07-01-2018 09:06 AM - edited 03-18-2019 02:12 PM
I see in 8.1 VCS documentation its possible to authenticate devices via certificates configured in Zones,
Can we restrict MRA registrations in Expressway by user certificate? We are deploying endpoint certificates to BYOD. devices. No SSO. Running latest Expressway 8.10
Solved! Go to Solution.
07-01-2018 12:34 PM - edited 07-01-2018 12:40 PM
Not at this time with physical phones. MRA relies on username/password credentials. If you want certificates-based authentication you need to use PhoneVPN.
For Jabber clients this is possible if you’re using SSO since authentication happens directly between the Jabber client’s native OS browser and the IdP. Jabber doesn’t care - nor is it aware of - how you authenticate to the IdP. The one footnote to this is that you have to allow cross-launch by protocol handler on iOS. This is disabled by default by an Enterprise Parameter on CUCM and also Expressway.
07-01-2018 12:34 PM - edited 07-01-2018 12:40 PM
Not at this time with physical phones. MRA relies on username/password credentials. If you want certificates-based authentication you need to use PhoneVPN.
For Jabber clients this is possible if you’re using SSO since authentication happens directly between the Jabber client’s native OS browser and the IdP. Jabber doesn’t care - nor is it aware of - how you authenticate to the IdP. The one footnote to this is that you have to allow cross-launch by protocol handler on iOS. This is disabled by default by an Enterprise Parameter on CUCM and also Expressway.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide