MDM Integration: MobileIron Core

Created: Modified: Documentation


This document covers Ivanti Endpoint Manager Mobile (formerly MobileIron Core) and MobileIron Connected Cloud. For MobileIron Cloud, see this article.

Enrollment Only

GroundControl can enroll devices touch-free. Devices are assigned to anonymous users, but may then be re-assigned to Active Directory users.

To export the MDM profile that connects GroundControl to MobileIron:

  1. In the MobileIron console, click Policies & Configs > Configurations >
  2. Locate and click on System – iOS MDM under the Name column of the Configurations tab you’re in. NOTE: It may be on the second page.
  3. Click Export MDM Profile. If you are on a Mac, your Mac will try to install the downloaded profile. Don’t do it. Click Cancel.Screen Shot 2015-11-07 at 10.45.08 AM
  4. Locate the downloaded file. It may be called “shared_mdm_profile.mobileconfig”. This is the file to upload to GroundControl. You may rename this file but keep the “.mobileconfig” extension.
  5. In GroundControl, create a new Workflow or edit an existing one.
  6. Choose Add an Item, then Add Configuration Profile. Upload the configuration profile from step 4.
  7. Make sure the Workflow includes a Wi-Fi network. Your iOS device must be on Wi-Fi to accept the MDM enrollment profile. If you include both in your Workflow, GroundControl will always install Wi-Fi first.

Devices enrolled in MobileIron this way will be assigned to anonymous users. Use MobileIron’s “System – Multi-User Secure Sign-In” policy to easily reassign devices to their proper users.

Integrate with MobileIron API

You may also choose to integrate with MobileIron’s API. To do this, you’ll need to fill in some additional data. You will need a MobileIron Core admin user assigned to be the API role.

MobileIron Core

To assign the API role in MobileIron Core to an admin user:

  1. In MobileIron Core, navigate to Admin > Select user and click to Edit Role.
  2. Scroll down to Other Roles section and select API. Click Save.
  3. (Optional) To support Clear Passcode using the MobileIron APIs, the admin user must also be granted Device Management > Manage devices, restricted permissions. In the Device Management section, select Manage devices, restricted.


  1. In GroundControl, navigate to Admin > MDMs > MobileIron Core and switch API integration to ON.
  2. In the API Settings dialog, configure the API settings for MobileIron Core:
    1. In the Server URL box, add the address for your server. Often this will just be the server name without an additional path.
    2. Type the username and password for the user with the API role.
    3. Click Test to verify the settings. Be sure to verify credentials before saving.
  3. Click Save.