Hrm bear with me I am unsure how to best phrase this... We recently purchased the MAG2600 and I am a bit lost and the most effective way to deal with mobile clients and certificates. This is a fairly small shop so I'd like to keep it relatively simple.
Our original idea was to have one login url/one sign in page that requires a certificate tied to the mobile device. That seems fine, but then we would require device certificates for anyone connecting from their home PC or using the pulse client, correct? We ideally would like to avoid that requirement and allow more basic authentication from home desktops.
So is there a way to accomplish that?
The only way I can see if not is creating multiple authentication realms, one for desktops and one for mobile devices and having two sign in pages to avoid forcing a user to pick the realm. (Ideally to make this as brainless and seamless to them as possible) and locking each one down so only the intended use scenario can access each.
So I guess the big question is: With a single authentication realm can you both enforce certificates for specific devices and NOT enforce them for others?
And if not, what is the "best" way to go about this using two different realms. (Or perhaps we're overthinking this?)