Enrollment of Mobile Device Management App Using Cisco Meraki

Step 1: Download the MDM Config File from the Infoblox Portal

An app-config file is required to update an app’s configuration in MDM. To download the file, do the following:

Log into the Infoblox Platform.
Go to Configure > Security > Endpoints > Endpoint Groups.
Click Download MDM Configuration, and select iOS Config File or Android Config File, depending on the device.

Image: The Download MDM Configuration drop-down options for handling endpoint configurations within a network. The configuration options include: Android Config File, iOS Config File, and Chrome Config File.

To assign an endpoint to a specific endpoint group, click next to the name of the endpoint group, and then select Download MDM Configuration > Android or iOS Config File.

Image: The download MDM configuration options when applying a configuration option to an existing endpoint group. The configuration options include: Android Config File, iOS Config File, and Chrome Config File.

4. Save the downloaded config file to a directory where it can be located easily.

The app config contains the following parameters:

joinToken: The value in the XML file.
groupName: In the Infoblox Portal, the name of the group to which the endpoint will be moved. If the name is not present in the Infoblox Portal, it will be added to the All Infoblox Endpoints group.
userId: The unique name that identifies a mobile device. The configured name is displayed in the Infoblox Portal, on the Endpoints page (Configure > Security > Endpoints).
allowServiceControl: By default, this value will be True. To disallow and hide service control, use the toggle switch to change this value to False.
extensionType (only for iOS): By default, this value is “vpn”, we can also set to “dnsproxy” to intercept the DNS traffic using DNS Proxy Provider.

In MDM, an app config can be added manually or by uploading an XML file.

Step 2: Register a Mobile Endpoint with the Cisco Meraki Server

For iOS:

Install the Meraki Systems Manager app from the Apple App Store.
Copy the network ID from the System Manager Portal.
Open the Meraki Systems Manager app, and enter your network ID.
In Meraki Systems Manager, follow the steps to register the device to Cisco Meraki.
Review the Cisco Meraki documentation for iOS.

For Android:

Install the Meraki Systems Manager app from the Google Play store.
Copy the enrollment code from the System Manager Portal.
Open the Meraki Systems Manager app, and enter your enrollment code.
In Meraki Systems Manager, follow the steps to register the device to Cisco Meraki.
Review the Cisco Meraki documentation for Android.

Step 3: Add the Infoblox App in the Cisco Meraki Server

Go to System Manager > Manage > Apps > Add App.
Choose the Google Play store or the Apple App Store.
In Add new iOS/Android app, search on “BloxOne EP”.
Select the app.

Image: Adding the MDM configuration in Cisco Meraki.

5. Select the Device Target, and click Save. Make sure the app is listed in Apps List.

Step 4: Upload and Add the App Config File

Go to System Manager > Manage > Settings.
Click +Add Profile.
Specify the profile name, and click + Add Settings.

Image: Adding a profile in Cisco Meraki.

4. In Add new settings payload, click Managed App Config.

Image: Adding a new settings payload in Cisco Meraki.

For Android, do the following:

Select the app and click the + button. The app config details will be displayed. Using the app config downloaded from the Infoblox Portal, select each value and then click Save.

Image: Viewing the app configuration in Cisco Meraki.

The app config will look similar to the following.

Note

Infoblox Endpoint Android version 1.0.9 and below require the customerId attribute value in the app configuration.
Infoblox Endpoint Android version 1.0.10 and above use a joinToken instead of customerId for authorization. For fresh installations on new devices, the joinToken should be updated in the app configuration settings.
The customerId attribute will be removed from app in future versions, we may need to maintain both customerId and joinToken in app configuration till all devices are update to 1.0.10 or above.

Image: Adding a new settings payload in Cisco Meraki.

The assignment will be pushed to the device. If it is not installed, force-push it from System Manager > Apps > BloxOne EP.
2. Scroll down until the status is displayed.
3. Select the device, and click Push.

Image: Viewing the application status in Cisco Meraki.

After a few minutes, the endpoint will be automatically installed on the client devices.

4. Open the EP app shown for the work profile on the Android device, and accept the VPN acknowledgement. After a few seconds, the app will be in a protected state.

Image: The Infoblox Endpoint app displaying its protected status.

For iOS, do the following:

1. Using the config file downloaded from the Infoblox Portal, add each key and value by using the + button, and then click Save.

Image: Viewing the app configuration in Cisco Meraki.

The app config will look similar to the following.

Note

Infoblox Endpoint version iOS 2.0.7 and above uses joinToken instead of customerId for authorization. for existing devices with older version of the app, the update to latest version is automatic. For fresh installation on new devices the joinToken should be updated in the configuration settings.

Image: Adding a new settings payload in Cisco Meraki.

The assignment will be pushed to the device. If it is not installed, force-push it from System Manager > Apps > BloxOne EP.

2. Scroll down until the status is displayed.
3. Select the device, and click Push.

Image: Viewing the application status in Cisco Meraki.

After a few minutes, the endpoint will be automatically installed on the client devices.

4. Open the Infoblox Endpoint app on the iOS device, and accept the VPN acknowledgement. After a few seconds, the app will be in a protected state.

Image: The Infoblox Endpoint app displaying its protected status.