Using Conditional Access for Applications on iPhones with iOS 17

Read this page to learn how to access your company applications if they are protected by Portnox™ Conditional Access for Applications.

To access your protected company applications, you must do the following:

  • Get Portnox AgentP from the App Store.

  • Log in to the Portnox AgentP app using your company credentials.

  • Use AgentP to download a profile that contains your certificate and install that profile.

  • Select your certificate when accessing the company application through the browser.

These steps are described in detail in the sections below:

Note: All the steps mention your iPhone but they are the same if you are using an iPad.

Download and install Portnox AgentP

First, you must get the Portnox AgentP app from the App Store. AgentP will communicate with Portnox Conditional Access and generate a profile for your iPhone.

  1. Tap on the App Store icon on your Home Screen to open the App Store.

  2. On the bottom bar of the App Store, tap on Search.

  3. In the search field, type agentp and then tap on Search.

  4. When the App Store shows the Portnox AgentP entry, tap on Get.

  5. Confirm that you want to install the Portnox AgentP app.

  6. Tap on Open next to the Portnox AgentP app entry.

Result: The Portnox AgentP is installed on your iPhone.

Log in to Portnox AgentP using your company credentials

After you download and install the Portnox AgentP application, run it and log in to it using your regular company credentials.

  1. If the Portnox AgentP application is not running, run it manually: tap on AgentP on the Home Screen.

    Result: If you haven’t configured AgentP before or if you configured and deactivated it, it opens the Register your device screen.

  2. On the Register your device screen, tap on Corporate credentials.

  3. On the Corporate credentials screen, follow the steps depending on how you normally log in to your company applications.
    • If your company uses Microsoft Azure for its employees, tap on Azure.
    • If your company uses Google Workspace for its employees, tap on G Suite.
    • If your company uses Okta Workforce Identity for its employees, tap on Okta.
    • If you don’t recall hearing any of these platform names before when logging in to your company apps, consult with your company’s IT support staff or enter your company email and password in the Domain\username or email and Password fields and then tap on Activate.
    1. If an alert appears asking if you want AgentP to send you notifications, tap on Allow.

    Important: The following steps and screenshots assume that your company uses Microsoft Azure, which is the most popular platform. These steps will look similar if your company uses other platforms.
  4. If your company uses Azure, on the Sign in screen, enter your business email address. Then, tap on Next.

    Note: The screenshot above is an example, where your company name is Example and your company domain is example.com. Use your real business email address instead.

    Troubleshooting: If you see a button with your email address on it, it means you are already logged in to Microsoft Azure. Tap on that button instead of entering your email address.

  5. If your company uses Azure, on the Enter password screen, enter the password that you normally use to access your company email and applications. Then, tap on Sign in.

    Troubleshooting: If you cannot log in, and you are sure that your password is correct, go back to the Register your device step and try a different choice or ask your company’s IT support staff what platform your company uses to authenticate the employees.

  6. If your company uses Azure, and a Stay signed in? window appears, follow the company policy and/or your preferences to choose Yes or No.

    Note: Your choice will not affect your access to applications but if you choose No, you may have to log in again the next time you will be accessing the applications.
  7. Tap on the AgentP notification or switch back to AgentP to continue enrollment.

    Important: If the notification disappears, access your iPhone’s notification area and tap on the notification. If you simply close the browser window or tap on ◀ AgentP in the top-left corner to go back to AgentP, enrollment will fail.
    1. If an alert appears asking if you want to allow AgentP to use your location, follow the company policy.

      We recommend that you choose the Allow While Using App option in case your company uses your location to verify compliance with security policies. If you are not sure that you want to allow such permissions, consult with your company’s IT support staff.

    2. If an alert appears asking if you want to allow AgentP to use Bluetooth, follow the company policy.

      We recommend that you choose the OK option in case your company uses your Bluetooth status to verify compliance with security policies. If you are not sure that you want to allow such permissions, consult with your company’s IT support staff.

Result: You are logged in to Portnox AgentP.

Download and install the profile

To give your device the certificate needed to access your applications, AgentP communicates with Conditional Access to generate the certificate and include it a profile. You must download and install this profile to have the certificate on your device.

  1. On the AgentP app screen, tap on the menu icon in the top-left corner, and then tap on Network.

  2. On the Network screen, tap on Configure in the top menu bar.

    Result: The Portnox server creates the profile, ready to be downloaded and installed.

  3. In the alert about downloading a configuration profile, tap on Allow.

    Result: Your iPhone downloads the profile. You need to install it now.

  4. Go back to your Home screen. Find the Settings app and tap on its icon.

  5. In the Settings app, tap on Profile Downloaded.

  6. On the Install Profile screen, tap on Install.

    1. Optional: If an alert appears, asking you to enter your iPhone passcode to confirm, enter your passcode.
  7. On the Installing Profile screen, tap on Install.

  8. On the Profile Installed screen, tap on Done.

Result: You installed the profile. Your iPhone now has the certificate that’s needed to access your company apps.

Access the application using your certificate

After you log in to the Portnox AgentP application, you can access your online company resources that are protected by Portnox Conditional Access.

Important: Only the Safari browser is supported by Conditional Access on iOS devices. Chrome and other browsers are not supported because the iOS architecture prohibits third-party browsers from accessing system certificates.
Note: In this example, we are logging in to the Atlassian Confluence/Jira application. The process is similar for all other applications protected using Portnox Conditional Access for Applications.
  1. Open your company application.

    Proceed normally as if you were opening the application before it was protected using Portnox Conditional Access. For example, for Atlassian Confluence, you could type your_company.atlassian.net in your browser address field, where your_company is your company name.

  2. Enter your company email address or tap on Conditional Access. Choose one of the following options:

    • If the application login screen does not have a button that says Log in with Conditional Access or Log in with your company name, enter your business email address. This is an example for Atlassian Confluence/Jira:

    • If the application login screen has a button that says Log in with Portnox Conditional Access or similar, such as: Log in with your company name, tap on this button. This is an example for Salesforce:

    • If the application has a button that says SSO, tap on this button. This is an example for Zoom:

  3. In the alert asking you to conrifm the certificate, tap on Continue.
    Note: Our application always attempts to select the certificate automatically so this window may not appear for you. If it appears, it means that our application was not able to select the certificate automatically, for example, due to there being more than one certificate or due to operating system or browser restrictions.

    Troubleshooting: If you have more than one certificate, try different certificates, or consult with your company’s IT support staff. If there are any errors, restart your browser. If that does not help, consult our troubleshooting guide.

Result: You can now access your company applications that are protected using Portnox Conditional Access for Applications.