Enterprise mobility management and identity management are intersecting in the trend of conditional access, and MobileIron’s take on this is called, appropriately enough, MobileIron Access.
You can read my previous description of how Access works, but today’s news is that MobileIron is now offering their own multi-factor authentication app, called Authenticator. (We have to give them props for clear product naming!)
This app could be used in a lot of ways, but a primary use case that MobileIron’s Vijay Pawar and Ojas Rege demoed to me is for app logins from unmanaged desktops and laptops (or endpoints that may be managed but not under MobileIron’s purview). To authenticate, users enter their username and password on their laptop; they will then get a push notification and simply tap a button in the Authenticator app for MFA.
The value proposition is that MobileIron Access already knows about users’ devices and identities, so admins can just use MDM to push the Authenticator app, and then it just works without any additional setup for users to worry about. Also, there’s no additional licensing fee to use Authenticator—it will be included with Access.
Most customers will likely be using MobileIron Access in conjunction with other identity products, which may have their own MFA apps. Vijay and Ojas pointed out that using MobileIron Authenticator for MFA would be less friction, as using other products would likely require users to go through a couple more enrollment steps.
MobileIron Authenticator is available for Android now, and planned for iOS. They’re also looking at doing an AppConnect (i.e., app-level MAM) version of Authenticator, for use on mobile devices that aren’t enrolled in MDM.
Using mobile devices for MFA is becoming quite popular, though I should note that this can mean a lot of different things, like SMS codes, authenticator apps, using MDM to push certificates, tracking device location, and so on.
Now MobileIron is bringing another option into the mix for their customers. I could see there being some confusion; for example, if the mobile team in an enterprise wanted to go with MobileIron Authenticator for MFA, while the security or business app teams wanted to go with another option.
This just shows how expansive end user computing can be today, and how important (and possibly challenging) it is to have an overarching vision of the user experience. In particular, this also means that all EUC pros need to know the ins and outs of identity.