Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Configure the Ivanti Neurons MDM for Android

Before you begin, follow the steps below to install the Identity Certificates and Trusted Certificates. Complete these steps on the user interface that is provided for working with the ivanti Neurons Mobile Device Management (MDM, formerly: MobileIron MDM) product.

  • Configuration of the Root CA certificate
  • Configuration of the Identity Certificate

To get Android devices configured and working with ivanti Neurons, the ivanti Neurons instance must be registered with Google EMM services. Once this is complete, follow the steps below to configure the Android VPN Client.
 

Configure the Android VPN Client

clipboard_e9b632144cfa44a30633241ec5238cc74.png

Then proceed to edit or add the below configurations.

Android enterprise (Android for Work) Configuration

clipboard_ea2f06defe5cb6617d153490a5eb12ff7.png

clipboard_e6be6aed349f4755bbde1c1d4870336fa.png

The key point is to make sure it is enabled and ensure that it applies to devices in all spaces.

Managed Device with Work Profile Configuration

This is required for Android 8+ devices

clipboard_e44ebf44a665306fa2228f376b73d6a38.png

clipboard_e8ea16ee34c95140d67aadc833c4a833f.png

Ensure that it is enabled and set to distribute to desired device classes (Shown here as all devices but it can actually be a custom list)

Android enterprise: Work Managed Device (Android for Work) Type: Work Managed Devices (Device Owner)

Enable this to test Work Managed Devices (this is what Supervised mode is called on Android.)

clipboard_e2637a32718b7b91ac0cff71935ff08e3.png

clipboard_e80e991d3020ad18affa4211197c7436d.png

Ensure that it is enabled and set to distribute to desired device classes (Shown here as all devices but it can actually be a custom list)

Setting Default App Runtime Permissions

(Unclear if as of this writing this is needed and if it can help w/ auto configuring the identity certificate in the VPN Profile.)

clipboard_e11213545ad56ac617098bfc1f68f5f30.png

clipboard_e5c31d26f0f51d42f682e4b18e89ed813.png

Configure the App Catalog to include the Skyhigh Mobile Cloud Security Client

Navigate to the Application Catalog by clicking on Apps in the top bar and then select Add to add the application. Change the dropdown for source to Google Play and search for the client.

In production search by the App name which will be "Skyhigh Mobile Cloud Security"

Choose one or more categories and optionally enter a description. The description can be used to ensure you are seeing the version you intended on the device.

Ensure the App is delegated to all spaces.

Ensure the distribution is set to everyone or your target set of users by defining a custom distribution.

Click on the + button next to Managed Configurations for Android.

Enter Skyhigh Secure Web Gateway Address - c<customer ID>.smcs.skyhigh.cloud

You can get this information from the certificate page.

The following information is required to configure an SMCS app in the MDM of your choice.

Enter a name for the configuration and set the Gateway Address, User Certificate, Remote ID, Local ID, and Excluded Subnets as required.

clipboard_e71f1c87f44b93bd59e9b17d76f80bf58.png

To set the user certificate first click on the Icon next to the value shown above. This will change the control to a drop down list. You can then change the value to the configuration name of the Identity certificate you would have defined earlier.

Click on "Install Application configuration settings and ensure that "Install on Device" is turned on. You can also use the optional silent install for KNOX and Zebra devices if you are using those.

Optionally you can click on "Google Play Release" and set the desired release track, Production, Alpha or Beta - Leave this alone for most purposes.

Note that it takes ivanti Neurons a few minutes to reflect the newly added app and it will eventually appear on the App catalog screen. It may take a few hours for the app to appear on the devices.

Configure Always On VPN

Must be done after the App has been added to the App Catalog.

Navigate to Configurations on the mobile iron top bar. Click Add and then choose Always On VPN

clipboard_eee29d71f4aeb6d7831baf7b7097ade25.png

Choose the Skyhigh Mobile Cloud Security App by typing into the name fi eld and then ensure distribution is set right and that the configuration is enabled.
mcs5.png

clipboard_eb3a56c1d8ae5d6be391dd4d8cfc0619c.png

Configure the Device

  1. Install the ivanti Neurons GO app.
  2. Enter user credentials as provided by the administrator.
  3. The Skyhigh Mobile Cloud Security client will show up in a while and be configured and the profile will be visible on the main screen.
  4. If Always On was configured it will immediately connect and show connected status.
  • Was this article helpful?