Fortinet black logo

Administration Guide

MDM services

Copy Link
Copy Doc ID 825689eb-200d-11e9-b6f6-f8bc1258b856:422594
Download PDF

MDM services

MDM Services allows you to configure the connection or integration between FortiNAC and a Mobile Device Management (MDM) system. FortiNAC and the MDM system work together sharing data via an API to secure the network. FortiNAC leverages the data in the MDM database and registers hosts using that data as they connect to the network.

Note

Proxy communication is not supported.

Supported vendors

For information about supported vendors, see the Fortinet Documentation Library.

Settings

Field

Definition

MDM Vendor

Name of the vendor of the MDM system.

Name

Name of the connection configuration for the connection between an MDM system and FortiNAC.

Request URL

The URL for the API to which FortiNAC must connect to request data. This will be a unique URL based on your MDM system.

Identifier

A type of key used to identify FortiNAC to the MDM server. This field is not required for all MDM products.

In the case of AirWatch, this is the API Key generated during the AirWatch Configuration. An API key is a unique code that identifies the FortiNAC server to AirWatch and is part of the authentication process for AirWatch.

Application ID

Enter the application ID.

Platform ID

Enter the platform version number.

Application Version

Enter the application version number.

Access Key

Enter the application access key (API key).

User ID

User name of the account used by FortiNAC to log into the MDM system when requesting data.

Password

Password for the account used by FortiNAC to log into the MDM system when requesting data.

This field displays only when adding a new MDM connection configuration. It is not displayed in the table of MDM servers.

Poll Interval

Indicates how often FortiNAC should poll the MDM system for information.

Last Poll

Date and time of the last poll.

Last Successful Poll

Date and time of the last poll that successfully retrieved data.

Create Date

Date that this connection configuration was set up.

On Demand
Registration

If enabled, when an unknown host reaches the captive portal, FortiNAC queries the MDM server for information about that host. If the host exists in the MDM server, it is registered in FortiNAC using the data from the MDM server.

Revalidate Health Status On Connect

If enabled, when the host connects to the network FortiNAC queries the MDM server to determine if the host is compliant with MDM policies. NOTE: This setting is disabled by default. When enabled, the MDM may not be able to manage the rate of queries from FortiNAC, causing performance issues. Instead of enabling Revalidate Health Status On Connect, you can enable automatic registration polling to occur once a day, which will also retrieve Health Status, but with less frequency.

Remove Hosts

If enabled, when FortiNAC polls the MDM server it deletes hosts from the FortiNAC database if they have been removed or disabled on the MDM server.

Update Applications

If enabled, when FortiNAC polls the MDM server it retrieves and stores the Application Inventory for hosts that are in the FortiNAC database. NOTE: This setting is disabled by default. When enabled, the MDM may not be able to manage the rate of queries from FortiNAC, causing performance issues.

Last Modified By

User name of the last user to modify the connection configuration.

Last Modified Date

Date and time of the last modification to this connection configuration.

Right click options

Delete

Deletes the MDM Service.

Modify

Opens the Modify MDM Service dialog.

Poll Now

Polls the MDM server immediately.

Show Audit Log

Opens the Admin Auditing Log showing all changes made to the selected item.

For information about the Admin Auditing Log, see Admin auditing.

Note

You must have permission to view the Admin Auditing Log. See Add an admin profile.

Test Connection

Tests the connection between the selected MDM server and FortiNAC. Error messages indicate which fields are missing or incorrect.

Buttons

Add

Opens the Add MDM Service dialog.

Modify

Opens the Modify MDM Service dialog.

Export

Exports the data displayed to a file in the default downloads location. File types include CSV, Excel, PDF or RTF. See Export data.

Test Connection

Tests the connection between the selected MDM server and FortiNAC. Error messages indicate which fields are missing or incorrect.

Poll Now

Polls the MDM server immediately.

Add/modify MDM service

  1. Click System > Settings.
  2. Expand the System Communication folder.
  3. Select MDM Service from the tree.
    1. To modify a record: Select a MDM Service record from the table and click Modify.
    2. To add a new record: Click Add at the bottom of the window.
  4. Use the settings for the MDM Services to enter the MDM Service information.
  5. Click OK to save.
Note

When integrating an MDM with FortiNAC, if there is more than one FortiNAC with an NCM, it is only necessary to configure the integration on one of the FortiNAC Servers. The host records will be propagated on demand to the other FortiNAC Servers.

Note

The Revalidate Health Status On Connect and Update Applications settings are disabled by default. When enabled, the MDM may not be able to manage the rate of queries from FortiNAC, causing performance issues.

Note

Instead of enabling Revalidate Health Status On Connect, you can enable automatic registration polling to occur once a day, which will also retrieve Health Status, but with less frequency.

Delete MDM service

  1. Click System > Settings.
  2. Expand the System Communication folder.
  3. Select MDM Service from the tree.
  4. Select an MDM Service record from the table.
  5. Click Delete at the bottom of the window.
  6. Click Yes on the confirmation message.

