MDM Integration: Ivanti Neuron (MobileIron Cloud)

This document covers Ivanti Neuron (formerly MobileIron Cloud). For Ivanti Endpoint Manager Mobile (formerly MobileIron Core), see this article.

GroundControl can enroll your devices touch-free. Devices are assigned to anonymous users, but may then be re-assigned to your users. Here’s how to get started with device enrollment:

Download the Enrollment Profile

For non DEP devices, you’ll need to export the MDM profile that connects MAM to MobileIron Cloud.

1. In the Ivanti Neuron console, click Admin > Scroll and locate iOS section to the left of the screen > Click on Apple Configurator.
2. While the Apple Configurator is OFF, set the expiration period to its maximum value: 365 days/1 year.
3. Turn ON Apple Configurator.
4. Insert the desired ‘Default User:’ the person you want devices to be enrolled to by default.
5. Click Save.
6. Click Download underneath that field.

If you are on a Mac, your Mac will try to install the downloaded profile. Don’t do it. Click Cancel. Locate the downloaded file. (It may be called “configurator.mobileconfig”.) We’ll upload this file to GroundControl. You may rename this file if you like, but keep the “.mobileconfig” extension.

Important: Ivanti Neuron does not allow simultaneous use of different configuration profiles. Downloading a new configuration profile will disable any older ones.

Upload the Profile to MAM

1. In MAM, navigate to the Admin tab > MDMs, click + Add and select MobileIron Cloud.
2. Upload the enrollment profile you downloaded above.
3. Now, let’s test by enrolling a device. Create a new Workflow or edit an existing one from the Workflows tab.
4. Add the Enroll in MDM Action to the workflow.
   Your iOS device must be on Wi-Fi to accept the MDM enrollment profile. If you include it in a Workflow, MAM will always install Wi-Fi first.

Ivanti Neuron API Integration for DEP and Non-DEP Devices

API integration with Ivanti Neuron unlocks additional functionality for both DEP and non-DEP devices, including retiring devices and assigning them to different users.

For DEP devices, the Perform MDM Command action appears as option once API integration is configured.

For non-DEP, additional options will become available under the Enroll in MDM action.

Once enabled, you’ll need the following info to configure it:

• The hostname of your Ivanti Neuron server. Often this will just be the server name without an additional path.
• A username and password for a user with the API role in Ivanti Neuron.

Test: When you click Test, MAM will verify the settings and credentials. The ideal Test Connection shows “OK.”

Save:  When you click Save, credentials will be saved but not verified.  Therefore, be sure to verify credentials before saving.