MDM Integration

Created: Modified: Documentation

On the MDM tab in Admin, you can configure Mobile Access Management to enroll devices touch-free into your Mobile Device Management system. MAM works with most MDM systems. MAM has published specific instructions for popular MDMs here:

For API capable MDMs, Mobile Access Management can do even more. When you optionally add API credentials, Mobile Access Management will interact with your MDM before and after each deployment.

  • Delete/Retire device (VMware Workspace ONE, Microsoft Intune, Ivanti Neuron, Ivanti Endpoint Manager Mobile, SOTI MobiControl) — Ensure that every enrollment is treated as new by the MDM, encouraging the MDM to push apps and policies as quickly as possible. There is no switch for this; MAM automatically enables this feature when you add valid MDM API credentials in Admin.

The following features are configured in the Enroll in MDM workflow action:

  • Register/Assign Device to User(name) (VMware Workspace ONE, Jamf Pro, Ivanti Neuron) — Assign the device to a specific VMware Workspace ONE or Active Directory user you specify. If you use an attribute for the user, each device can be assigned to a unique user. No password is required to assign users, only their Active Directory username.
  • Change Organization Group (VMware Workspace ONE) — Change the device organization group after enrollment. If you use an attribute for the organization group, each device can have a unique Organization Group. This allows you to stage all devices to a common group, then individually reassign devices without the VMware Workspace ONE console.
  • Add Labels (Ivanti Endpoint Manager Mobile) — Specify a list of comma-delimited labels to assign to a device after successful enrollment. Labels are assigned as part of the workflow. If you use an attribute for labels, each device can have unique labels. You must create the labels in your MDM before using them in MAM.