Tasks before configuring Ivanti Neurons for MDM
Before configuring Ivanti Neurons for MDM for derived credentials, the following tasks are necessary depending on your derived credential provider, device platform, and use of derived credentials:
|
Task |
Derived credential providers |
Device platforms |
|
Entrust |
iOS, Android |
|
|
Setting up Microsoft Exchange for certificate authentication |
Any |
iOS, Android |
|
DISA Purebred |
iOS |
Setting up your Entrust self-service portal
Applicable derived credential providers and device platforms
| Derived credential providers |
Entrust |
|
Device platforms |
iOS, Android |
Set up an Entrust self-service portal for your device users, and provide a URL for each of the following:
-
the Entrust IdentityGuard Self-Service Module (SSM) URL
You configure Ivanti Neurons for MDM with this URL. The URL is used when a device user generates the one-time Ivanti registration PIN and requests a derived credential on the Ivanti Neurons for MDM Self-Service Portal. The request causes the Ivanti Neurons for MDM Self-Service Portal to redirect the browser to this URL.
Work with Entrust to ensure that the Entrust IdentityGuard SSM is set up to pass the activation link and its expiration time to Ivanti Neurons for MDM. Also, make sure the Entrust IdentityGuard SSM has callback enabled so it can redirect the browser back to Ivanti Neurons for MDM.
-
the Entrust URL for getting a QR (Quick Response) code and Entrust activation password.
Inform device users of this URL.
Depending on your Entrust setup, these URLs could be the same.
Work with Entrust to ensure that the Entrust IdentityGuard server is set up to pass the activation link and its expiration time to Ivanti Neurons for MDM. Also, make sure the server is enabled to callback (redirect back to) Ivanti Neurons for MDM after
Setting up Microsoft Exchange for certificate authentication
Applicable derived credential providers and device platforms
|
Derived credential providers |
Any |
|
Device platforms |
iOS, Android |
If you are setting up Email+ for iOS or Email+ for Android so that device users authenticate to Microsoft Exchange with derived credentials, you must set up Microsoft Exchange to accept certificate authentication.
Installing the DISA Purebred Registration app on devices
Applicable derived credential providers and device platforms
|
Derived credential providers |
DISA Purebred |
|
Device platforms |
iOS |
If you use DISA Purebred derived credentials, make sure the iOS devices have the DISA Purebred Registration app installed. Device users use the DISA Purebred Registration app to get the Purebred derived credential. The app passes the credential’s certificates to the PIV-D Manager app, which in turn passes them to Go for iOS.