Acronis Access Advanced - User Guide User Manual

Page 43

If you have enabled certificate authentication as your Acronis Access or HTTPS Reverse Proxy login
method, the Access Mobile Client app will be automatically challenged for a user identity certificate
when it attempts to connect to a Gateway server. In order for authentication to take place, an SSL
user identity certificate must be added to the Access Mobile Client app.

Mobile Device Management (MDM) solutions, including the Apple iPhone Configuration Utility, allow
you to add certificates to an iOS device. Certificates added in this way are placed in an Apple specific
section of the iOS Keychain and are only available to built in Apple services and applications, such as
VPN and the Mail app. In order for the Acronis Access app to get access to a certificate, it must be
added to the device through the Acronis Access app itself.

Presently, the process for adding a certificate to Acronis Access requires that the certificate file is
transferred to the device and then opened into Acronis Access. The easiest way to perform this is by
emailing the certificate file to the user.

Server side prerequisites

In order to use client certificate authentication you must have a Gateway server installed on the
same machine as the Acronis Access Server and the mobile clients must enroll using the Gateway
Server's address.

Note: When using this method, if the Gateway Server service crashes or is disabled, clients enrolled with it
will not be able to connect to the management server even though the Acronis Access Server is still running.

Note: When using this form of authentication, mobile clients cannot access Sync&Share Data Sources.

Warning!: You will not be able to use client certificate authentication if your mobile client is enrolled into
management directly to the Acronis Access Server.

Example scenario: If your Acronis Access is on 192.168.1.1:3000 and your Gateway is on
192.168.1.1:443, in order to use client certificate authentication, your users have to enroll in client
management with 192.168.1.1:443. The Acronis Access Server is still the management server, but the
requests are proxied through the Gateway Server.

To prepare a certificate for the Acronis Access app:

You must have a certificate authority established with which you will issue certificates. Creating
certificates is not a function of Acronis Access.

The certificates you generate must be associated with your users’ Active Directory accounts. Acronis
Access will query AD to match these certificates to the relevant user account at the time of
authentication. This mapping of certificates to AD user accounts may be handled by your Microsoft
Certificate Authority, or may need to be performed manually if you are using another type of
certificate authority.

Using your certificate authority, generate a user identity certificate that includes a private key and is
in the PFX or P12 format. This certificate will require a password when it is created. This password
will need to be entered by the user when the certificate is installed in the Acronis Access client app.
This certificate file should have a .PFX or .P12 extension by default.