This section provides a more detailed description of the configuration steps referenced in Overview of configuration on Ivanti EPMM. The following configurations are described:
- Configuring SCEP settings
- Configuring an AppTunnel service
- Updating the AppConnect app configuration for Ivanti Email+
Create a SCEP setting if your Exchange server and the EWS service require certificate authentication. You will reference the name of SCEP setting in the AppConnect configuration for Email+ to generate the login certificate for Email+, so that the Exchange server and EWS trust the device.
- In the Admin Portal, go to Policies & Configs > Configurations.
- Select Add New > Certificate Enrollment > SCEP.
- In the New SCEP Setting window, configure the settings based on your SCEP requirements.
- Click Save to save the SCEP setting.
- Click OK to dismiss the prompt indicating the successful creation of your SCEP setting.
- You will reference this SCEP setting in the AppConnect app configuration for Email+ using the key email_login_certificate.
- “Configuring SCEP” in the Ivanti EPMM Device Management Guide for iOS and macOS Devices.
You create an AppTunnel service in Standalone Sentry as part of an AppTunnel setup.
Before you begin
Ensure that you have a Standalone Sentry that is set up for AppTunnel and the necessary device authentication is also configured. See “Configuring Standalone Sentry for app tunneling” in the Ivanti Sentry Installation Guide.
- In the Ivanti EPMM Admin Portal, go to Services > Sentry.
- Edit the entry for the Standalone Sentry that supports AppTunnel.
- In the App Tunneling Configuration section, under Services, click + to add a new service.
- Use the following guidelines to configure an AppTunnel service:
The Service Name is used in the AppConnect app configuration for Email+.
Select the Standalone Sentry
Server SPN List
- Click Save.
Update the AppConnect app configuration for Email+ for iOS, so that Email+ on iOS devices is authorized to get real-time notifications from CNS.
- In the Ivanti EPMM Admin Portal, go to Policy & Configs > Configurations.
- Select the AppConnect app configuration you created for Email+.
- Click Edit.
- Add an AppTunnel rule that points to the Standalone Sentry on which you configured the AppTunnel service.
- For URL Wildcard, enter the Exchange server’s IP address or FQDN.
- For Identity Certificate, select the Certificate Enrollment setting you configured for Standalone Sentry. You would have created the Certificate Enrollment setting as part of the Standalone Sentry setup for identity certificate with Pass through.
- Add the necessary key-value pairs.
- Click Save.
- Ensure that the configuration is applied to the labels that contain the devices to which you want to push the configuration. The updated AppConnect app configuration for Email+ for iOS will be sent to devices at the next sync interval.
See Key-value pairs for real-time push notifications for a list of key-value pairs.