MobileIron
Before You Begin
Introduction
This document describes how to configure Oracle Identity Cloud Service to provide Single Sign-On (SSO) for MobileIron using SAML.
About MobileIron
MobileIron offers solutions for Mobile Device Management (MDM) and Enterprise Mobility Management (EMM). MobileIron provides enterprise mobile solutions that meet both user demands and IT needs.
After integrating MobileIron with Oracle Identity Cloud Service:
- Users can access MobileIron using their Oracle Identity Cloud Service login credentials.
- Admins can assign and revoke user access to the MobileIron app using the Oracle Identity Cloud Service administration console.
What Do You Need?
- An Oracle Identity Cloud Service account with authorization rights to manage apps and users (Identity Domain Administrator or Application Administrator).
- A MobileIron account with authorization rights to configure federated authentication.
- Ensure that the email ID of each user in MobileIron matches the primary email ID of the Oracle Identity Cloud Service account.
Configuring the MobileIron App in Oracle Identity Cloud Service
Use this section to register and activate the MobileIron app, and then assign users to the app.
Prerequisite Steps
A host name and a Universally Unique Identifier (UUID) are required before you can register and activate the MobileIron app. You obtain these values from MobileIron metadata.
Access MobileIron as an administrator using the URL:
https://login.mobileiron.com.Enter your email address, and then click Sign In.
Enter credentials for an admin user, and then click Sign In. The MobileIron home page appears.
Click Admin.
Click Identity, and then click Generic IDP Setup.
Click Download. In the downloaded metadata, the host name and UUID appear in the AssertionConsumerService (ACS) URL:
https://<Host_Name>.mobileiron.com/saml/SSO/alias/<UUID>.
Registering and Activating the MobileIron App
Access the Oracle Identity Cloud Service administration console, select Applications, and then click Add.
Click App Catalog.
Search for
MobileIron, and then click Add.In the App Details section, enter your MobileIron Host Name and UUID, and then click Next.
Note: These are the values that you obtained while performing the steps in the "Prerequisite Steps" section.
Click Download Identity Provider Metadata.
Tip: Use this file later during the MobileIron configuration in the "Configuring SSO for MobileIron" section.
Click Finish. Oracle Identity Cloud Service displays a confirmation message.
Click Activate, and then click Activate Application. Oracle Identity Cloud Service displays a confirmation message.
Assigning Users to the MobileIron App
On the MobileIron app page in Oracle Identity Cloud Service, select Users, and then click Assign. The Assign Users window appears.
Select users that you need to assign to MobileIron, and then click OK. Oracle Identity Cloud Service displays a confirmation message stating that the MobileIron app is assigned to the users that you selected.
Configuring SSO for MobileIron
Access MobileIron as an administrator using the URL:
https://login.mobileiron.com.Enter your email address, and then click Sign In.
Enter credentials for an admin user, and then click Sign In. The MobileIron home page appears.
Click Admin.
Click Identity, and then click Generic IDP Setup.
Click Download to download MobileIron metadata.
Note: You need to download MobileIron metadata again if the session used during "Prerequisite Steps" section is closed.
Click Choose File, upload the metadata file that you downloaded during MobileIron registration in Oracle Identity Cloud Service, and then click Done. See the "Registering and Activating the MobileIron App" section.
Note: You need to assign a role (Administrative or Helpdesk) to the respective user to enable SSO in MobileIron.
Verifying the Integration
Use this section to verify that SSO works when initiated from MobileIron (SP initiated SSO).
Verifying Service Provider Initiated SSO from MobileIron
Access MobileIron using the URL:
https://login.mobileiron.com.Enter your email address, and then click Sign In. You are redirected to the Oracle Identity Cloud Service login page.
Log in using credentials for a user that is assigned to the MobileIron app. The MobileIron home page appears.
Confirm that the user that is logged in is the same for both MobileIron and Oracle Identity Cloud Service.
This confirms that SSO that is initiated from MobileIron works.
Troubleshooting
Use this section to locate solutions to common integration issues.
Known Issues
MobileIron displays the message, "The username you entered is incorrect."
Cause: The user that you assign to the MobileIron app in Oracle Identity Cloud Service doesn't exist in MobileIron.
Solution: Ensure that the user that you assign to the MobileIron app has an account in both Oracle Identity Cloud Service and MobileIron with the same email address.
Oracle Identity Cloud Service displays the message, “There is a problem with your account. Please contact Support."
Cause: The SAML 2.0 integration between the Oracle Identity Cloud Service MobileIron app and MobileIron is deactivated.
Solution:
- Access the Oracle Identity Cloud Service administration console, select Applications, and then select MobileIron.
- In the App Details section, click Activate, and then click Activate Application. Oracle Identity Cloud Service displays a confirmation message.
Unknown Issues
For unknown issues, contact Oracle Support:
Go to https://support.oracle.com.
Select Cloud Support, and then sign in with your support credentials.
In the Cloud Dashboard, confirm that there are no planned outages in Oracle Identity Cloud Service, and then click Create Service Request.
Select Oracle Identity Cloud Service as the service type.
Complete your service request.