Fortinet white logo
Fortinet white logo

EMS Administration Guide

MDM Integration

MDM Integration

You can configure integration with a mobile device management (MDM) platform, such as VMware Workspace ONE. The following table provides descriptions for options that are common to all supported MDM platforms:

Option

Description

Enable MDM Integration

Enable MDM integration configuration.

Vendor

Select the desired MDM platform. This feature supports the following:

  • VMware Workspace ONE

  • Microsoft Intune

  • Jamf

Test Connection

After configuring other fields as the following tables describe, verify that EMS can communicate with the MDM platform.

For details on deployments using MDM, see:

The following provides descriptions for options that are specific to each MDM platform:

Workspace ONE

Option

Description

Site URL

Enter your site URL. Workspace ONE is a software-as-a-service deployment and each enterprise has a unique URL. The URL format is https://<unique identifier>.awmdm.com/api.

Smart Group Name

Enter the name of the Workspace ONE assignment group that contains the mobile devices to issue zero trust network access certificates to.

Authorization Type

Select Basic Auth, Certificate, or OAuth 2.0 for the authorization between EMS and Workspace ONE.

The on-premise version of Workspace ONE does not support OAuth. When using OAuth, ensure that you are using the SaaS version of Workspace ONE.

API Key

Available if you selected Basic Auth or Certificate for the authorization type. Enter the API key value from Workspace ONE.

Username

Available if you selected Basic Auth for the authorization type. Enter the Workspace ONE username.

Certificate

Available if you selected Certificate for the authorization type. Upload the certificate that you exported from Workspace ONE. You must create an admin user with certificate authentication and the Console Administrator role in Workspace ONE, and then export hthe certificate.

Password

Available if you selected Basic Auth or Certificate for the authorization type. Enter the Workspace ONE password.

Region

Available if you selected OAuth 2.0 for the authorization type. Select your assigned geographic region. For redundancy, VMware has set up multiple servers to generate OAuth tokens

Client ID

Available if you selected OAuth 2.0 for the authorization type. Enter the client ID from the Workspace ONE portal.

Client Secret

Available if you selected OAuth 2.0 for the authorization type. Enter the client secret from the Workspace ONE portal.

Microsoft Intune

Option

Description

Tenant ID

Enter the tenant ID from Intune.

Authorization Type

Select Client Secret or Certificate for the authorization between EMS and Intune.

Client ID

Enter the client ID from Intune.

Client Secret

Enter the client secret from Intune.

Certificate

Available if you selected Certificate for the authorization type. Upload the certificate from Intune.

Jamf

Option

Description

Site URL

Enter your site URL.

Username

Enter the Jamf username.

Password

Enter the Jamf password.

Site Name

This field is optional. Enter the Jamf site name.

ManageEngine MDM Plus

Option

Description

Deployment Select On-Premise or Cloud depending on your ManageEngine Mobile Device Manager (MDM) Plus deployment.

Site URL

Available for on-premise ManageEngine MDM. Enter your site URL. ManageEngine MDM Plus is a software-as-a-service deployment and each enterprise has a unique URL.

API Key

Available for on-premise ManageEngine MDM. Enter the API key value from ManageEngine MDM.

Region

Available for cloud ManageEngine MDM. Select your assigned geographic region. For redundancy, ManageEngine MDM has set up multiple servers.

Client ID

Enter the client ID from ManageEngine MDM.

Client Secret

Enter the client secret from ManageEngine MDM.

MDM Integration

MDM Integration

You can configure integration with a mobile device management (MDM) platform, such as VMware Workspace ONE. The following table provides descriptions for options that are common to all supported MDM platforms:

Option

Description

Enable MDM Integration

Enable MDM integration configuration.

Vendor

Select the desired MDM platform. This feature supports the following:

  • VMware Workspace ONE

  • Microsoft Intune

  • Jamf

Test Connection

After configuring other fields as the following tables describe, verify that EMS can communicate with the MDM platform.

For details on deployments using MDM, see:

The following provides descriptions for options that are specific to each MDM platform:

Workspace ONE

Option

Description

Site URL

Enter your site URL. Workspace ONE is a software-as-a-service deployment and each enterprise has a unique URL. The URL format is https://<unique identifier>.awmdm.com/api.

Smart Group Name

Enter the name of the Workspace ONE assignment group that contains the mobile devices to issue zero trust network access certificates to.

Authorization Type

Select Basic Auth, Certificate, or OAuth 2.0 for the authorization between EMS and Workspace ONE.

The on-premise version of Workspace ONE does not support OAuth. When using OAuth, ensure that you are using the SaaS version of Workspace ONE.

API Key

Available if you selected Basic Auth or Certificate for the authorization type. Enter the API key value from Workspace ONE.

Username

Available if you selected Basic Auth for the authorization type. Enter the Workspace ONE username.

Certificate

Available if you selected Certificate for the authorization type. Upload the certificate that you exported from Workspace ONE. You must create an admin user with certificate authentication and the Console Administrator role in Workspace ONE, and then export hthe certificate.

Password

Available if you selected Basic Auth or Certificate for the authorization type. Enter the Workspace ONE password.

Region

Available if you selected OAuth 2.0 for the authorization type. Select your assigned geographic region. For redundancy, VMware has set up multiple servers to generate OAuth tokens

Client ID

Available if you selected OAuth 2.0 for the authorization type. Enter the client ID from the Workspace ONE portal.

Client Secret

Available if you selected OAuth 2.0 for the authorization type. Enter the client secret from the Workspace ONE portal.

Microsoft Intune

Option

Description

Tenant ID

Enter the tenant ID from Intune.

Authorization Type

Select Client Secret or Certificate for the authorization between EMS and Intune.

Client ID

Enter the client ID from Intune.

Client Secret

Enter the client secret from Intune.

Certificate

Available if you selected Certificate for the authorization type. Upload the certificate from Intune.

Jamf

Option

Description

Site URL

Enter your site URL.

Username

Enter the Jamf username.

Password

Enter the Jamf password.

Site Name

This field is optional. Enter the Jamf site name.

ManageEngine MDM Plus

Option

Description

Deployment Select On-Premise or Cloud depending on your ManageEngine Mobile Device Manager (MDM) Plus deployment.

Site URL

Available for on-premise ManageEngine MDM. Enter your site URL. ManageEngine MDM Plus is a software-as-a-service deployment and each enterprise has a unique URL.

API Key

Available for on-premise ManageEngine MDM. Enter the API key value from ManageEngine MDM.

Region

Available for cloud ManageEngine MDM. Select your assigned geographic region. For redundancy, ManageEngine MDM has set up multiple servers.

Client ID

Enter the client ID from ManageEngine MDM.

Client Secret

Enter the client secret from ManageEngine MDM.