. Understand there is an Appconnect password policy for defining inactivity period per appconnect protected app i.e. such that  when the device user has not touched the device for the defined max duration of the timeout interval, the device user must reenter the AppConnect passcode to access AppConnect protected apps
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.