US Patent 10305885 Accessing enterprise resources using provisioned certificates

Systems, methods, and software can be used to access an enterprise resource. In some aspects, a certificate for accessing enterprise resources at one or more service providers (SP) is received at an enterprise mobility management (EMM) client on a mobile device from an EMM server. An authentication request is sent to an identity provider from an application on a mobile device. In response to the authentication request, an authentication challenge is received from the identity provider. The authentication challenge includes a certificate request. In response to the authentication challenge, an authentication response is sent from the application. The authentication response includes the certificate. An authorization token is received from the identity provider. The authorization token indicates whether the identity provider validates the certificate and the mobile device.