MDM Integration: Ivanti Endpoint Manager Mobile (MobileIron Core)

MobileIron

This document covers Ivanti Endpoint Manager Mobile (formerly MobileIron Core). For Ivanti Neuron (MobileIron Cloud), see MDM Integration: Ivanti Neuron.

Enrollment Only

Mobile Access Management can enroll devices touch-free. Devices are assigned to anonymous users, but may then be re-assigned to Active Directory users.

To export the MDM profile that connects Mobile Access Management to Ivanti Endpoint Manager Mobile:

  1. In the Ivanti Endpoint Manager Mobile console, click Policies & Configs > Configurations >

  2. Locate and click System – iOS MDM under the Name column of the Configurations tab you’re in.

    NOTE:

    It may be on the second page.

  3. Click Export MDM Profile.

    Screen Shot 2015-11-07 at 10.45.08 AM

    If you are on a Mac, your Mac will try to install the downloaded profile. Click Cancel.

    Locate the downloaded file. It may be called shared_mdm_profile.mobileconfig. We’ll upload this file to Mobile Access Management. You may rename this file if you like, but keep the .mobileconfig extension.

  4. In the MAM console, create a new Workflow or edit an existing one.

  5. Select Add an Item, then Add Configuration Profile. Upload the configuration profile from the steps above.

  6. Make sure the Workflow includes a Wi-Fi network.

    Your iOS device must be on Wi-Fi to accept the MDM enrollment profile. If you include both in your workflow, Mobile Access Management will always install Wi-Fi first.

    Devices enrolled in Ivanti Endpoint Manager Mobile this way will be assigned to anonymous users. Use MobileIron’s "System – Multi-User Secure Sign-In" policy to easily reassign devices to their proper users.

Integrate with Ivanti's API

You may also choose to integrate with Ivanti’s API. To do this, you’ll need to fill in some additional data.

You will need a Ivanti Endpoint Manager Mobile admin user assigned to be the API role.

Ivanti Endpoint Manager Mobile

To assign the API role in Ivanti Endpoint Manager Mobile to an admin user:

  1. In Ivanti Endpoint Manager Mobile, navigate to Admin > Select user and click to Edit Role.

  2. Scroll down to Other Roles section and select API. Click Save.

  3. (Optional) To support Clear Passcode using the Ivanti APIs, the admin user must also be granted Device Management > Manage devices, restricted permissions.

    In the Device Management section, select Manage devices, restricted.

Mobile Access Management

  1. In the MAM console, navigate to Admin > MDMs > MobileIron Core and switch API integration to ON.

  2. In the API Settings dialog, configure the API settings for Ivanti Endpoint Manager Mobile:

    1. In the Server URL box, add the address of your server. Often this will just be the server name without an additional path.

    2. Type the username and password for a user with the API role.

    3. Click Test to verify the settings. Be sure to verify credentials before saving.

    4. Click Save.

Screen Shot 2015-11-07 at 10.30.19 AM