Configuring the MobileIron MDM

To configure the MobileIron MDM:

1. Enroll devices in the MDM using the methods supported by the MDM.
2. Create a Simple Certificate Enrollment Protocol (SCEP) configuration that specifies the field and type of identifier for client device certificates.
   The MDM configuration templates provide flexibility in how the device identifier can be placed in the device certificate’s subject or alternative subject. We recommend you include the user ID in the certificate, so the certificate can identify both the user and the device. For example:
   CN=<DEVICE_UUID>, uid=<USER_ID>, o=Company
3. Create a Wi-Fi configuration that specifies the SSID and security options. During the enrollment process, this profile is provisioned to the device. Select the SCEP configuration completed in Step 2.
4. Select the Wi-Fi Profile configuration and apply it to a group label you have provisioned to manage this group of devices.

   Wi-Fi connect fails if it is configured to use a device certificate that is signed by an intermediate CA and selects this in Wi-Fi profile trusted CA. Root CA has to be selected to properly work.

5. Apply the group label to the devices when you add them to the MDM. If they have already been added to the MDM, use the edit configuration utilities in the device inventory page to apply the group label.