--- title: Configuring MobileIron for PingID description: To manage the PingID app using MobileIron, you must apply several configuration settings . component: pingid page_id: pingid:pingid_service_management:pid_configuring_mobileiron_for_pid canonical_url: http://docs.pingidentity.com/pingid/pingid_service_management/pid_configuring_mobileiron_for_pid.html revdate: January 30, 2024 section_ids: ongoing-maintenance: Ongoing maintenance installing-an-apns-certificate-for-ios-in-mobileiron: Installing an APNs certificate for iOS in MobileIron steps: Steps configuring-android-for-work-for-mobileiron: Configuring Android for Work for MobileIron about-this-task: About this task steps-2: Steps configuring-mobileiron-for-pingid-mdm-integration: Configuring MobileIron for PingID MDM integration about-this-task-2: About this task steps-3: Steps updating-a-pingid-token-in-mobileiron: Updating a PingID token in MobileIron about-this-task-3: About this task steps-4: Steps --- # Configuring MobileIron for PingID To manage the PingID app using MobileIron, you must apply several configuration settings . The initial MobileIron configuration comprises the following: 1. [Installing an APNs certificate for iOS in MobileIron](pid_installing_apns_certificate_ios_mobieiron.html) 2. [Configuring Android for Work for MobileIron](pid_configuring_android_for_work_mobilelron.html) 3. [Configuring MobileIron for PingID MDM integration](pid_configuring_mobileron_mdm_integration.html) ## Ongoing maintenance As part of mobile device management (MDM) maintenance activities, new tokens for the PingID app can be generated and old tokens revoked. For more information, see the following topics: * For PingID: * [Adding a new MDM token](pid_adding_new_mdm_token.html) * [Revoking an MDM token](pid_revoking_an_mdm_token.html) * [Rotating MDM tokens](pid_rotating_mdm_tokens.html) * For MobileIron: * [Updating a PingID token in MobileIron](pid_updating_token_in_mobileiron.html) | | | | - | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | The previous configuration steps are for use cases where PingID multi-factor authentication (MFA) authenticating devices are managed by the MobileIron MDM. In cases where PingFederate is used to apply policies on accessing devices managed by MobileIron, see [PingFederate MobileIron Integration Kit](http://docs.pingidentity.com/integrations/mobileiron/pf_mobileiron_ik.html). | ## Installing an APNs certificate for iOS in MobileIron To support iOS devices, install an Apple mobile device management (MDM) certificate in the organization's MDM. ### Steps 1. In the MobileIron admin console, download an Apple Push Notification service (APNs) Certificate Signing Request (CSR): 1. Go to **Admin → Apple/iOS → MDM Certificate → Download**. 2. Click **Download File**. 2. Sign on to the Apple Push Certificates Portal. ![Screen capture of the Apple Push Certificates Portal.](_images/agx1564020687838.png) 3. Click **Create a Certificate** on either the **Get Started** window, or the **Certificates for Third-party Servers** window. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | If your organization does not yet have any Apple Push Certificates, the **Get Started** section is displayed. Otherwise, the **Certificates** list view window is displayed.![Screen capture of the Apple Push Certificates Portal Get Started window. The Create a Certificate button is highlighted.](_images/dqb1564020689783.png) | 4. To browse for the CSR file created earlier, click **Choose File**, and then click **Upload**. ![Screen capture of the Create a New Push Certificate window with Choose File highlighted.](_images/ydc1564020690628.png) 5. Click **Download**. ![Screen capture of the Apple Push Certificates Portal showing the Certificates for Third-Party Servers section and the Download option highlighted.](_images/cix1564020691914.png) 6. Upload the APNs certificate in MobileIron. 1. Go to **Admin → Apple/iOS → MDM Certificate**. ![Screen capture of the MDM Certificate window. The Certificate Info is displayed and the status is Successfully Installed. There is a button to Renew Certificate if needed.](_images/zgi1564020733027.png) 7. Click **Save**. ## Configuring Android for Work for MobileIron Configure Android for Work for the organization's mobile device management (MDM) so the PingID app configuration can be pushed to Android devices. ### About this task | | | | - | -------------------------------------------------------------------------------------------------------------------------- | | | This is an example configuration of Android for Work with G Suite. You can configure Android for Work MDM without G Suite. | ### Steps 1. Go to **Admin → Google/Android → Android for Work**, and then click **Use Alternate Setup**. ![Screen capture of the Android for Work window with the Alternate Setup Method option highlighted.](_images/daw1564020734284.png) 2. In **Get Started** section, click **Google Developers Console**, and follow the on-screen instructions. ![Screen capture of the Android for Work window showing the Get Started, Enter Token and Connect and Authorize sections.](_images/smz1564020735175.png) 3. In MobileIron's admin portal, under **Enter Token and Connect**, connect to your organization's Google service. 4. In the **MDM Token** field, enter the token from the previous step. 5. In the **Domain** field, enter the domain by uploading the JSON file created earlier from the Google Developers Console, and click **Connect**. 