MobileIron Access

MobileIron Access (now part of Ivanti) is a conditional access and secure gateway service that enforces user- and device-based security policies for cloud and SaaS applications. It operates between an organization’s existing Identity Provider (IdP) and Service Providers (SPs) to ensure only compliant, managed devices gain access. MobileIron was acquired by Ivanti on December 1, 2020, and the product now operates under the Ivanti brand.

Key Capabilities

• Federation control point: Integrates with existing SAML 2.0 or WS-Federation setups to apply access rules based on user, device posture, and risk signals without replacing the IdP.

• Device-aware conditional access: Leverages compliance and posture data from Ivanti UEM to block or restrict access from unmanaged or non-compliant devices.

• Zero Sign-On (ZSO): Enables passwordless authentication using device-bound certificates through Ivanti Go, replacing traditional credentials with device trust.

• Visibility and analytics: Offers reporting on user sessions, device posture, and application access trends for improved operational insight.

Limitations

• Protocol scope: Documentation confirms support for SAML 2.0 and WS-Federation; there is not enough public information to verify native OpenID Connect/OAuth 2.0 capabilities.

• UEM dependency: Conditional access decisions rely on Ivanti UEM integration; unmanaged device access requires explicitly configured exception policies.

• Gateway maintenance: Deployments using Access + Standalone Sentry introduce operational overhead for HA, certificate management, and upgrades.

• Federation prerequisite: Access must be layered atop an existing IdP↔SP federation, and troubleshooting may span multiple systems (IdP, SP, Access).

• Branding and lifecycle: The solution is now branded under Ivanti, though legacy MobileIron Access references remain in older documentation and community forums.