MDM Integration: Ivanti Neuron

MobileIron

This document covers Ivanti Neuron (formerly MobileIron Cloud). For Ivanti Endpoint Manager Mobile (formerly MobileIron Core), see this article.

Mobile Access Management can enroll your devices touch-free. Devices are assigned to anonymous users, but may then be re-assigned to your users. Here’s how to get started with device enrollment:

Download the Enrollment Profile

For non DEP devices, you’ll need to export the MDM profile that connects Mobile Access Management to Ivanti Neuron.

  1. In the Ivanti Neuron console, click Admin > Scroll and locate iOS section to the left of the screen. Click on Apple Configurator.

  2. While the Apple Configurator is OFF, set the expiration period to its maximum value: 365 days/1 year.

  3. Turn on Apple Configurator.

  4. Insert the desired ‘Default User:’ the person you want devices to be enrolled to by default.

  5. Click Save.

  6. Click Download.

    screen-shot-2017-10-20-at-12-56-37-pm

If you are on a Mac, your Mac will try to install the downloaded profile. Click Cancel

Locate the downloaded file. (It may be called "configurator.mobileconfig".) We’ll upload this file to Mobile Access Management. You may rename this file if you like, but keep the ".mobileconfig" extension.

IMPORTANT:

Ivanti Neuron does not allow simultaneous use of different configuration profiles. Downloading a new configuration profile will disable any older ones.

Upload the Profile to Mobile Access Management

  1. In the MAM console, navigate to the Admin tab > MDMs, click Add and select MobileIron Cloud.

  2. Upload the enrollment profile you downloaded above.

  3. Now, let’s test by enrolling a device. Create a new workflow or edit an existing one from the Workflows tab.

  4. Add the Enroll in MDM Action to the workflow.

    Your iOS device must be on WiFi to accept the MDM enrollment profile. If you include it in a Workflow, MAM will always install WiFi first.

Ivanti Neuron API Integration for DEP and Non-DEP Devices

API integration with Ivanti Neuron unlocks additional functionality for both DEP and non-DEP devices, including retiring devices and assigning them to different users.

For DEP devices, the Perform MDM Command action appears as option once API integration is configured.

For non-DEP, additional options will become available under the Enroll in MDM action.

micoreapi

Once enabled, you’ll need the following info to configure it:

  • The hostname of your Ivanti Neuron server. Often this will just be the server name without an additional path.

  • A username and password for a user with the API role in Ivanti Neuron.

Test: When you click Test, Mobile Access Management will verify the settings and credentials. The ideal Test Connection shows "OK."

Save:  When you click Save, credentials will be saved but not verified.  Therefore, be sure to verify credentials before saving.