Cisco Systems MaaS360 manual Active Directory/LDAP Integration, AD Group Memberships

Page 20

Figure 13 Cloud Extender AD Configuration

Active Directory/LDAP Integration

Integrating ISE and the MDM to a common directory is important for overall operations. One benefit is the ability to set a requirement that a user periodically change their directory password. If the MDM were using a local directory, it would be nearly impossible to keep the accounts in synchronization. But with a centralized directory structure, password management can be simplified. The main advantage is the ability to establish complementary network and device policy base on group membership. The CVD provides examples of how groups can be used to establish a user’s entitlement to network resources. Likewise, the same group membership can be used to differentiate access to device resources and mobile applications.

AD Group Memberships

Three possible AD groups are presented in the CVD to illustrate their usage—Domain Users,

BYOD_Partial_Access, and BYOD_ Full_Access. ISE establishes the device’s network access based on the associated user’s membership.

Figure 14 shows the policies presented in the CVD.

20Integrating Fiberlink MaaS360 with Cisco Identity Services Engine

Image 20

Contents Revised August 6 Page Page Fiberlink MaaS360 Capabilities and Features OverviewCapability Features Fiberlink MaaS360-Key Capabilities Deployment Models Getting Fiberlink MaaS360 Ready for ISE Import MDM Certificate to ISEExporting the MDM Site Certificate with Internet Explorer Grant ISE Access to the Fiberlink MaaS360 API Manage Administrator Account Add Account Add MDM Server to ISE Configure the MDM API on ISE Verify Connectivity to MDM Message ExplanationReview MDM Dictionaries Enterprise Integration DMZFiberlink MaaS360 Cloud Extender Download Cloud Extender Installation Wizard Active Directory/LDAP Integration AD Group MembershipsOwnership User Group Restrictions MDM Profiles Create Policies Shows the flow of this process Mobile Client Application-Fiberlink MaaS360 Agent MDM APNS/GCNDevice Ownership User Experience MDM On-boardingMDM Enrollment MDM Enrollment-Terms of Acceptance Enterprise Application Store Pass Code ComplexityInstallation of Maas360 Application Corporate Data Data at-RestCorporate Wipe Forced CoA from ISEISE Compliance versus MDM Compliance Verify Device ComplianceEnd User Portal Action Type Options Device Compliance/Restrictions Device Scanning IntervalsPINLockStatus Manually Updating the MDM ServerRegisterStatus Manage Lost/Stolen DevicesJailbroken or Rooted devices Application Distribution Cisco Applications Jabber, etc Conclusion Disclaimer