User Experience
For the most part, the fact that a device is under management is seamless to the user. If they are running the mobile client application as recommended for ISE compliance checks, then the user will have some additional information about their device that will be useful for troubleshooting with ISE. Users will also be required to complete the on-boarding procedure.
MDM On-boarding
The workflow that users must complete to on-board their device is set by the ISE policy. As presented in the CVD, the user will first on-board with ISE. When the user first joins the BYOD_Employee SSID, ISE will check the device’s MDM Registration status through the MDM API. If the device is not registered, then a captive ACL is activated. This ACL will allow Internet access, but will capture any attempts to access corporate resources. A full explanation is provided in the CVD. The device requires Internet access to complete the MDM on-boarding process, including downloading the client application from either the Google Play Store or the Apple App Store. When the device is captured the user will be presented with a screen that includes two buttons. The first will redirect the client to the MDM registration page. and the second issues a CoA to force a re-evaluation of the Authorization policy after MDM enrollment completes.
Android users must load the Maas360 client application on their device prior to enrolling the device with the MDM server. This can be done from either the provisioning network or the employee network. However, it is not automatic. The enterprise will need to educate Android users of this restriction.
When the user lands on the Fiberlink MaaS360 registration page, they will be guided through self-explanatory steps to enroll their device.
Once the credentials are validated, a profile including the MDM payload and associated certificate, is installed on the device and the user is notified that the on-boarding process is complete. At the end of the enrollment, user will receive a notification from Fiberlink MaaS360 to install Maas360 Agent.
Integrating Fiberlink MaaS360 with Cisco Identity Services Engine | 27 |
| |