Hi. I've spent the last 4months on this stuff so have a fairly good grasp. The only way we could verify users as being corportate ipads/iphones was through the use of certificates (which have already been mentioned). We use mobile iron to enroll users using SCEP to an internal PKI server. Mobile iron enables policy control on mobile devices like app restrictions and password policies. On the Juniper I check for particular certs and do both cert only authentication and mixed mode auth where users also need to type in their AD creds (for more secure apps). Just playing with on demand VPN at the moment - works a treat but I dont think you can do mixed mode auth. I'm about to put a thread on here to see if it's possible as I'm hesitant to use certs only as you can export them from a device and put them somewhere else.
... View more
Ok spuluka - now I am completely on board with you. End users are completely confused by use web for this, wsam jsam for that or how about network connect or pulse. I agree, way to many options with two much of a disparate look and feel. And being mutually exclusive in use is a real pita too. I must admit that it would be real nice if Pulse could present some type of web interface that mimics the web interface itself. I think that's what I hear you saying.
... View more