Release Notes
Abstract
There are a number of authentication modes that are becoming popular in enterprise authentication. To support them and make the authentication experience seamless, MaaS360 has split the enrollment authentication page into two. The first page will get the username/email that helps to identify what is the authentication source for the device, and 2nd screen will challenge for password. In case of User Enrollment, there is no need for password in MaaS360 side as Apple does the authentication during the enrollment screen.
Content
User Enrollment
MaaS360 evaluates if the user is qualified for User Enrollment based on the inputs (Username, Domain, or Email) provided in the first authentication screen. If the user is eligible and pre-requisites for the User Enrollment are met, MaaS360 skips the second enrollment screen and redirects the user to the User Enrollment steps.
In the previous releases, as a part of device enrollment, MaaS360 displayed two authentication screens: MaaS360 user authentication (One Time Passcode, LDAP/AD, or local user) and Managed Apple ID.
To provide a seamless enrollment experience, MaaS360 removes the additional layer of user authentication screen (One Time Passcode, LDAP/AD, or local user) that was displayed prior to downloading enrollment and configuration profiles, allowing users to complete the enrollment by just authenticating against their Managed Apple ID.
Other enrollments
User authentication is mandatory for enrollments other than Apple's User Enrollment. MaaS360 prompts for Username, Domain, or Email in the first authentication screen and prompts for the password in the second authentication screen.
Impact on end-user enrollment experience
During the enrollment, end-users will notice that MaaS360 will prompt for the following details in separate authentication screens.
Authentication mode | 1st Authentication screen | 2nd Authentication screen | 3rd Authentication screen |
Local user credentials | Username | Password + Input from the first screen in read-only mode | NA |
Corporate Active Directory | Username + Domain | Password + Input from the first screen in read-only mode | NA |
Corporate Active Directory > End user input > Username | Username | Password + Input from the first screen in read-only mode | NA |
Corporate Active Directory > End user input > Email | Password + Input from the first screen in read-only mode | NA | |
Two-factor Authentication | Username + Domain | Password + Input from the first screen in read-only mode | Passcode |
Two-Factor Authentication > End user input > Username | Username | Password + Input from the first screen in read-only mode | Passcode |
Two-Factor Authentication > End user input > Email | Password + Input from the first screen in read-only mode | Passcode | |
Unique passcode | Passcode | NA | NA |
Note:
- MaaS360 skips the 2nd and 3rd authentication screens for User Enrollment.
- For unique passcode based User Enrollments, User + Domain is displayed in the authentication screen. The second and third authentication screens are not applicable.
Was this topic helpful?
Document Information
Modified date:
09 March 2021
UID
ibm16333509