Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 27 subscribers
  • Views 996 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

iOS 12 & 13 - alternative authentication methods.

Paul Brawn

Since we 'upgraded' to the XG firewall from the UTM, we have had an incredible amount of difficulty with iPad user authentication - or more to the point - deauthenticating them!

On the UTM there was a link that would allow users to log out of their session, but this is no longer available.

Is this something that could be implemented to make this all a lot easier?

We tried using the Sophos network agent, and successfully deployed the CA certificate, but whenever I go the the user portal and download the certificate for iOS13, it always results in the 'invalid certificate' message.

I tried following the guide here

https://support.sophos.com/support/s/article/KB-000035996?language=en_US

and the 'sub-guide' here

https://support.sophos.com/support/s/article/KB-000038295?language=en_US

But the issue is we have our domain and MacOS devices set up to use the certificate that is already in place, so we can't replace the certificate with a self-signed one without major disruption.

We really need a viable solution to this as ourr school have invested heavily in the iOS hardware, and they are currently not usable. Could a request be put in to provide a 'log out session' link, like we had for the UTM?

Thanks for any help.



This thread was automatically locked due to age.
Parents
  • 0

    Hello Paul,

    Thank you for contacting the Sophos community!

    Could you please tell us what authentication method were you using in the Sophos UTM?

    Regards,

  • 0 in reply to emmosophos

    We are still in need of a solution to this as quickly as possible. We run a mixture of iOS12 and iOS13 devices which we are still unable to deploy for use in the school because they have mixed certificate requirements. I have some frustrated teachers repeatedly asking me why they haven't been issued to them yet. It has now been 2 months.

    In both the user portal and Network agent methods, the user is not logged out of the session when the device is locked or browser is closed, and we need some direct support, please.


  • 0 in reply to Paul Brawn

    Hello Paul,

    Thank you for the follow-up!

    I would recommend you to open a case with support so they can assist you with this.

    It would have to work with the Sophos Network Agent, but for the KBs you provided the error shouldn't be present.

    So this would need to be checked. There is this other KB, it explains some additional steps to the KBs you mentioned. 

    Please follow this Link to open a case with Support, do send me the Case ID once you have open it so I can follow-up!

    Regards,

  • 0 in reply to emmosophos

    Thank you - the other KB you mentioned detailed some aspects of the configuration that were missing in the one I was referring to, so I now have it working.

    I am now faced with the next issue, which is that fact it does not log users out when the iPad is locked. I have also unchecked 'save password' and 'auto login' but when actively logging out or locking the iPads, they still store the username and password!

    The network agent is deployed using an MDM solution, and I would like to configure the app settings payload so that the 'auto login' and 'save settings' optios are disabled by default, but I can't find any documentation that give me this information. Is there a technical reference guide as all I seem to be doing is trawling forums for tidbits of information which are either outdated or incorrect.


  • 0 in reply to Paul Brawn

    Hello Paul,

    Thank you for the follow-up!

    I am glad the KB worked.

    As per your last question, I am not aware that we have this type of documentation to modify the App settings. 

    You are using v18 or v17?

    If you open a case, please do send me the Case ID so I can follow-up!

    Regards,

  • 0 in reply to emmosophos

    Hi again,

    We are on V18.

    Our case number is 03232003.

    Every modern iPad/apple app uses a plist file to enable users to preconfigure settings for apps. They are basically variables, the parameters of which are as follows:
    Key (related to the setting - so something like AutoJoin and SavePassword)
    Type (String, text, Boolean etc)
    Value (YES / NO )

    These are used in apple MDM solutions to minimise the need for interaction with the devices when being deployed in bulk.

  • 0 in reply to Paul Brawn

    Hello Paul,

    Thank you for the Case ID and the explanation of the file.

    I will have a personal Ipad tomorrow, so I will try and replicate what you are mentioning to see if I can find a solution!

    Regards,

Reply Children
No Data