Cisco Systems MaaS360 manual User Experience, MDM On-boarding

Page 27

User Experience

For the most part, the fact that a device is under management is seamless to the user. If they are running the mobile client application as recommended for ISE compliance checks, then the user will have some additional information about their device that will be useful for troubleshooting with ISE. Users will also be required to complete the on-boarding procedure.

MDM On-boarding

The workflow that users must complete to on-board their device is set by the ISE policy. As presented in the CVD, the user will first on-board with ISE. When the user first joins the BYOD_Employee SSID, ISE will check the device’s MDM Registration status through the MDM API. If the device is not registered, then a captive ACL is activated. This ACL will allow Internet access, but will capture any attempts to access corporate resources. A full explanation is provided in the CVD. The device requires Internet access to complete the MDM on-boarding process, including downloading the client application from either the Google Play Store or the Apple App Store. When the device is captured the user will be presented with a screen that includes two buttons. The first will redirect the client to the MDM registration page. and the second issues a CoA to force a re-evaluation of the Authorization policy after MDM enrollment completes.

Android users must load the Maas360 client application on their device prior to enrolling the device with the MDM server. This can be done from either the provisioning network or the employee network. However, it is not automatic. The enterprise will need to educate Android users of this restriction.

When the user lands on the Fiberlink MaaS360 registration page, they will be guided through self-explanatory steps to enroll their device.

Once the credentials are validated, a profile including the MDM payload and associated certificate, is installed on the device and the user is notified that the on-boarding process is complete. At the end of the enrollment, user will receive a notification from Fiberlink MaaS360 to install Maas360 Agent.

Integrating Fiberlink MaaS360 with Cisco Identity Services Engine

27

 

 

Image 27
Contents Revised August 6 Page Page Overview Fiberlink MaaS360 Capabilities and FeaturesCapability Features Fiberlink MaaS360-Key Capabilities Deployment Models Import MDM Certificate to ISE Getting Fiberlink MaaS360 Ready for ISEExporting the MDM Site Certificate with Internet Explorer Grant ISE Access to the Fiberlink MaaS360 API Manage Administrator Account Add Account Add MDM Server to ISE Configure the MDM API on ISE Message Explanation Verify Connectivity to MDMReview MDM Dictionaries DMZ Enterprise IntegrationFiberlink MaaS360 Cloud Extender Download Cloud Extender Installation Wizard AD Group Memberships Active Directory/LDAP IntegrationOwnership User Group Restrictions MDM Profiles Create Policies Shows the flow of this process MDM APNS/GCN Mobile Client Application-Fiberlink MaaS360 AgentDevice Ownership MDM On-boarding User ExperienceMDM Enrollment MDM Enrollment-Terms of Acceptance Pass Code Complexity Enterprise Application StoreInstallation of Maas360 Application Data at-Rest Corporate DataForced CoA from ISE Corporate WipeVerify Device Compliance End User PortalISE Compliance versus MDM Compliance Action Type Options Device Scanning Intervals Device Compliance/RestrictionsManually Updating the MDM Server PINLockStatusManage Lost/Stolen Devices Jailbroken or Rooted devicesRegisterStatus Application Distribution Cisco Applications Jabber, etc Disclaimer Conclusion