MDM services

MDM Services allows you to configure the connection or integration between FortiNAC and a Mobile Device Management (MDM) system. FortiNAC and the MDM system work together sharing data via an API to secure the network. FortiNAC leverages the data in the MDM database and registers hosts using that data as they connect to the network.

Note

Proxy communication is not supported.

Supported vendors

For information about supported vendors, see the Fortinet Documentation Library.

Settings

Field

Definition

MDM Vendor

Name of the vendor of the MDM system.

Name

Name of the connection configuration for the connection between an MDM system and FortiNAC.

Request URL

The URL for the API to which FortiNAC must connect to request data. This will be a unique URL based on your MDM system.

Identifier

A type of key used to identify FortiNAC to the MDM server. This field is not required for all MDM products.

In the case of AirWatch, this is the API Key generated during the AirWatch Configuration. An API key is a unique code that identifies the FortiNAC server to AirWatch and is part of the authentication process for AirWatch.

Application ID

Enter the application ID.

Platform ID

Enter the platform version number.

Application Version

Enter the application version number.

Access Key

Enter the application access key (API key).

User ID

User name of the account used by FortiNAC to log into the MDM system when requesting data.

Password

Password for the account used by FortiNAC to log into the MDM system when requesting data.

This field displays only when adding a new MDM connection configuration. It is not displayed in the table of MDM servers.

Poll Interval

Indicates how often FortiNAC should poll the MDM system for information.

Last Poll

Date and time of the last poll.

Last Successful Poll

Date and time of the last poll that successfully retrieved data.

Create Date

Date that this connection configuration was set up.

On Demand
Registration

If enabled, when an unknown host reaches the captive portal, FortiNAC queries the MDM server for information about that host. If the host exists in the MDM server, it is registered in FortiNAC using the data from the MDM server.

Revalidate Health Status On Connect

If enabled, when the host connects to the network FortiNAC queries the MDM server to determine if the host is compliant with MDM policies. NOTE: This setting is disabled by default. When enabled, the MDM may not be able to manage the rate of queries from FortiNAC, causing performance issues. Instead of enabling Revalidate Health Status On Connect, you can enable automatic registration polling to occur once a day, which will also retrieve Health Status, but with less frequency.

Remove Hosts

If enabled, when FortiNAC polls the MDM server it deletes hosts from the FortiNAC database if they have been removed or disabled on the MDM server.

Update Applications

If enabled, when FortiNAC polls the MDM server it retrieves and stores the Application Inventory for hosts that are in the FortiNAC database. NOTE: This setting is disabled by default. When enabled, the MDM may not be able to manage the rate of queries from FortiNAC, causing performance issues.

Last Modified By

User name of the last user to modify the connection configuration.

Last Modified Date

Date and time of the last modification to this connection configuration.

Right click options

Delete

Deletes the MDM Service.

Modify

Opens the Modify MDM Service dialog.

Poll Now

Polls the MDM server immediately.

Show Audit Log

Opens the Admin Auditing Log showing all changes made to the selected item.

For information about the Admin Auditing Log, see Admin auditing.

Note

You must have permission to view the Admin Auditing Log. See Add an admin profile.

Test Connection

Tests the connection between the selected MDM server and FortiNAC. Error messages indicate which fields are missing or incorrect.

Buttons

Add

Opens the Add MDM Service dialog.

Modify

Opens the Modify MDM Service dialog.

Export

Exports the data displayed to a file in the default downloads location. File types include CSV, Excel, PDF or RTF. See Export data.

Test Connection

Tests the connection between the selected MDM server and FortiNAC. Error messages indicate which fields are missing or incorrect.

Poll Now

Polls the MDM server immediately.

Add/modify MDM service

  1. Click System > Settings.
  2. Expand the System Communication folder.
  3. Select MDM Service from the tree.
    1. To modify a record: Select a MDM Service record from the table and click Modify.
    2. To add a new record: Click Add at the bottom of the window.
  4. Use the settings for the MDM Services to enter the MDM Service information.
  5. Click OK to save.
Note

When integrating an MDM with FortiNAC, if there is more than one FortiNAC with an NCM, it is only necessary to configure the integration on one of the FortiNAC Servers. The host records will be propagated on demand to the other FortiNAC Servers.

Note

The Revalidate Health Status On Connect and Update Applications settings are disabled by default. When enabled, the MDM may not be able to manage the rate of queries from FortiNAC, causing performance issues.

Note

Instead of enabling Revalidate Health Status On Connect, you can enable automatic registration polling to occur once a day, which will also retrieve Health Status, but with less frequency.

Delete MDM service

  1. Click System > Settings.
  2. Expand the System Communication folder.
  3. Select MDM Service from the tree.
  4. Select an MDM Service record from the table.
  5. Click Delete at the bottom of the window.
  6. Click Yes on the confirmation message.