As I was asked by a customer to implement XenMobile with 2 Factor Enrollment and CBA and it’s not so simple ;), here after the steps:
Note: The following steps assume that you have a Radius configuration that is currently working, in my case I use SMS Passcode solution.
1. On the XMS Server
After login in the Web Admin portal, you need to go in Settings / NetScaler Gateway
Change the Logon Type to Security token only
2. On the NetScaler
Edit your XenMobileGateway Server
Keep only a Radius policy bind under Basic Authentication
3. Test it!
3.1 Enrollment
Open Secure Hub
Provide the FQDN name of your XMS Server (or your email if auto-discovery is configured)
Tap on Next
Tap on Yes, Enroll
Provide user credentials and tap on Next
Install the Configuration profile
Install the Mobile Device Management
Open Secure Hub
Provide your UserName and the received code (for information, I am using SMS Passcode)
Tap on Next
Create your WorxPIN
You need to Allow VPN Configuration
If you have Required Apps, you are prompted to install the Apps
3.2 Authentication
To verify that Authentication is working properly:
Open Secure Hub
Tap on Sign Off
You are prompt for Security Token, be carrefull as here you need to provide your AD Password and not Security Token
Tap on Next
Enter the received code and click on Next
You are authenticated and have access to the Store
Note: Those information are provided based on my own experience.