This document covers MobileIron Core and MobileIron Connected Cloud. For MobileIron Cloud, see this article.
GroundControl can enroll devices touch-free. Devices are assigned to anonymous users, but may then be re-assigned to Active Directory users.
Here’s how to export the MDM profile that connects GroundControl to MobileIron:
Step 1: In the MobileIron console, click Policies & Configs > Configurations >
Step 2: Locate and Click on ‘System – iOS MDM’ under the Name column of the Configurations tab you’re in. *It may be on the second page.
Step 3: Click the blue “Export MDM Profile” button.
(If you are on a Mac, your Mac will try to install the downloaded profile. Don’t do it. Click Cancel.)
Locate the downloaded file. (It may be called “shared_mdm_profile.mobileconfig”.) We’ll upload this file to GroundControl. You may rename this file if you like, but keep the “.mobileconfig” extension.
Step 4: In GroundControl, create a new workflow or edit an existing one.
Step 5: Choose “Add an Item” then “Add Configuration Profile”. Upload the configuration profile from the steps above.
Step 6: Make sure the workflow includes a WiFi network.
Your iOS device must be on WiFi to accept the MDM enrollment profile. If you include both in your workflow, GroundControl will always install WiFi first.
Devices enrolled in MobileIron this way will be assigned to anonymous users. Use MobileIron’s “System – Multi-User Secure Sign-In” policy to easily reassign devices to their proper users.
You may also choose to integrate with MobileIron’s API. To do this, you’ll need to fill in some additional data.
- The address of your server. Often this will just be the server name without an additional path.
- A username and password for a user with the API role.
Test: When you click Test, GroundControl with verify the settings.
Save: When you click Save, credentials will be saved but not verified. Be sure to verify credentials before saving.