Forum Discussion

Steven_Crawford's avatar
Steven_Crawford
Copper Contributor
Jan 03, 2024

iOS App Mututal TLS

I am in the process of planning the migration of multiple enterprise Apps from MobileIron to Intune.  The existing Apps receive user-specific client certificates from MobileIron which are used for au...
Intune
mobile device management (mdm)
DBerry645's avatar
DBerry645
Copper Contributor
Jan 03, 2024

Hey Steven,

 

I was pretty much in your place about a year ago, MobileIron to Intune move. I ended up setting up NDES for SCEP and a PKI to deploy user certificates to iOS devices using the Intune certificate connector. https://youtu.be/4EZRszjsZJs?si=PKsYFLUQ4RGNkNNk

 

So far it has worked really well for us, only things you'll really need to think about is having a public place to host your PKIs CRL, a azure storage account and a script to copy it up will do the job and setting up a set of NDES and SCEP servers along with Azure AD App Proxy for deployment though you don't need the App Proxy it's just a nice way to do it.

Steven_Crawford's avatar
Steven_Crawford
Copper Contributor
Jan 03, 2024

Hallo DBerry,

 

that sounds interesting and I'll look at the video.  Just to clarify: we already have SCEP certificates on the device, the problem is that the App cannot access them, as they are in the system keychain.

 

Did you manage to get the certificates accessible from within an App using this method?  Or did you get the Azure AD App proxy to add the client certificate to the request going to the backend?

 

Technically I don't need mutual TLS to the backend, but I do need to provide a user certificate in the "SSL_CLIENT_CERT" HTTP header.

 

 

Resources