Before you install
XenMobile components, you need to determine what authentication types you use
to authenticate users. XenMobile supports several authentication types. It is important to choose the authentication method you want to configure before you deploy XenMobile; if you implement an authentication method for users and then change the method after users enroll or you implement Worx PIN, they will need to enroll again.
XenMobile supports the following authentication types:
You can configure the
following authentication types for two-factor authentication:
XenMobile 8.6 introduces support for client certificate authentication. Users can now authenticate their devices seamlessly to XenMobile using client certificates, giving administrators the choice of authenticating their users using Active Directory credentials or client certificates. By using client certificates, users will only need to use their own chosen PIN number to log on with single sign-on (SSO) to any of the Worx-enabled apps.
also simplifies the user authentication experience. Worx PIN is used to secure a
client certificate or save Active Directory credentials locally on the device.
If you configure Worx PIN settings in App Controller, when users start Worx
Home for the first time, they receive a prompt to enter a PIN, which caches the
Active Directory credentials. When users subsequently start Worx Home,
WorxMail, or WorxWeb, they enter the PIN and log on. This simplifies the logon
process on the mobile device.
information about configure Worx PIN, see
Configuring Worx PIN Options.
using two-factor authentication for the highest security and recommends that you combine Worx PIN with Active Directory and client certificate
authentication, which allows for the security of two-factor authentication
while maintaining a streamlined user experience.
For instructions on how to configure client certificate authentication in XenMobile, see http://support.citrix.com/article/CTX139857.
architecture supports the following authentication combinations: