Skip to main content

Welcome to Skyhigh Security!

Skyhigh Security

MobileIron Configuration Flow for Android

  1. Last updated
  2. Save as PDF

Before you begin please follow steps below to deploy the Identity Certificates and Trusted Certificates.

  • Configuration of Root CA certificate in MobileIron
  • Configuration of Identity Certificate in MobileIron

To get Android devices configured and working with MobileIron the MobileIron instance must be registered with Google EMM services and this is documented in the MobileIron help section Setting up Android enterprise. Once this is complete please follow the steps below to configure the Android VPN Client. 

How to configure Mobile Iron

To do this select Configurations on the Mobile Iron top menu bar as shown:

clipboard_e1501533575b8a3d22790ece0574efc87.png

Then proceed to edit or add the below configurations.

Android enterprise (Android for Work) Configuration

clipboard_ee116650d1dd366b2930a31d389818f51.png

clipboard_e60ca9c57a319cc1f12b890a0666254f9.png

The key point is to make sure it is enabled and ensure that it applies to devices in all spaces.

Managed Device with Work Profile Configuration

This is required for Android 8+ devices

clipboard_ef2a4e13d085f125fda1a6d044640e52c.png

clipboard_ef86c668456dcfcb88383bfa6bb7de713.png

Ensure that it is enabled and set to distribute to desired device classes (Shown here as all devices but it can actually be a custom list)

Android enterprise: Work Managed Device(Android for Work) Type: Work Managed Devices(Device Owner)

Enable this to test Work Managed Devices (this is what Supervised mode is called on Android.)

clipboard_ef5680a60dbbd8e191da997bdb5ab9a14.png

clipboard_ee2f195ea8bbcad9139130b6325f2fb22.png

Ensure that it is enabled and set to distribute to desired device classes (Shown here as all devices but it can actually be a custom list)

Setting Default App Runtime Permissions

(Unclear if as of this writing this is needed and if it can help w/ auto configuring the identity certificate in the VPN Profile.)

clipboard_eadcbb6f915950c2228f62b4b367a783d.png

clipboard_e4e705d1b8fa6d1ec5e5292c5d5b4e7a9.png

Configure the App Catalog to include the McAfee Mobile Cloud Protection Client

Navigate to the Application Catalog by clicking on Apps in the top bar and then select Add to add the application. Change the dropdown for source to Google Play and search for the client as shown.

clipboard_e9445dd51a28548235de3ca8003963588.png

The test version of the app should be found by typing in the package IDcom.mcafee.mcpmobile.test as shown.

In production search by the App name which will be "McAfee Mobile Cloud Protection"

clipboard_effa46c2e67c3b7b896168bf5429cf2ed.png

Choose one or more categories and optionally enter a description. The description can be used to ensure you are seeing the version you intended on the device.

clipboard_e24e0210067891674b5b9d890d0d174b4.png

Ensure the App is delegated to all spaces.

clipboard_e282284f7efa9cb0ea7161f9c52f755f9.png

Ensure the distribution is set to everyone or your target set of users by defining a custom distribution

clipboard_e13a773015b806ac975477d0aa5361b62.png

Click on the + button next to Managed Configurations for Android.

clipboard_ee303acf950bddfd1897fd11abe5e9b28.png

Enter McAfee Web Gateway Address - c49493498.vpn.mcafee-cloud.com (Get this information from MVision Cloud -> Certificate Page

clipboard_e9e29dd96a73c1b6f79867fef6a4bb87b.png

Enter a name for the configuration and set the Gateway Address, User Certificate, Remote ID and Local ID as required.

clipboard_e5d523345e32016793dfa8c65a9d05733.png

To set the user certificate first click on the Icon next to the value shown above. This will change the control to a drop down list. You can then change the value to the configuration name of the Identity certificate you would have defined earlier.

clipboard_ebbe718f17ef9e1a1e83bed0b8b18817b.png

Click on "Install Application configuration settings and ensure that "Install on Device" is turne don. You can also use the optional silent install for KNOX and Zebra devices if you are using those.

clipboard_e875409b3c75b77cf00abbc7906608289.png

Optionally you can click on "Google Play Release" and set the desired release track, Production,Alpha or Beta - Leave this alone for most purposes.

Note that it takes MobileIron a few minutes to reflect the newly added app and it will eventually appear on the App catalog screen. It may take a few hours for the app to appear on the devices.

Configure Always On VPN

Must be done after the App has been added to the App Catalog.
Navigate to Configurations on the mobile iron top bar. Click Add and then choose Always OnVPN

clipboard_eb7d9b62ca104ee45bda520dfec3af31e.png

Choose the McAfee App by typing into the name fi eld and then ensure distribution is set right and that the configuration is enabled.

clipboard_e2324bd329eb142a483dd099ae40c6934.png

clipboard_edac6466d0ac4259ac5212df861340159.png

Configuration on the device

  1. Install the Mobile Iron GO app
  2. Enter user credentials as provided by the administrator
  3. The McAfee Mobile Cloud Protection client will show up in a while and be configured andt he profile will be visible on the main screen.
  4. If Always On was configured it will immediately connect and show connected status.
  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.