MDM Integration

Created: Modified: Documentation

On the MDM tab in Admin, you can configure GroundControl to enroll devices touch-free into your Mobile Device Management system. GroundControl works with most MDM systems. GroundControl has published specific instructions for popular MDMs here:

For API capable MDMs, GroundControl can do even more. When you optionally add API credentials, GroundControl will interact with your MDM before and after each deployment.

  • Delete/Retire device (VMware Workspace ONE, MaaS360, Microsoft Intune, MobileIron Cloud, MobileIron Core, SOTI MobiControl) — Ensure that every enrollment is treated as new by the MDM, encouraging the MDM to push apps and policies as quickly as possible. There is no switch for this; GroundControl automatically enables this feature when you add valid MDM API credentials in Admin.

The following features are configured in the Enroll in MDM workflow action:

  • Register/Assign Device to User(name) (VMware Workspace ONE, Jamf Pro, MaaS360, MobileIron Cloud) — Assign the device to a specific VMware Workspace ONE or Active Directory user you specify. If you use an attribute for the user, each device can be assigned to a unique user. No password is required to assign users, only their Active Directory username.
  • Change Organization Group (VMware Workspace ONE) — Change the device organization group after enrollment. If you use an attribute for the organization group, each device can have a unique Organization Group. This allows you to stage all devices to a common group, then individually reassign devices without the VMware Workspace ONE console.
  • Add Labels (MobileIron Core) — Specify a list of comma-delimited labels to assign to a device after successful enrollment. Labels are assigned as part of the workflow. If you use an attribute for labels, each device can have unique labels. You must create the labels in your MDM before using them in GroundControl.