Set up MobileIron connector
This article describes how to set properties regarding environment variables for MobileIron connector in the smartid.env file. MobileIron is a Mobile Device Management (MDM) solution. The connector is used to provision certificates to a mobile device via the MDM. The MDM is addressed using a SCIM export.
<SMARTIDHOME>
In this article, <SMARTIDHOME> refers to /home/nexus, but this can be different depending on the setup.
Prerequisites
The Smart ID version must include SCIM export (applicable for versions from 22.04.x and later).
Step-by-step instruction
Set up MobileIron
Certificate provisioning
Got to the MobileIron application and open the admin panel.
Navigate to Policies & Configs and click the Add New ->Certificate Enrollment ->User-Provided button.
Users in MobileIron
After configuring the LDAP connection in MobileIron, you need re-sync of the existing user. There is no entry from LDAP to MobileIron automatically imported.
Set up MobileIron properties
Open the environment file <SMARTIDHOME>/compose/smartid.env for editing.
Set the properties for the following three variables to fit your deployment:
MOBILEIRON_REST_URL=<your URL>
MOBILEIRON_REST_USERNAME=<your username>
MOBILEIRON_REST_PASSWORD=<your password>Optionally:
If you run Identity Manager without docker, use the following properties in mdm-connection.properties to set up the MobileIron properties:
mdmContext.mobileiron.rest.url=<your URL>
mdmContext.mobileiron.rest.username=<your username>
mdmContext.mobileiron.rest.password=<your password>
Export data to MobileIron
The actual data export to the Mobileron connector will be configured via SCIM export in Smart ID Identity Manager. For provisioning of certificates, you need to use a SCIM export. For each "container" in MobileIron there needs to be one export.
Log in to Identity Manager Admin and open Export Definitions. There is already pre-defined export definition for MobileIron, but if not, you can create a new one. For more information, see Set up data export to external data source from Identity Manager.
Option: Override the default properties
The default properties for the MobileIron connector, set in smartid.env, can optionally be overridden by setting three extra variables in the process map, prior to the SCIM export. This allows to access multiple MobileIron instances, by sending the connection parameters dynamically via the BPMN process configuration.
scimServerUrl - specifies the MobileIron instance that the connector will connect to
scimServerUsername - the username for the MobileIron server
scimServerPassword - the password for the MobileIron server