I am in the process of troubleshooting a MobileSSO workflow for iOS, using an on-premise ADCS:
Windows Server 2016 - ADCS
Kerberos Client Certificate Template configured
Workspace ONE UEM Certificate Services configured
Workspace ONE UEM Certificate (User + KDC) deployment + Single-sign On payloads configured
Workspace ONE Access Connector v19.03 installed and Active Directory Account used to complete setup
Workspace ONE Access MobileSSO Authentication Mechanism enabled - REALM matches REALM in Workspace ONE UEM Single ON configuration
Workspace ONE Access policies configured - default access policy for iOS to leverage Mobile SSO and a fallback of Password (cloud deployment)
When enrolling an iOS device through the ABM (DEP) workflow, I get the Intelligent Hub application, when opening the intelligent Hub, I firstly get a message to enter a password, which looks like it is coming from my Access tenant but the password is for my username@vidmpreview.com, at this point no password is accepted and then it fails to the following error message: Access Denied - Kerberos NEGOTIATE failed or was canceled by the user
Any ideas or pointers on how to get this workflow working would be handy.