MDM Integration: MobileIron Cloud

Created: Modified: Documentation

MobileIron-Cloud

This document covers MobileIron Cloud. For MobileIron Core and MobileIron Connected Cloud see this article.

GroundControl can enroll your devices touch-free. Devices are assigned to anonymous users, but may then be re-assigned to your users. Here’s how to get started with device enrollment:

Download the Enrollment Profile

For non DEP devices, you’ll need to export the MDM profile that connects GroundControl to MobileIron Cloud.

  1. In the MobileIron Cloud console, click Admin > Scroll and locate iOS section to the left of the screen > Click on Apple Configurator
  2. While the Apple Configurator is OFF, set the expiration period to its maximum value: 365 days/1 year
  3. Turn ON Apple Configurator
  4. Insert the desired ‘Default User:’ the person you want devices to be enrolled to by default
  5. Click Save
  6. Click Download underneath that field

screen-shot-2017-10-20-at-12-56-37-pm

If you are on a Mac, your Mac will try to install the downloaded profile. Don’t do it. Click Cancel. Locate the downloaded file. (It may be called “configurator.mobileconfig”.) We’ll upload this file to GroundControl. You may rename this file if you like, but keep the “.mobileconfig” extension.

Important: Mobile Iron Cloud does not allow simultaneous use of different configuration profiles. Downloading a new configuration profile will disable any older ones.

Upload the Profile to GroundControl
  1. In GroundControl, navigate to the Admin tab > MDMs, click “+ Add” and Select MobileIron Cloud.
  2. Upload the enrollment profile you downloaded above.
  3. Now, let’s test by enrolling a device. Create a new workflow or edit an existing one from the Workflows tab.
  4. Add the Enroll in MDM Action to the workflow. Your iOS device must be on WiFi to accept the MDM enrollment profile. If you include it in a workflow (good idea) GroundControl will always install WiFi first.
MobileIron Cloud API Integration for DEP and Non-DEP Devices

API integration with MobileIron Cloud unlocks additional functionality for both DEP and non-DEP devices, including retiring devices and assigning them to different users.

For DEP devices, the Perform MDM Command action appears as option once API integration is configured.

For non-DEP, additional options will become available under the Enroll in MDM action.

micoreapi

Once enabled, you’ll need the following info to configure it:

  • The hostname of your MobileIron Cloud server. Often this will just be the server name without an additional path.
  • A username and password for a user with the API role in MobileIron Cloud.

Test: When you click Test, GroundControl will verify the settings and credentials. The ideal Test Connection shows “OK.”

Save:  When you click Save, credentials will be saved but not verified.  Therefore, be sure to verify credentials before saving.