The Hitachi ID Mobile Access app enables access to the Hitachi ID Identity and Access Management Suite, which may be on-premise and have no public URL, from activated smart phones running iOS (Apple) or Android (Google, Samsung, etc.).

A mobile-friendly "skin" is included in Hitachi ID Suite. This renders the Hitachi ID Suite web portal in dimensions (tall, narrow, wide buttons, etc.) suitable for a typical smart phone.

The main question with BYOD is connectivity: what network path exists from the smart phone or tablet to Hitachi ID Suite?

  1. If Hitachi ID Suite has a public URL (deployed in the DMZ, deployed in the cloud or via a reverse web proxy to an on-premises URL):
    • Simply access the public URL from any device.
  2. If Hitachi ID Suite is deployed on-premises and there is no public URL:
    • If devices are on-premises with WiFi access to the private corporate network, or if devices are remote but have a VPN client, access the Hitachi ID Suite URL.
    • If devices are unable to reach URLs on the corporate network, deploy Mobile Access on user devices. Mobile Access connects from the user's device to a mobile proxy in the cloud or in the Hitachi ID Systems customer DMZ. Simultaneously, Hitachi ID Suite connects to the same mobile proxy. The proxy authenticates both endpoints and brokers messages between accepted connections.

Depending on the location of the user, additional authentication steps may be required. For example, users accessing Hitachi ID Suite via a reverse web proxy on the DMZ may be asked to complete a CAPTCHA before seeing the login screen and/or asked to enter a PIN sent to their mobile phone via SMS.

Architecture Discussion

Secure Architecture for BYOD Access to On-Premises Applications

Activate Mobile Access app


Content:

  • A user downloads the Mobile Access app to his phone.
  • The app is activated using a separate login to Hitachi ID Suite on the user's PC.

Key concepts:

  • Only activated phones can access Hitachi ID Suite, which is typically on-premises and behind firewalls.
  • Activation is simple -- configuration information is transferred from the PC screen to the app by scanning a QR code.