Access Manager administrators can manage and deregister user mobile devices in the Administration Console. So, if a registered mobile device is lost or stolen, or an employee leaves the company, you can ensure that unauthorized users cannot access corporate resources.
Users can also deregister their own mobile devices, either from their device or from the user portal page after they log in. A mobile device that has previously been deregistered can be reregistered by the same user. However, for a different user to use the deregistered mobile device, the user must delete and reinstall the MobileAccess app on the device before reregistering the device.
Use the information in the following sections to help you manage mobile devices:
If you are logged in to the Administration Console as an administrator, you have the option to search for and deregister devices that are registered to other users. Users can manage their own devices from the user portal page after they log in.
To deregister mobile devices:
In the Administration Console, click User Devices.
Select the IDP cluster that contains the user.
If you want to search for the devices belonging to a particular user, enter the user name in the User field.
or
Browse the list of devices the Administration Console displays.
Click the Delete icon next to the device you want to deregister, then click OK on the confirmation message.
After a mobile device has been deregistered, the device can be registered to a new user. However, the MobileAccess app on the device must first be deleted and reinstalled. For more information, see Deleting and Reinstalling the MobileAccess App on a Device.
Users who have previously registered a mobile device can deregister the device if necessary. For more information, see Deregistering Your Device
in the NetIQ® Access Manager Mobile Users QuickStart.
NOTE:Users can uninstall the MobileAccess app on a mobile device after the device has been deregistered. However, if the MobileAccess app is uninstalled without the device first being deregistered, the device continues to appear on the Devices page. The administrator or user can delete the device from the Devices page in the Administration console.
After a mobile device has been deregistered, the MobileAccess app on the device must be deleted and reinstalled before a different user can reregister the device.
To delete and reinstall the MobileAccess app on a device:
Follow the instructions to uninstall the MobileAccess app:
Reinstall the MobileAccess app. For more information, see Installing the MobileAccess App
in the NetIQ® Access Manager Mobile Users QuickStart.
You can add the Access Manager certificate authority (CA) certificate to an iOS mobile device by performing the following steps:
NOTE:This procedure does not work in Chrome.
To install a self-signed certificate on the mobile device:
Take the Access Manager CA certificate and email it to the user who has an email account configured on the mobile device. Alternatively, you could put it on a web or FTP site that is accessible from the mobile device.
Open the email, website or FTP site on the mobile device and tap the certificate attachment.
In the Install Profile window, tap Install.
Read the warning, then tap Install.
Verify that the certificate reads Trusted with a green check mark in the Profile Installed window.
(Conditional) If the certificate is not trusted, something is wrong with the certificate and the MobileAccess app will not work. Go back and try to generate the certificate again.
Tap Done.
Specify the appliance DNS name in the Safari address bar and ensure that there is no warning about an untrusted certificate.