Secure Mail SSO – Automatic Enrollment on Secure Mail

This post shows an option to ensure that users can access Secure Mail without entering Username and Password.

This basically eliminates the need of having Exchange ActiveSync to require SSL Client Certificate authentication for the purpose of single sign on.

This method uses XenMobile Secure Hub to pass credentials and provide automatic enrolment in Secure Mail.

Tested on both iOS and Android.

Requirements

  • Minimum XenMobile 10.4
  • MAM Enrolled

Following two Client Properties needs to be set on XenMobile Server:

ENABLE_CREDENTIAL_STORE

img-alternative-text

SEND_LDAP_ATTRIBUTES

Value: userPrincipalName=${user.userprincipalname},sAMAccountNAme=${user.samaccountname},
displayName=${user.displayName},mail=$

The attribute values are specified as macros, similar to MDM policies.

img-alternative-text

Following Server Property needs to be set on XenMobile Server:

MAM_MACRO_SUPPORT

img-alternative-text

These settings are also mentioned on Citrix Docs here:

docs.citrix

Leave a Reply