Configuring an MDM profile
The MDM profile specifies the extent to which every device that connects to the SafeLinx Server through the profile must comply with selected MDM requirements. Update an MDM profile to finish configuring a recently created profile, or to customize the settings of an existing profile.
About this task
- Account and network information that is needed to connect to the MDM server.
- How the SafeLinx Server enforces compliance with the MDM.
- The organizational unit in which the resource is defined.
When you run the wizard to create an MDM resource, the profile that is created is configured to use the default settings. Update the profile to modify the current settings.
After you apply updates to an active profile, SafeLinx Server sends a notification to other SafeLinx Server servers that use the profile. In general, the other SafeLinx Servers put the changes into effect immediately. However, there might be a delay before enforcement settings are applied to mobile devices that authenticated recently. The amount of delay depends on the length of the validity period, which by default is four hours.
After you add and enable an MDM profile, the SafeLinx Server queries the MDM service during device authentication to verify the compliance of connecting devices. You can configure the extent to which the SafeLinx Server enforces compliance with the MDM policies, and the length of time that the SafeLinx Server considers information retrieved from the MDM to be valid. You can also specify how the SafeLinx Server handles MDM authentication requests when the MDM service cannot be reached.
Some fields are populated automatically with the values that you provided when you created the profile.
Procedure
- In the SafeLinx Administrator Resources pane, expand the OU where the MDM profile is located, right-click MDM Integration, and then click Open.
- In the MDM integration window, select the MDM configuration that you want to configure and click Properties.
-
Update enforcement settings.
You can specify several settings that define how the MDM profile interacts with the MDM server to enforce compliance for mobile devices.
After a mobile device authenticates through the primary authentication method, for example, LDAP or RADIUS, the SafeLinx Server queries the MDM server for the device status. By default, the SafeLinx Server checks whether the device is registered with the MDM. You can modify the default settings to require the following additional levels of compliance checking:
- Confirm that the device user is the user that is registered by the MDM system for that device.
- Confirm that the device is in compliance with applicable MDM policies and rules. The specific compliance capabilities for a profile vary depending upon the MDM service type of the MDM profile, such as MaaS360®, midpoints, or MobileIron.
-
Update account information.
Note: After you change enforcement settings, devices that do not comply with the new settings might continue to pass authentication for some time. Delayed changes can occur for devices that authenticated successfully within the previously configured validity period. To force immediate device validation, create and apply a new MDM profile.
-
Update network information.
-
To change the organizational unit in which the MDM profile is defined, click the OU tab, click the name of an organizational unit, and then click Apply.
The SafeLinx Administrator Resources tab now displays an MDM Integration resource within the OU that you designated.