ExtremeCloud IQ- Site Engine & Extreme Management Center

  • 1.  MobileIron Integration

    Posted 10-05-2017 07:48

    Currently in the process of integrating MobileIron and wondering if anyone has any experience, guidance or any literature on the process.

    What I currently have is the 'Install Guide Extreme Connect 2016.pdf' which is very helpful in guiding me how to configure the API integration, the elements in MobileIron I need to configure and some of the customisation I can introduce to on-board devices like the 'Register with MobileIron' button.

    Where I'm a little at a loss is configuring the Guest Web Registration piece. I assume I configure this as normal, but its how to tie it into the MobileIron piece I'm stuck.

    Think all I perhaps have to do is associate the various MobileIron End-system groups to the various stages of registration?

    Its possible I could work it out but wanted to throw this out to the community to see if there was anything out there to assist me further?

    Also, any additional documentation I can grab my hands on as its useful to read and at least be aware of what all my options might be.

    Many thanks in advance.

  • 2.  RE: MobileIron Integration

    Posted 10-05-2017 08:15
    We currently use Mobile Iron as our MDM but are getting rid of it and switching to Microsoft Intunes MDM. We utilize OneFabric Connect as the API to interface MobileIron with our Extreme Access Control NAC. With Intunes we won’t use OFConnect but will use the NAC utility to manage Mac addresses in NAC groups.

  • 3.  RE: MobileIron Integration

    Posted 10-05-2017 08:15
    Microsoft intunes will be supported by Extreme Connect (OneFabricConnect) soon.

  • 4.  RE: MobileIron Integration

    Posted 10-05-2017 08:15
    Any timeframe that you could share? We just got Intunes in place so would love to try it when it is available

  • 5.  RE: MobileIron Integration

    Posted 10-05-2017 08:15
    Please contact me directly if you want to be “early adopter” even for testing = not production. We are searching for volunteers now 🙂 so production extremely soon. 🙂 My contact is zpala&extreme... Thx Z.

  • 6.  RE: MobileIron Integration

    Posted 10-05-2017 08:23
    Hi Darin,

    You could be useful source of information as the customer I am currently working is likely to be doing the same thing.

    Is there anything you can share on how things are setup your end to assist me in my endeavour, possibly any screenshots maybe?

    Many thanks.

  • 7.  RE: MobileIron Integration

    Posted 10-05-2017 10:03

  • 8.  RE: MobileIron Integration

    Posted 10-05-2017 10:03

  • 9.  RE: MobileIron Integration

    Posted 10-05-2017 13:37
    Hi Darin,

    Thanks for taking the time post the screenshots.

    Thinking about this, its probably easier than I thought. Perhaps all I need to do in NAC is just create some rules that test if the devices MAC address are in the specific MobileIron End-System groups and apply the roles based on that.

    The Web Registration just allows you to on-board a device through the registration page?

    Guess that's all that's really too it once all the backend / API is setup?

    Will be trying this soon, so will post my results.


  • 10.  RE: MobileIron Integration

    Posted 10-07-2017 05:57
    Hello Martin,

    Here is one Youtube video to introduce MobileIron Integration with ExtremeControl(Enterasys Moblie IAM).


    Best regards,

  • 11.  RE: MobileIron Integration

    Posted 10-07-2017 06:25
    Thanks Bin.

    Have been playing with this and the setup on the Extreme side seems pretty simple, in that I just needed to enable the MDM module in connect, put in the credentials to talk to the API and leave everything else as default.

    Just created three rules in NAC ass follows:

    MDM Business -> End-System (Managed Mobile Devices Business) -> Allow Profile
    MDM Personal -> End-System (Managed Mobile Devices Personal) -> Allow Profile
    MDM Decommissioned -> (Managed Mobile Devices Decommissioned) -> Deny Profile

    Also followed the instruction in the 'Install Guide Extreme Connect 2016' for setting up web registration for custom 'Register with MobileIron' button.

    The problem I seem to be experiencing at the moment is what looks to be a rights issue on MobileIron. To validate that I used the 'Postman' addin in Chrome and simulated connecting to the MobileIron API.

    To do that if you go to the link below inside Postman:


    Set the Authorisation to type 'Basic Auth' and enter the username and password configured on MobileIron. Then go to the 'Headers' tab and enter the following:

    "Accept" : "application/xml"

    Once done, update request and send.

    The problem I am then getting is the following:


    HTTP Status 403 - Access is denied

    You are unauthorized to access this page.

    Some screenshots below. Have set the account in MobileIron to be able to use API. The MobileIron version is 9.4.

    The Debug messages when enabled on the MDM module show the following error:
    2017-10-06 11:34:46,816 ERROR [com.enterasys.fusion.modules.MobileIronHandler] org.xml.sax.SAXParseException; lineNumber: 10670; columnNumber: 31; An invalid XML character (Unicode: 0x17) was found in the element content of the document.

    So if anyone is familiar with this issue, or has a step by step guide in how to setup API user rights / access for MobileIron v9.4 that might help?

    If I finally get it working in the meantime I'll post the steps.


  • 12.  RE: MobileIron Integration

    Posted 10-07-2017 06:25
    Hello Martin,

    Thank you so much for your post.
    I am not familiar with MobileIron Integration. So sorry that I could not help you more.

    Kindly request you could keep posting your step if your could find the solution.

    Many thanks in advanced.