You must configure an appmark for the application. Users can access the application through its appmark. For information about appmarks, see Section 7.0, Appmarks.
After creating appmarks, you must configure MobileAccess to enable users to register their mobile devices through the MobileAccess app (iOS or Android). Users can access the appmarks through a browser on a desktop without enabling MobileAccess.
NOTE:MobileAccess communicates only over an HTTPS connection. MobileAccess does not work with HTTP.
IMPORTANT:Ensure that the certificate of the Identity Server cluster contains a Subject Alternate Name. The MobileAccess app will not work if the Subject Alternate Name field is empty.
To configure MobileAccess:
Log in as an administrator to Administration Console.
In Administration Console Dashboard under Administration Tasks, click MobileAccess.
Select the IDP cluster that contains the appmarks you want to enable for the MobileAccess app.
Select Enable MobileAccess to enable users to register their devices if they have the MobileAccess apps installed.
(MobileAccess app) In Device display name, specify your company name. This name appears in the bar at the top of the MobileAccess app window on users’ mobile devices.
(MobileAccess 2 app) Navigate to Dashboard > Branding, specify your company name under Title.
In Roles, select the roles that users can view the appmarks on the MobileAccess app.
If you do not select a role, users can view all appmarks on the MobileAccess app. If you add a role, only users with that role can view the appmarks. If you add multiple roles, users in any of those roles can view and access the appmarks.
In Mobile device registration contract, select the contract that users will see to register their devices through the MobileAccess apps. You can select any contracts listed. However, not all Access Manager Appliance contracts work with mobile devices.
IMPORTANT:Ensure that the contract you select works with mobile devices. In general, any basic authentication or certificate contracts do not work on mobile devices.
In Methods satisfied by mobile authentication, select the authentication methods that are satisfied after users have successfully registered a mobile device.
In Password Prompt, select how long users can continue to use an authenticated password on mobile devices before re-authentication is required.
In PIN Prompt, select whether users must set a PIN for the MobileAccess app on their mobile devices, and whether they must re-enter the PIN after a period of inactivity. You can change this requirement at anytime. For more information, see Section 8.5, Understanding the MobileAccess PIN.
NOTE:By default, users can enter their PIN incorrectly five times. On the fifth attempt, the application deregisters the mobile device and removes the current PIN. However, if the users use the MobileAccess 2 app, and enter the PIN incorrectly for more than five times, the application does not deregister the mobile device.
Click Save.
Repeat the procedure for each Identity Server cluster that contains appmarks.