cancel
Showing results for 
Search instead for 
Did you mean: 

MobileIron Integration

MobileIron Integration

Anonymous
Not applicable
Hi,

Currently in the process of integrating MobileIron and wondering if anyone has any experience, guidance or any literature on the process.

What I currently have is the 'Install Guide Extreme Connect 2016.pdf' which is very helpful in guiding me how to configure the API integration, the elements in MobileIron I need to configure and some of the customisation I can introduce to on-board devices like the 'Register with MobileIron' button.

Where I'm a little at a loss is configuring the Guest Web Registration piece. I assume I configure this as normal, but its how to tie it into the MobileIron piece I'm stuck.

Think all I perhaps have to do is associate the various MobileIron End-system groups to the various stages of registration?

Its possible I could work it out but wanted to throw this out to the community to see if there was anything out there to assist me further?

Also, any additional documentation I can grab my hands on as its useful to read and at least be aware of what all my options might be.

Many thanks in advance.
11 REPLIES 11

Bin
Extreme Employee
Hello Martin,

Thank you so much for your post.
I am not familiar with MobileIron Integration. So sorry that I could not help you more.

Kindly request you could keep posting your step if your could find the solution.

Many thanks in advanced.

Anonymous
Not applicable
Thanks Bin.

Have been playing with this and the setup on the Extreme side seems pretty simple, in that I just needed to enable the MDM module in connect, put in the credentials to talk to the API and leave everything else as default.

Just created three rules in NAC ass follows:

MDM Business -> End-System (Managed Mobile Devices Business) -> Allow Profile
MDM Personal -> End-System (Managed Mobile Devices Personal) -> Allow Profile
MDM Decommissioned -> (Managed Mobile Devices Decommissioned) -> Deny Profile

Also followed the instruction in the 'Install Guide Extreme Connect 2016' for setting up web registration for custom 'Register with MobileIron' button.

The problem I seem to be experiencing at the moment is what looks to be a rights issue on MobileIron. To validate that I used the 'Postman' addin in Chrome and simulated connecting to the MobileIron API.

To do that if you go to the link below inside Postman:

https://MDMSERVER/api/v1/dm/devices/

Set the Authorisation to type 'Basic Auth' and enter the username and password configured on MobileIron. Then go to the 'Headers' tab and enter the following:

"Accept" : "application/xml"

Once done, update request and send.

The problem I am then getting is the following:



HTTP Status 403 - Access is denied


You are unauthorized to access this page.





Some screenshots below. Have set the account in MobileIron to be able to use API. The MobileIron version is 9.4.

The Debug messages when enabled on the MDM module show the following error:
2017-10-06 11:34:46,816 ERROR [com.enterasys.fusion.modules.MobileIronHandler] org.xml.sax.SAXParseException; lineNumber: 10670; columnNumber: 31; An invalid XML character (Unicode: 0x17) was found in the element content of the document.

fb2bef9e8fbb4d61851490c79083aaa3_RackMultipart20171007-29769-h1e7bl-Postman1_inline.png



fb2bef9e8fbb4d61851490c79083aaa3_RackMultipart20171007-13772-1cnk3za-Postman2_inline.png



So if anyone is familiar with this issue, or has a step by step guide in how to setup API user rights / access for MobileIron v9.4 that might help?

If I finally get it working in the meantime I'll post the steps.

Thanks

Bin
Extreme Employee
Hello Martin,

Here is one Youtube video to introduce MobileIron Integration with ExtremeControl(Enterasys Moblie IAM).

https://www.youtube.com/watch?v=edilmWxSryE

Best regards,
Bin

Anonymous
Not applicable
Hi Darin,

Thanks for taking the time post the screenshots.

Thinking about this, its probably easier than I thought. Perhaps all I need to do in NAC is just create some rules that test if the devices MAC address are in the specific MobileIron End-System groups and apply the roles based on that.

The Web Registration just allows you to on-board a device through the registration page?

Guess that's all that's really too it once all the backend / API is setup?

Will be trying this soon, so will post my results.

Thanks.
GTM-P2G8KFN