MDM Integration: Ivanti Endpoint Manager Mobile (MobileIron Core)

Created: Modified: Documentation

MobileIron

This document covers Ivanti Endpoint Manager Mobile (formerly MobileIron Core). For Ivanti Neuron (MobileIron Cloud), see this article.

Enrollment Only

GroundControl can enroll devices touch-free. Devices are assigned to anonymous users, but may then be re-assigned to Active Directory users.

To export the MDM profile that connects GroundControl to Ivanti Endpoint Manager Mobile:

  1. In the Ivanti Endpoint Manager Mobile console, click Policies & Configs > Configurations >
  2. Locate and click on System – iOS MDM under the Name column of the Configurations tab you’re in.
    NOTE: It may be on the second page.
  3. Click Export MDM Profile.
    If you are on a Mac, your Mac will try to install the downloaded profile. Don’t do it. Click Cancel.Screen Shot 2015-11-07 at 10.45.08 AM
  4. Locate the downloaded file. It may be called shared_mdm_profile.mobileconfig. This is the file to upload to GroundControl.
    You may rename this file, but keep the “.mobileconfig” extension.
  5. In the GroundControl console, create a new Workflow or edit an existing one.
  6. Choose Add an Item, then Add Configuration Profile. Upload the configuration profile from the steps above.
  7. Make sure the Workflow includes a Wi-Fi network. Your iOS device must be on Wi-Fi to accept the MDM enrollment profile. If you include both in your Workflow, GroundControl will always install Wi-Fi first.

Devices enrolled in Ivanti Endpoint Manager Mobile this way will be assigned to anonymous users. Use Ivanti’s “System – Multi-User Secure Sign-In” policy to easily reassign devices to their proper users.

Integrate with Ivanti’s API

You may also choose to integrate with Ivanti’s API. To do this, you’ll need to fill in some additional data. You will need an Ivanti Endpoint Manager Mobile admin user assigned to be the API role.

Ivanti Endpoint Manager Mobile

To assign the API role in Ivanti Endpoint Manager Mobile to an admin user:

  1. In Ivanti Endpoint Manager Mobile, navigate to Admin > Select user and click to Edit Role.
  2. Scroll down to Other Roles section and select API. Click Save.
  3. (Optional) To support Clear Passcode using the Ivanti APIs, the admin user must also be granted Device Management > Manage devices, restricted permissions. In the Device Management section, select Manage devices, restricted.

 

GroundControl
  1. In GroundControl, navigate to Admin > MDMs > MobileIron Core and switch API integration to ON.
  2. In the API Settings dialog, configure the API settings for Ivanti Endpoint Manager Mobile:
    1. In the Server URL box, add the address for your server. Often this will just be the server name without an additional path.
    2. Type the username and password for the user with the API role.
    3. Click Test to verify the settings. Be sure to verify credentials before saving.
  3. Click Save.