Use the following enrollment process to silently install the BloxOne Mobile Endpoint app on iOS and Android devices that use MaaS 360.
Step 1: Download the Mobile Device Management (MDM) Config File from the Cloud Services Platform
An app-config file is required to update an app’s configuration in MDM. To download the file, do the following:
- Log in to csp.infoblox.com.
- Go to Manage > Endpoints > Endpoint Groups.
- Click Download MDM Configuration, and select iOS Config File or Android Config File, depending on the device.
Image: The Download MDM Configuration drop-down options for handling endpoint configurations within a network. The configuration options include: Android Config File, iOS Config File, and Chrome Config File.
To assign an endpoint to a specific endpoint group, click 
next to the name of the endpoint group and select Download MDM Configuration > Android or iOS Config File:
Image: The download MDM configuration options when applying a configuration option to an existing endpoint group. The configuration options include:Android Config File, iOS Config File, and Chrome Config File.
4. Save the downloaded config file to a directory where it can be located easily.
The app config contains the following parameters:
- joinToken: The value in the XML file.
- groupName: In the Cloud Services Portal, the name of the group to which the endpoint is to be moved. If the name is not present in the Cloud Services Portal, then add it to the All BloxOne Endpoints group before installing the app-config file.
- userId: The unique name that identifies the mobile device. The configured name is displayed in the Cloud Services Portal, on the Manage > Endpoints page.
- allowServiceControl: By default, this value will be True. To disallow and hide service control, use the toggle switch to change this value to False.
Step 2: Register a Mobile Endpoint for Use with IBM MaaS 360
Log in to the IBM MaaS 360 console, and follow the steps for registering a device. For information on enrolling and using MDM devices with IBM MaaS 360, refer to the following guides:
Step 3: Install the BloxOne App on the Workspace One Server
Installation on an iOS Device
To install the BloxOne app on an iOS device, do the following:
- Log in to the IBM MaaS 360 console.
- Go to Apps > App Catalog.
- Click Add > iOS > iTunes App Store:
Image: The IBM MaaS 360 platform displays the "App Catalog" section.
4. Search for BloxOne EP, and click Add to add it to your configuration.
Image: Adding an "iTunes App Store App" in IBM MaaS 360.
5. Once the BloxOne Endpoint app appears in the list of apps, select the devices and users to which it will be distributed.
Installation on an Android Device
To install the BloxOne app on an Android device, do the following:
- Log in to the IBM MaaS 360 console.
- Go to Apps > App Catalog.
- Click Add > Android > Google Play App:
Image: Adding the Android application to the IBM MaaS 360 catalogue.
4. On the Add Google Play App screen, search for BloxOne EP and click Add.
5. Locate the BloxOne Android app from among the apps listed.
6. To add the BloxOne EP app to your devices and users, click Select > Approve > Add. After the BloxOne Android app appears on the list of apps, click Distribute:
Image: Adding the BloxOne Endpoint configuration from the Google Play store.
7. Click Select > Approve > Add, and select BloxOne EP from the list of apps.
8. Click Distribute to distribute and install the configuration on specific users' Android devices.
Step 4: Add the App-Config File for the BloxOne iOS App
To add an app config for a BloxOne iOS device, do the following:
- Go to Apps > App Configuration.
- Click Add Configuration.
Image: The IBM MaaS 360 platform displays the "App Catalog" section where the BloxOne iOS app is added.
3. Add the configuration name, and select the iOS app from the app catalog:
Image: Adding the iOS configuration.
4. Click Next to continue to the Configuration screen.
5. Select Manual Configuration, and add the config file previously downloaded from the Cloud Services Portal.
6. The app config with the editable groupName and userId attribute fields should appear.
Note
BloxOne Endpoint version iOS 2.0.7 and above uses joinToken instead of customerId for authorization, for existing devices with older version of the app the update to latest version is automatic, for fresh installation on new devices the joinToken should be updated in the configuration settings.
Image: Adding groupName ansd userID manually to the configuration.
7. Click Next to continue to the iOS Distribution screen.
8. Click Publish to publish and distribute the configuration.
Image: Publishing the configuration.
After a few minutes, BloxOne Endpoint will be automatically installed on the client devices.
Step 5: Perform a Silent Authorization of DNS Proxy Permissions for the BloxOne iOS App
- Log in to the IBM MaaS 360 console.
- Go to Security > Policy Management > Policies.
- Select an iOS policy to be pushed to iOS devices.
- Go to iOS Policy > Supervised Settings > DNS Proxy, and click Edit:
Image: Editing the Policies tab.
5. Select an iOS policy to be pushed to iOS devices.
6. Go to iOS Policy> Supervised Settings> DNS Proxy, and click Edit.
7. In the Edit panel, do the following:
For App Bundle id, select com.infoblox.atc.b1dnsproxy.
For Provider Bundle id, select com.infoblox.atc.b1dnsproxy.dnsproxy:
Image: Adding the App Bundle id and Provider Bundle id to the configuration.
8. At the end of the configuration process, click Confirm Publish.
Image: Publishing the configuration.
9. Go to Devices> Inventory, and select the device from the list.
10. Click More> Request data refresh.
11. BloxOne Endpoint will be automatically installed on the client devices. The installation process might take several minutes:.
Image: Clicking Request Data Refresh will automatically install BloxOne Endpoint on all devices.
13. Open the BloxOne Endpoint app on your device; on Android devices, find the app in the Work Profile. If prompted, accept the DNS Proxy acknowledgement. After a moment, the app will be in a protected state.
Image: The Infoblox Endpoint app displaying its protected status on an iOS device.
Step 6: Add an App Config for the BloxOne Android app
To add an app config for a BloxOne iOS device, do the following:
- Go to Apps > App Configuration.
- Click Add Configuration.
Image: Adding the Android app configuration to IBM MaaS 360.
3. Add the configuration name, and select the Android app from the app catalog.
Image: Adding the name of the configuration to the Android configuration.
4. Click Next to continue to the Configuration screen.
5. Add the config file previously downloaded from the Cloud Services Portal.
6. The app config with the editable groupName and userId attribute fields should appear.
Note
BloxOne Endpoint Android version 1.0.9 and below require the customerId attribute value in the app configuration.
BloxOne Endpoint Android version 1.0.10 and above use joinToken instead of customerId for authorization. For fresh installations on new devices the joinToken should be updated in the app configuration settings.
Note: The customerId attribute will be removed from app in future versions. You may need to maintain both customerId and joinToken in your app configuration until such time all devices are update to 1.0.10 or above.
Image: Adding the groupName and userId to the Android configuration.
7. Click Next.
8. On the Android-config screen, click Publish to complete the installation and distribution process.
9. BloxOne Endpoint will be automatically installed on the client devices. The installation process might take several minutes to complete.
10. Open the BloxOne Endpoint app on your device; on Android devices, find the app in the Work Profile. If prompted, accept the VPN acknowledgement. After a moment, the app will assume a protected state.
Image: The Infoblox Endpoint app displaying its protected status on an Android device.