Today MobileIron is launching a new feature called Access, which brings EMM together with Identity management. Authentication from mobile apps to cloud services can be restricted to known apps and devices, or controlled by other device compliance policies.
This is the latest in an industry trend over the last year of bringing identity and EMM closer together. Most of the other offerings, such those from Okta, Centrify, Microsoft, and VMware, involve identity and EMM that are from the same vendor or platform, so integration is assumed.
MobileIron tends to take a partner-centric approach to many issues, so they’re not building or becoming a full identity offering. Instead, Access works with any identity provider that supports SAML. Communication and integration is entirely via the standard protocol, so there’s no need for any other proprietary APIs or integrations. The result is that Access can work with ADFS and many other identity products.
To take advantage of Access, customers need to be using services and apps that support SAML, but support among cloud services has been growing immensely and naturally includes all of the top ones you’d expect, like Box, Dropbox, Google Apps, Office 365, and Salesforce.
Access can restrict authentication to apps that are installed on managed devices with MDM and connect through Sentry, MobileIron’s gateway appliance. Authentication can also be restricted by any other device compliance rules (for example: encryption, passcode, and rooting/jailbreaking policies).
While MobileIron Access is part of a specific trend of EMM policy-based authentication, it's also part of a larger trend: end user computing is just getting a lot smarter about mobile devices, cloud services, identity, and creating a whole "workspace" concept that allows users to get their work done securely in many different ways.