MobileIron 带有用于身份验证的共享点 [英] MobileIron with sharepoint for authentication
问题描述
我们是否有任何内置功能来对从移动设备到 SharePoint 的用户进行身份验证和授权?
Do we have any in-built feature to authenticate and authorize a user from mobile iron to SharePoint?
现在用户将通过移动设备进行身份验证,他必须无缝登录到 SharePoint.
User will be authenticated via mobile iron now he must be login to SharePoint seamlessly.
推荐答案
借助 MobileIron,您可以使用 Kerberos 约束委派 (KCD) 对 MobileIron Sentry 背后的系统/通过 Sentry 访问的系统进行无缝身份验证.可通过 MobileIron 的支持访问获得一个专用文档,其中详细解释了这些内容.
With MobileIron you can use Kerberos Constrained Delegetion (KCD) for seamless authentication to a system behind the MobileIron Sentry / accessed through the Sentry. There is a dedicated document available through support access from MobileIron where this stuff is explained in detail.
此时我将仅指出使用 MobileIron Web@Work 浏览器访问 SharePoint 的整个过程:
At this point I'll only point out the overall process to access SharePoint with the MobileIron Web@Work browser:
- 您必须通过 MobileIron 为用户部署用户证书验证.
- 您还需要为 Sharepoint 站点设置 KCD/网络服务器:Active Directory (AD) ServíceAccount 用于获取来自域控制器 (DC) 的 Kerberos Ticktes,配置服务您要访问的资源的主要名称,以及服务帐户的身份验证委托资源.
- 使用服务定义配置 Web@Work 配置,以使用 KCD 访问专用 SharePoint 站点.
如果一切就绪,访问/认证过程如下:当设备连接到哨兵以访问配置的 Sharepoint 站点/网络服务器时,它会使用用户证书对哨兵进行身份验证,并将请求发送到资源.Sentry 转到密钥分发中心 (KDC),这是 AD DC 上的一项服务,为具有服务帐户的用户请求 Kerberos 票证,并将此票证附加到转发给 SharePoint Web 服务器的 Web 请求.
If all is in place the access / authentication process is as follows: When the device connects to the sentry to access the configured Sharepoint Site / Webserver it authenticates with the user certificate to the Sentry and sends the requests to the ressource. The Sentry goes to to the Key Distribution Center (KDC), that's a service on an AD DC, requests a Kerberos ticket for the user with the service account and attaches this ticket to the forwarded web request to the SharePoint web server.
如您所见,设置起来并不简单,但效果很好,用户会喜欢您的 ;-)
As you can see it's not very simple to set it up but works fine and the users will love you ;-)
这篇关于MobileIron 带有用于身份验证的共享点的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
