On-Premise Installation Guide for Ivanti EPMM and Enterprise Connector 11.4.0.0 - 11.12.0.0

Enroll in the Apple certificate and iDEP programs

Managing iOS devices using Mobile Device Management (MDM) requires a certificate from Apple. Ivanti EPMM uses Apple’s enhanced MDM certificate infrastructure to streamline the process of acquiring and uploading an MDM certificate. You can now complete the following tasks from a single screen within the Admin Portal:

Generate a Certificate Signing Request (CSR)
Upload the CSR
Access the Apple Push Certificates Portal to request a certificate
Upload the MDM certificate

If you already have an MDM certificate, but have not uploaded it, you can upload it from the same screen.

If the Apple MDM certificate is created with a personal Apple ID, control of the certificate is retained by the user. While administrators cannot control the certificate, they can revoke it.
We recommend the account and credentials used to create the MDM certificate be documented and stored in a secure location as this information will be required to generate a new MDM certificate when the existing certificate expires.
If you are configuring Ivanti EPMM to support only MAM-only devices, skip these steps. For more information, see “Managing apps on MAM-only devices” in the Ivanti Apps@Work Guide.

Go to the following topics if you intend to do or have one of the following scenarios:

Develop and distribute in-house apps
Requesting an MDM certificate
Uploading an MDM certificate

Develop and distribute in-house apps

If you intend to develop in-house apps for distribution, then you still need to participate in Apple’s iDEP program. The enhanced MDM certificate infrastructure does not eliminate this requirement.

Requesting an MDM certificate

You can request a mobile device management (MDM) certificate from Apple.

Make sure that appgw.mobileiron.com is reachable from Ivanti EPMM.

Procedure

From the Ivanti EPMM Admin Portal, select Settings > System Settings > iOS > MDM.
Select the Enable MDM Profile option.
Click Install MDM Certificate to open the MDM Certificate Generation window.
Click I want to create a new MDM certificate.
Click Download Certificate Signing Request.
Click the Apple Push Certificates Portal link to start the process of requesting the MDM certificate.
When you receive the certificate, click Upload MDM Certificate to open the Upload MDM Certificate window.
Click Browse to select the MDM certificate.
Click Upload Certificate.

Securely store, in an escrow-like account accessible to more than one individual, the username and credentials used to register with Apple.
Make a note of the date when the MDM certificate expires and set a reminder to renew the certificate before it expires to avoid service outage.
You have the option to create an alert which will notify you if the MDM certificate is revoked.

Uploading an MDM certificate

If you have already requested and received your MDM certificate from Apple, you can upload the certificate using the following steps:

Procedure

Log into the Admin Portal.
Select Settings > System Settings > iOS > MDM.
Select the Enable MDM Profile option to open the MDM Certificate Generation window.
Select I already have an MDM Certificate, and want to upload it.
Note: If you already had a MDM certificate installed, you will see warning dialog. Click OK.
Click Upload MDM Certificate to open the Upload MDM Certificate window.
Click Browse to select the MDM certificate.
Click Upload Certificate.