MDM services
MDM Services allows you to configure the connection or integration between FortiNAC and a Mobile Device Management (MDM) system. FortiNAC and the MDM system work together sharing data via an API to secure the network. FortiNAC leverages the data in the MDM database and registers hosts using that data as they connect to the network.
Proxy communication is not supported. |
Supported vendors
For information about supported vendors, see the Fortinet Documentation Library.
Settings
Field |
Definition |
||
MDM Vendor |
Name of the vendor of the MDM system. |
||
Name |
Name of the connection configuration for the connection between an MDM system and FortiNAC. |
||
Request URL |
The URL for the API to which FortiNAC must connect to request data. This will be a unique URL based on your MDM system. |
||
Identifier |
A type of key used to identify FortiNAC to the MDM server. This field is not required for all MDM products. In the case of AirWatch, this is the API Key generated during the AirWatch Configuration. An API key is a unique code that identifies the FortiNAC server to AirWatch and is part of the authentication process for AirWatch. |
||
Application ID |
Enter the application ID. |
||
Platform ID |
Enter the platform version number. |
||
Application Version |
Enter the application version number. |
||
Access Key |
Enter the application access key (API key). |
||
User ID |
User name of the account used by FortiNAC to log into the MDM system when requesting data. |
||
Password |
Password for the account used by FortiNAC to log into the MDM system when requesting data. This field displays only when adding a new MDM connection configuration. It is not displayed in the table of MDM servers. |
||
Poll Interval |
Indicates how often FortiNAC should poll the MDM system for information. |
||
Last Poll |
Date and time of the last poll. |
||
Last Successful Poll |
Date and time of the last poll that successfully retrieved data. |
||
Create Date |
Date that this connection configuration was set up. |
||
On Demand |
If enabled, when an unknown host reaches the captive portal, FortiNAC queries the MDM server for information about that host. If the host exists in the MDM server, it is registered in FortiNAC using the data from the MDM server. |
||
Revalidate Health Status On Connect |
If enabled, when the host connects to the network FortiNAC queries the MDM server to determine if the host is compliant with MDM policies. This setting is disabled by default. When enabled, the MDM may not be able to manage the rate of queries from FortiNAC, causing performance issues. Instead of enabling Revalidate Health Status On Connect, you can enable automatic registration polling to occur once a day, which will also retrieve Health Status, but with less frequency. |
||
Remove Hosts |
If enabled, when FortiNAC polls the MDM server it deletes hosts from the FortiNAC database if they have been removed or disabled on the MDM server. |
||
Update Applications |
If enabled, when FortiNAC polls the MDM server it retrieves and stores the Application Inventory for hosts that are in the FortiNAC database. This setting is disabled by default. When enabled, the MDM may not be able to manage the rate of queries from FortiNAC, causing performance issues. |
||
Last Modified By |
User name of the last user to modify the connection configuration. |
||
Last Modified Date |
Date and time of the last modification to this connection configuration. |
||
Right click options |
|||
Delete |
Deletes the MDM Service. |
||
Modify |
Opens the Modify MDM Service dialog. |
||
Poll Now |
Polls the MDM server immediately. |
||
Show Audit Log |
Opens the admin auditing log showing all changes made to the selected item. For information about the admin auditing log, see Admin auditing.
|
||
Test Connection |
Tests the connection between the selected MDM server and FortiNAC. Error messages indicate which fields are missing or incorrect. |
||
Buttons |
|||
Add |
Opens the Add MDM Service dialog. |
||
Modify |
Opens the Modify MDM Service dialog. |
||
Export |
Exports the data displayed to a file in the default downloads location. File types include CSV, Excel, PDF, or RTF. See Export data. |
||
Test Connection |
Tests the connection between the selected MDM server and FortiNAC. Error messages indicate which fields are missing or incorrect. |
||
Poll Now |
Polls the MDM server immediately. |
Add or modify MDM service
- Click System > Settings.
- Expand the System Communication folder.
- Select MDM Service from the tree.
- To modify a record: Select a MDM Service record from the table and click Modify.
- To add a new record: Click Add at the bottom of the window.
- Use the settings for the MDM Services to enter the MDM Service information.
- Click OK to save.
When integrating an MDM with FortiNAC, if there is more than one FortiNAC with an NCM, it is only necessary to configure the integration on one of the FortiNAC Servers. The host records will be propagated on demand to the other FortiNAC Servers. |
The Revalidate Health Status On Connect and Update Applications settings are disabled by default. When enabled, the MDM may not be able to manage the rate of queries from FortiNAC, causing performance issues. |
Instead of enabling Revalidate Health Status On Connect, you can enable automatic registration polling to occur once a day, which will also retrieve Health Status, but with less frequency. |
Delete MDM service
- Click System > Settings.
- Expand the System Communication folder.
- Select MDM Service from the tree.
- Select an MDM Service record from the table.
- Click Delete at the bottom of the window.
- Click Yes on the confirmation message.