MDM Integration: MobileIron Cloud

Created: Modified: Documentation


This document covers MobileIron Cloud. For MobileIron Core and MobileIron Connected Cloud see this article.

GroundControl can enroll your devices touch-free. Devices are assigned to anonymous users, but may then be re-assigned to your users. Here’s how to get started with device enrollment:

Download the Enrollment Profile

First, you’ll need to export the MDM profile that connects GroundControl to MobileIron Cloud:

  1. In the MobileIron Cloud console, click Admin > Scroll and locate Apple/iOS section to the left of the screen > Click on Apple Configurator.
  2. While the Apple Configurator is OFF, set the expiration period to its maximum value: 365 days/1 year.
  3. Turn ON Apple Configurator.
  4. Select the Default User: the person you want devices to be enrolled to by default
  5.  Click Download


If you are on a Mac, your Mac will try to install the downloaded profile. Don’t do it. Click Cancel. Locate the downloaded file. (It may be called “configurator.mobileconfig”.) We’ll upload this file to GroundControl. You may rename this file if you like, but keep the “.mobileconfig” extension.

Important: Mobile Iron Cloud does not allow simultaneous use of different configuration profiles. Downloading a new configuration profile will disable any older ones.

Upload the Profile to GroundControl
  1. In GroundControl, navigate to the Admin tab > MDMs, click “+ Add” and Select MobileIron Cloud
  2. Upload the enrollment profile you downloaded above.
  3. Now, let’s test by enrolling a device. Create a new workflow or edit an existing one from the Workflows tab.
  4. Add the Enroll in MDM Action to the workflow. Your iOS device must be on WiFi to accept the MDM enrollment profile. If you include it in a workflow (good idea) GroundControl will always install WiFi first.
MobileIron Cloud API Integration

API integration with MobileIron Cloud unlocks additional functionality, including retiring devices and assigning them to different users.


Once enabled, you’ll need the following info to configure it:

  • The hostname of your server. Often this will just be the server name without an additional path.
  • A username and password for a user with the API role.

Test: When you click Test, GroundControl will verify the settings and credentials. The ideal Test Connection shows “OK.”

Save:  When you click Save, credentials will be saved but not verified.  Therefore, be sure to verify credentials before saving.