I have some MDM solution that we've developed through which we want to support managing iOS devices. Even though we'd already been able to successfully enrol and manage iOS devices via the same, I am trying to figure out a way to secure all web service invocations with OAuth, which take place between the native app running on iOS devices, connecting to the Enrolment and other APIs deployed as part of the MDM solution. Apparently, we've got limited control over modifying the native app to embed OAuth access tokens in the form of HTTP headers or some other means to be able to send those access tokens across to the MDM APIs, as the app logic cannot be modified. Do we have any configuration in the Enterprise App that runs on iOS devices to enable OAuth (or any other form of authentication) or some other means, which I can effectively use to get my requirement implemented?
OAuth to secure iOS MDM enrolment process
415 views Asked by Prabath Abeysekara At
1
There are 1 answers
Related Questions in IOS
- URLSession requesting JSON array from server not working
- Incorrect display of LinearGradientBrush in IOS
- Module not found when building flutter app for IOS
- How to share metadata of an audio url file to a WhatsApp conversation with friends
- Occasional crash at NSURLSessionDataTask dataTaskWithRequest:completionHandler:
- Expo Deep linking on iOS is not working (because of Google sign-in?)
- On iOS, the keyboard does not offer a 6-character SMS code
- Hi, there is an error happened when I build my flutter app, after I'm installing firebase packages occurs that error
- The copy/paste functionalities don't work only on iOS in the Flutter app
- Hide LiveActivityIntent Button from Shortcuts App
- While Running Github Actions Pipeline: No Signing Certificate "iOS Development" found: No "iOS Development" signing certificate matching team ID
- Actionable notification api call not working in background
- Accessibility : Full keyboard access with scroll view in swiftui
- There is a problem with the request entity - You are not allowed to create 'iOS' profile with App ID 'XXXX'
- I am getting "binding has not yet been initialized" error when trying to connect firebase with flutter
Related Questions in OAUTH
- Lambda endpoint for the Google OAuth callback does not recieve the access_token
- Miro oauth api throws error 401 Invalid authorization code
- Error from Identity Provider - OIDC Scope Error
- get refresh token in axios interceptor
- How would single sign-on work for my multi-tenant application?
- How to get OAuth2 Access token from Postman
- How to use Oauth in order to log‑in on .googleapis.com on almost any arbitrary endpoints domains from the web browser?
- How to fix common 500 internal server error when use POST method on NEXTJS
- How to use a different account for OAuth with dbt-core and profiles.yml?
- ASP.NET Core Google external login issue
- Implementing IDP Initiated Flow Using OIDC
- Migration of UseOAuthAuthorizationServer from .Net Framework to .Net8
- Django Allauth Bad Request Error, Error Retrieving Access Token: Invalid Grant
- angular oauth 2 oidc doesn't work with github idp
- Handling oauth in flutter app without browser
Related Questions in OAUTH-2.0
- discord.py - Oauth2 - join user to guild
- Implementing Incremental consent when using both application and delegated permissions
- Verifying Google Identity OAuth2 token with Ruby
- spring security error Caused by: org.attoparser.ParseException: Exception evaluating SpringEL expression: s
- Encountering HttpError 403 and 500 When Using Google Sheets API with Service Account
- get refresh token in axios interceptor
- spring error exception with oauth2 and securityconfig
- What oauth 2.0 endpoint is used to validate a bearer token
- Not enough permissions to access API request https://api.linkedin.com/v2/me
- How to specify the client ID and redirect URI in Swagger OAuth2.0 configuration for Swagger UI?
- OAuth2 PHP change invalid_token response
- Call Databricks API from an ASP.NET Core web application
- Secure to share Access Token over public API using CORs?
- How to use Oauth in order to log‑in on .googleapis.com on almost any arbitrary endpoints domains from the web browser?
- OAuth access token attribute based reverse proxying of http ressources
Related Questions in MDM
- How can I provide a signed iOS app IPA file to an organization for MDM distribution?
- Intune IpadOS disable Safari quick notes
- Automatically Assign Default Configuration Profile to New Devices in DEP?
- RestrictionsManager not able to get policy managed configurations in Android
- Setting default browser programmatically
- SOTI MobiControl does see my Managed configuration if I upload my apk manually
- how to use MDM Clipboard API with http requests JS
- Implement Mobile Device Management for Xamarin Forms code to capture the policy sent via the MDM
- Can't close Finalize Activity in my app and repeat it during provision and enrollment using scan QR code in android version 12
- How to Run Application as Administrator in the Context of the User
- PowerShell script to download and extract Apache JMeter not working
- Does Google EMM API support Enterprise Enrolment via G-Suite Account?
- Implementing Kiosk Mode Without User Interaction or Rooting: Feasibility and Methods in Android
- Installing a private key via SyncML on Windows
- Is it possible to give my Android app root permissions without rooting the device? Perhaps with an MDM or a UEM?
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
iOS enrollment flow associate with a challenge token in the SCEP payload (mentioned as Challenge). Once you do the authentication from MDM server side there needs to be a unique token generated based on your user identity and embed that in this SCEP payload. For subsequent enrollment calls this token is passed and once the enrollment success this can be fetched and validate the user. Ideally this is just a way to link the device to a specific user which could be a temporary token generated at your MDM server end which link to a user identity or something related. To follow that you could apply OAuth password grant type and get the token once the authentication happens. Then this OAuth token can be then set as this challenge token for future use. But unlike in other OAuth communications iOS will not send this token in header as the bearer rather this will be embedded in the xml payload with proper encryption and signing in place.
Further iOS support protocol extension to validate users with open directory service using an auth token. This will by default have the ability to communicate back and forth using the checkin endpoint.