NIH uses MobileIron to improve productivity with passwordless authentication to critical mobile apps

Industry: Healthcare

"Employees are often reluctant to enroll their devices into a UEM solution, but when they have seamless access to internal systems and data from anywhere without using a smartcard, they quickly change their perspective."

Adam Miceli


Microsoft Certified Solutions Master contractor at NIH

Founded in New York in 1887, the National Institutes of Health (NIH) is the leading medical research agency in the US. NIH oversees essential programs that make important discoveries to improve health and save lives. NIH is made up of 27 Institutes and Centers, each with a specific research agenda that focuses on particular diseases or body systems. NIH also supports programs that drive the collection, dissemination, and exchange of health information through medical libraries and the training of medical librarians and other health information specialists.

In 2012, NIH began using MobileIron (acquired by Ivanti) to securely enable mobile devices and apps for employees who share and disseminate tremendous volumes of data. By 2018, MobileIron supported the agency as its only Unified Endpoint Management (UEM) platform provider. Over the years, the agency’s goals and government mandates have expanded and its infrastructure has become more complex. At each step, MobileIron has provided the flexibility to solve new challenges and help the agency improve operations across a highly complex medical research and healthcare infrastructure. Today, NIH gives thousands of employees seamless access to agency apps and services on secure mobile devices, which enables them to easily collaborate wherever they work using cloud services like Microsoft Office 365.

MobileIron Access enables seamless and secure access to Microsoft Office 365

To increase efficiencies and employee collaboration, the NIH Office of the CIO and Center for Information Technology (CIT) migrated the entire agency to Microsoft Office 365. As part of this effort, the agency wanted to integrate to a single mobile device management solution that would securely integrate into the NIH environment and O365. NIH took advantage of the MobileIron Access single sign-on (SSO) solution to enable secure authentication to Office 365. In a short period of time, MobileIron Professional Services delivered a complete integration of Office 365 and MobileIron Access meeting the requirements of the NIH federated environment. The solution enables conditional access based on user, device, and application attributes to provide seamless and secure O365 cloud authentication for approved NIH users. MobileIron deployed this solution faster and more successfully than any other technology provider used in the past.

NIH uses MobileIron and derived credentials for faster, secure authentication on mobile devices

In addition to supporting SSO access to Office 365 on mobile devices, NIH also needed an easier way to provide secure authentication to web apps and internal mobile apps. MobileIron helped NIH to enable secure authentication through derived credentials, which provide a reliable, user-friendly, and compliant way for government agencies to enforce strong mobile authentication.

To do this, NIH uses the MobileIron PIV-D Manager, an innovative mobile application that transforms a user’s mobile device into a virtual smart card. This app provides a secure and NIST-compliant way for NIH employees to use their mobile devices to seamlessly authenticate to NIH websites and systems. Now, NIH employees no longer have to remember or type in complicated passwords to authenticate. NIH also reduces the risk of stolen passwords and phishing attacks that can trick users into revealing their credentials. The result is instant and secure access to NIH resources, apps, and collaboration services on any mobile device.

“As a technologist, the joke I always make is that the MobileIron derived credential solution works so well that it makes for a very boring demo. The solution is more user-friendly while being more secure at the same time — I see it as a win-win,” said Adam Miceli, a Microsoft Certified Solutions Master contractor at NIH. “Employees are often reluctant to enroll their devices into a UEM solution, but when they have seamless access to internal systems and data from anywhere without using a smartcard, they quickly change their perspective.”

Employees now securely authenticate to email, the intranet, and other applications using derived credentials on any mobile device such as an iPhone or tablet. This is because the encrypted MobileIron AppConnect framework stores derived credentials so they can be shared for secure authentication to other AppConnect apps such as Email+, [email protected], and [email protected] on any iOS or Android device.

MobileIron simplifies access to critical mobile apps with one unified solution

Prior to MobileIron, NIH used a telehealth system at the NIH Clinical Centers with portable workstations, but they were expensive and cumbersome to manage. Shortly after deploying MobileIron, thousands of employees — from doctors and healthcare workers to researchers and clerical staff — could easily access most of the apps and data they needed from either a personally-owned or government-issued mobile device. Because MobileIron supports both Android zero-touch enrollment and Apple Business Manager (ABM), NIH administrators can quickly set up devices without requiring manual access.

NIH deploys various applications through the MobileIron [email protected] enterprise app store. This includes an emergency notification app that instantly alerts users and provides instructions for safety precautions in case of emergency, such as a severe weather or other critical event.

NIH Clinical Center also deploys secure healthcare apps to its hospital staff including physicians and nurses. The Sunrise mobile app allows healthcare workers to easily and securely access all electronic health records (EHR) from their Zebra Android or iOS mobile devices. This enables physicians and nurses to access detailed patient health data and insurance and billing information from any location. It also eliminates the need to install bulky workstations around the hospital, which are often inconvenient to use and maintain.

NIH also pushes the Spok mobile app to physician phones through the MobileIron app store. Spok is a secure messaging app that NIH uses to send secure alerts and messages to on-call clinicians who may need to respond urgently to a change in a patient’s status. Spok also protects sensitive patient details with encrypted, traceable messaging among doctors and other staff members.

MobileIron Threat Defense detects and remediates hidden mobile threats

To help protect sensitive and confidential research and healthcare data on mobile devices, NIH first started deploying MTD on mobile devices just prior to the COVID-19 outbreak in early 2020. As soon as MTD was deployed to these devices, IT began receiving notifications about detected threats. Now, with more employees working remotely due to COVID safety measures, MTD adds an extra layer of protection to ensure that internal data is safe on employee devices no matter where they work.

The result: Simplified mobile security across a highly complex government infrastructure

MobileIron has helped NIH vastly simplify mobile workforce enablement. Today, the agency leverages capabilities such as instant device enrollment and configuration, passwordless access and multi-factor authentication with derived credentials, MTD, and secure access to Office 365 with SSO. As a result, NIH reduces the risk and hassle of passwords, remediates mobile device threats, and enforces security policies all while supporting a seamlessly productive and collaborative user experience on any device.

Key Benefits:
  • Increased collaboration with secure, passwordless access to Office 365 on any device
  • Reduced login time by replacing smart cards with derived credentials
  • Implemented mobile threat detection and remediation against phishing attacks and other threats
  • Increased IT productivity with fast device setup through Android zero-touch and Apple Business Manager
  • Improved authentication experience
Why Mobileiron:
  • Provides industry-leading, comprehensive UEM platform
  • Supports secure passwordless access to cloud and in-house apps on multi-OS devices
  • Offers always-on mobile threat protection
  • Fast and seamless mobile-cloud integration with MobileIron Professional Services