WIXLIB

Mobile Iron Core - Setup GuideMobile Iron Core - Setup Guide1Prerequisites2App Availability2Device Compatibility2Reachable KDC2Add Hypergate to Mobile Iron Apps3Enable Android Enterprise Support4Managed Configuration of Hypergate5Managed Configuration in Detail7This document aims to help you setup Hypergate with your Mobile Iron Core Instance, in order to deployand integrate Hypergate within your organization. It is a step-by-step guide, leading you through thecomplete process that allows to successfully deploy and test Hypergate.Papers GmbHBadstrasse 18b 41 44 512 90 045408 Ennetbadencontact@papers.ch1

PrerequisitesMobileIron Core/Cloud must be enabled for Android Enterprise to use Android Enterprisework profile apps. To enable MobileIron Core/Cloud to provide Android Enterprisefeatures, you must perform setup steps with Google, MobileIron Support, and MobileIronCore/Cloud Admin Console. Please ensure these steps are completed first. Core Admin Guide: d Admin Guide: https://community.mobileiron.com/docs/DOC-2999App AvailabilityHypergate is available through the Google Play Store, and Updates are released through this channel aswell. You can find Hypergate through your Mobile Iron Core Interface if your organization has beenadded to the Hypergate Google Play Publishing Tool, a change that is done by the Hypergate Team.Device CompatibilityThe Hypergate Android Application requires a minimum of Android 7.0.Reachable KDCYour Kerberos KDC has to be reachable from the Device, either through a public URL or by using a VPNApplication like Mobile Iron “Tunnel”.Papers GmbHBadstrasse 18b 41 44 512 90 045408 Ennetbadencontact@papers.ch2

Add Hypergate to Mobile Iron AppsSwitch to the “Apps” view and click on “Add”.You will be redirected to the page shown above. To add Hypergate:1.2.Select “Google Play” in the top row of store selectionsCheck “Skip this step and provide Bundle ID and all app details” towards the bottom of the pagePapers GmbHBadstrasse 18b 41 44 512 90 045408 Ennetbadencontact@papers.ch3

Now, click “Next”.Enter the following details: Package Name: “ch.papers.hypergate”Application Name: “Hypergate”Min. OS Version: “7.0”Description: “Android Kerberos SSO Authenticator”Now, click “Next”.Enable Android Enterprise SupportAfter the successful import, “Edit” the Hypergate Application again and enable “Install this App forAndroid Enterprise” in the Android Enterprise Section.Papers GmbHBadstrasse 18b 41 44 512 90 045408 Ennetbadencontact@papers.ch4

Managed Configuration of HypergateTo properly configure Hypergate for authentication with your Kerberos environment, Hypergateexposes a set of managed configuration properties that can be managed within Mobile Iron Core. Visitthe Hypergate App entry and click on “Edit” at the top. Then scroll down until you can see “DefaultConfiguration for Hypergate”, which you can show completely by clicking on the small arrow. Thisreveals the available configuration options for Hypergate.The following properties are required for Hypergate to work properly:Configuration KeyDescriptionExampleUsernameKerberos Username USERID Default RealmHostname of your KerberosRealmHYPERGATE.MEKey Distribution CenterHostname for your KerberosKDCKDC.HYPERGATE.MEDiscoverability PackagenameListApps that are able to useHypergate as default SPNEGOAuthenticator, given they usethe Google Account API. Workswith native Google Chrome.com.android.chromeCheck either of “Use username and password” or “Is certificate authentication enabled”Papers GmbHBadstrasse 18b 41 44 512 90 045408 Ennetbadencontact@papers.ch5

Additionally, for Certificate-based Authentication , the following properties are required as well :Configuration KeyDescriptionExamplePKInit Certificate AliasUsually set using a variable tothe certificate alias. CERT ALIAS SCEP Is certificate authenticationenabledRequired for Cert-BasedAuthentication Certificate AuthorityYour public *.cert-----BEGIN CERTIFICATE----DYLDKSDA.You can convert your *.cert file using our online tool ( https://converter.hypergate.me ). The certificate isnot sent anywhere, but converted locally in your browser. The tool is also available for download,additionally we are also able to help you to convert your certificate manually.You can choose to enable “Sentry Crash-Reporting” in order to help us gather more detailed informationabout potential problems, as crashes are sent to a service hosted within Papers that collects crashreports. This option might be helpful during the setup process, but is no requirement for a successfulproduction deployment.Papers GmbHBadstrasse 18b 41 44 512 90 045408 Ennetbadencontact@papers.ch6

Managed Configuration in DetailHypergate supports additional configuration options, outlined below. These have sensible defaults anddo not need to be configured in order for Hypergate to work.* required configuration keyConfiguration KeyDescriptionDefault ValueUsername*Username for Kerberos“”Use username and password instead ofcertificate authenticationIf Hypergate should use the Password Authentication byDefaultfalseIs certificate authentication enabledIf Certificate-Based authentication is enabledtrueDefault Realm*Default Kerberos Realm-Key Distribution Center*Default KDC Hostname-PKInit Certificate Alias*pkInit Certificate Alias-Optional PKInit KDC HostnamepkInit KDC Hostname-Certificate Authority*Certificate Authority-Packagename Whitelist*Packages/APKs that are allowed to call Hypergate forSSO using an explicit intent, accepts a single string orcomma-separated list of strings-Discoverability Packagename List*Packages/APKs that are allowed discover HypergatesCapability for SSO through an implicit Intent, accepts asingle string or comma-separated list of strings-Mail IntentPackage of E-Mail application to use to send Intent. ForGoogle Mail, such as “com.google.android.gm”-Username editableIf users are allowed to edit their usernametrueIs certificate authentication enabledIf Hypergate should allows Password AuthenticationfalseEdit ConfigurationIf users are allowed to edit the kerberos configuration ingeneraltrueView ConfigurationIf users are allowed to view the kerberos configurationtrueEdit SettingsIf users are allowed to edit settingstrueView SettingsIf users are allowed to view the settingstrueView LogsIf users are allowed to see the logs of the applicationtruePing KDCIf users are able to ping the KDCtrueSentry Crash-ReportingReports Crashes to a internal service of Hypergate, inorder to help with debugging and investigation of issues.falsePapers GmbHBadstrasse 18b 41 44 512 90 045408 Ennetbadencontact@papers.ch7

MobileIron Core/Cloud must be enabled for Android Enterprise to use Android Enterprise work profile apps. To enable MobileIron Core/Cloud to provide Android Enterprise features, you must perform setup steps with Google, MobileIron Support, and MobileIron Core/Cloud Admin Console. Please ensure these steps are completed first.File Size: 442KBPage Count: 7