APM - certificate based authentication

Hi,

 

I am looking for some help with APM. I am new to APM and looking for advise and comments on the below solution required. Apologize if I am putting this in wrong form.

 

Currently we have a SharePoint application published via APM to internal group of users which uses AD authentication. We have a new requirement to make it available via internet for external user (using corporate laptop and mobile devices). We have decided to add additional security via certificate. I have used Client Cert Inspection to validate the certificate of end user device and its working in the test environment. But I have below to points which I need suggestions:

 

1. For mobile devices the certificate needs to be exported after validation of the mobile number. - Any suggestion on how this can be implemented. I found - Google Authenticator Token Verification, but can this be implemented in corporate environment?

 

2. The device certificate will expire after six months and then it needs to be renewed. - How I can add this in the access policy, will Client Cert Inspection function perform this or I need to put additional checks.

 

 

Regards,

 

AJ