As I was asked by a customer to implement XenMobile with 2 Factor Enrollment and CBA and it’s not so simple ;), here after the steps:

Note: The following steps assume that you have a Radius configuration that is currently working, in my case I use SMS Passcode solution.

1. On the XMS Server

After login in the Web Admin portal, you need to go in Settings / NetScaler Gateway

Change the Logon Type to Security token only

2. On the NetScaler

Edit your XenMobileGateway Server

Keep only a Radius policy bind under Basic Authentication

 

3. Test it!

3.1 Enrollment

Open Secure Hub

Provide the FQDN name of your XMS Server (or your email if auto-discovery is configured)

Tap on Next

Tap on Yes, Enroll

Provide user credentials and tap on Next

Install the Configuration profile

Install the Mobile Device Management

Open Secure Hub

Provide your UserName and the received code (for information, I am using SMS Passcode)

Tap on Next

Create your WorxPIN

You need to Allow VPN Configuration

If you have Required Apps, you are prompted to install the Apps

3.2 Authentication

To verify that Authentication is working properly:

Open Secure Hub

Tap on Sign Off

You are prompt for Security Token, be carrefull as here you need to provide your AD Password and not Security Token

Tap on Next

Enter the received code and click on Next

You are authenticated and have access to the Store

 

Note: Those information are provided based on my own experience.