Solved

Having Mobile Users Authenticate to Wireless Network each Time

Posted on 2013-05-30
12
1,367 Views
Last Modified: 2013-06-13
I would like users to authenticate to our Wireless Network each time they log into there IPADs... Currently when the user first connects they must put in the MobileIron strong password then select the Wireless Network they want to connect to, using Windows AD user ID and Password... The next time they try and connect, they enter there MobileIron password to unlock there IPAD and they automaticlly Join the network... I would like them to reenter there User Name and Password...
0
Comment
Question by:axl13
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
  • +1
12 Comments
 
LVL 21

Accepted Solution

by:
Jakob Digranes earned 250 total points
ID: 39210400
This is handled by your iPads --- that they remember your credentials. You can set your wireless to reauthenticate users every 60mins - but the users (or clients) will just use already stored credentials.

So unless there's a way to get the iPad to forget network every time - I did try google, but came up with little useful information.

You could however use captive portal in addition to wireless network authentication, so after they've connected - they are redirected to a web page where they must login to get access.

Maybe other solutions aswell, but then - why are you looking for this feature?
0
 
LVL 63

Assisted Solution

by:btan
btan earned 250 total points
ID: 39210456
likewise ipad will remember the credential for known joined wifi (stated under the wifi setting example @ http://www.bleepingcomputer.com/tutorials/connect-ipad-to-wireless-network/) unless it is...
 Forget network setting (@ http://ipad.about.com/od/iPad_Troubleshooting/ss/How-To-Fix-My-Ipad-Wont-Connect-To-Wi-Fi_6.htm) - but back to same issue - it is one time only. Unless there is timeout or power on/off the ipad but it is not solving totally.

I saw in ios5 there is a autologin setting to disable like the link but not sure if it reliable @ http://forums.imore.com/ios-5/222989-saving-wifi-login-details.html

However I saw this para stating autologin of MDM API in IOS5 extracted from link but did not managed to delve further though. It may give us further hints - not sure if MI can disable that
http://news.idg.no/cw/art.cfm?id=E0448736-1A64-6A71-CE414B0E6A2E08E0

Device management API changesThe mobile device management (MDM) APIs in iOS 5 have been updated so that MDM tools from, say, MobileIron will be able to turn off iCloud syncing, require the use of a password to access iTunes, disable email forwarding, delete -- not just render inaccessible -- apps (both individually and for all corporate-provisioned apps), disable voice and data roaming, set policies for the handling of nontrusted certificates, detect and reapply user-deleted MDM configuration profiles, set Web proxies, set autologin for approved Wi-Fi access points, send crash data, and monitor battery levels.
0
 
LVL 46

Expert Comment

by:Craig Beck
ID: 39212842
You should be able to set the profile in MI so that the wireless settings pushed to the iPad are configured to not cache the user's credentials.
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 37

Expert Comment

by:ArneLovius
ID: 39213106
Using a "captive portal" is the only way to "force" manual re-authentication on unmanaged devices when using the same credentials each time.
0
 
LVL 46

Expert Comment

by:Craig Beck
ID: 39213144
@Arne - that's true, although the devices in this scenario are 'managed' via MDM (Mobile Iron).  That means you 'could' schedule a re-push of the client profile which would force the cached credentials to disappear, although this really isn't practical if you have a lot of devices.
0
 
LVL 37

Expert Comment

by:ArneLovius
ID: 39213255
@craigbeck "pushing" new profiles to "wipe" the existing could have other consequences...

I don't have MI, but having a look at Apple Configurator there is "Use Per-connection Password" which might be the equiv of denying caching...
0
 
LVL 46

Expert Comment

by:Craig Beck
ID: 39213718
No, you set a profile to include only certain settings, so you know exactly what it's doing.

You either use configurator, or MI.  You can't use both.
0
 
LVL 63

Expert Comment

by:btan
ID: 39214999
I was thinking to not saved username and password in safari as is it spelled out in the link
http://www.cultofmac.com/143897/how-to-delete-saved-usernames-passwords-in-mobile-safari-ios-tip/

MI appconnect has some password policy that possibly be set as well for the profile
0
 
LVL 46

Expert Comment

by:Craig Beck
ID: 39215044
That's for captive portal though @breadtan.

If I understand correctly the OP wants to forget cached PEAP credentials.
0
 
LVL 63

Expert Comment

by:btan
ID: 39215394
Thanks craigbeck. I was suspecting if it is browser so such form filler disable may do the trick else MI will come in if it has been deployed MI sentry and VSP to enforce password policy per app.
0
 
LVL 21

Expert Comment

by:Jakob Digranes
ID: 39215869
Okay - Mobile Iron is MDM software
That means that he most likely - easily - could deploy certificates to the devices --- i guess
Then setting the wireless network up with EAP-TLS could be an answer ... full device control and security all the way
and with captive portal as a second option???
0
 
LVL 63

Expert Comment

by:btan
ID: 39216187
Nonetheless certificate still a must for server side auth in EAP amd for mobile device support, the ssl vpn for remote access is a need for most enterprise.

MI has apptunnel per app and appconnect to enforce policy on app wrapped or protected. MI is also MAM on top of MDM. Understand there is an Appconnect password policy for defining inactivity period per appconnect protected app i.e. such that  when the device user has not touched the device for the defined max duration of the timeout interval, the device user must reenter the AppConnect passcode to access AppConnect protected apps
0

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question