6. To enable MobileIron to manage your Google users, click **Authorize**. ## Configuring MobileIron for PingID MDM integration Configure PingID as a mobile device management (MDM) managed app in MobileIron. ### About this task | | | | - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | The procedure detailed below is the iOS example for the configuration of MobileIron for PingID MDM integration. The procedure for Android is identical. If the organization's MDM manages both iOS and Android devices, configure and save the entire procedure separately for each platform. | ### Steps 1. In the MobileIron admin console, go to **Apps → App Catalog**. 2. Choose the desired app store, and then search for PingID. ![Screen capture of the App Catalog with the search bar highlighted.](_images/yxn1564020736364.png) | | | | - | ------------------------------------------------------------------------------------------------------------------------------------ | | | The following steps describe the procedure for managing the PingID app for iOS. Repeat the procedure for the PingID app for Android. | 3. Select the PingID mobile app for iOS. ![Screen capture of the App Catalog with multiple apps listed.](_images/hkl1564020722571.png) 4. On the **App Configurations** tab, select **iOS Managed App Configuration**. ![Screen capture of the PingID app with the App Configurations tab and iOS Managed App Configuration highlighted.](_images/lnx1564020723242.png) 5. Click **Add**. ![Screen capture of the PingID App Configurations tab with the Add button highlighted.](_images/jzx1564020737014.png) 6. Enter the **Configuration Setup** parameter values. | Parameter | Value | | --------------- | ---------------------------------------------------------------------------------------- | | **Name** | `PINGID_MDM_TOKEN` | | **Token value** | The token string value for MDM, as generated in the PingID admin web configuration page. | ![Screen capture of the PingID App Configurations tab with the iOS Managed App Settings fields for Key and Value highlighted.](_images/kkd1564020724155.png) 7. Click **Save**. 8. Click **Application Configurations Summary**. 9. Click **Install on device**. 10. Click **Install Application configuration settings**. ![Screen capture of the PingID App Configurations tab with Install Application configuration settings highlighted.](_images/vvr1564020737714.png) 11. For iOS 9 and later, set the **Install on device** switch to **ON**. 12. Select the **Convert to Managed App** check box. ![Screen capture of the Configuration Setup section with the Install on Device toggle and Convert to Managed App check box highlighted.](_images/ids1564020738462.png) | | | | - | ----------------------------------------------------------------------------------------------------------------------------------- | | | This option transitions a non-managed app downloaded from the app store to a managed app. The user must approve it on their device. | | | | | - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | * For Apple devices earlier than iOS 9, and Android devices Users must execute the following steps: 1. Unpair the PingID mobile app on the iOS device. 2. Uninstall the PingID mobile app from the iOS device. 3. Reinstall the PingID mobile app, from the MDM's app catalog. 4. Pair the newly installed, MDM managed PingID mobile app. * For Apple devices with iOS 9 and later The user receives a notification on their device to approve the transition to MDM management. After user approval, the PingID mobile app installed on the iOS device is managed by the MDM. | 13. Click **Save/Update**. * When creating a new managed app entry, the button is marked **Save**. * When editing an existing entry, the button is marked **Update**. | | | | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | Repeat the entire configuration process for Android. The admin accesses the **Android for Work** options instead of**iOS Managed App Configuration**. The prerequisite to the Android app configuration is [Configuring Android for Work for MobileIron](pid_configuring_android_for_work_mobilelron.html). | ## Updating a PingID token in MobileIron Update a PingID token in MobileIron. ### About this task | | | | - | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | The procedure detailed here is the iOS example for updating the token PingID managed app in MobileIron. The procedure for Android is identical. If the organization's mobile device management (MDM) manages both iOS and Android devices, configure and save the entire procedure separately for each platform. | ### Steps 1. In the MobileIron admin console, go to **Apps → App Catalog**. 2. Select the PingID mobile app for iOS. ![Screen capture of the App Catalog.](_images/hkl1564020722571.png) 3. On the **App Configurations** tab, select **iOS Managed App Configuration**. ![Screen capture of the PingID app with the App Configurations tab and iOS Managed App Configuration highlighted.](_images/lnx1564020723242.png) 4. Update the **Configuration Setup** parameter values. | Parameter | Value | | --------------- | ---------------------------------------------------------------------------------------- | | **Name** | `PINGID_MDM_TOKEN`. | | **Token value** | The token string value for MDM, as generated in the PingID admin web configuration page. | ![Screen capture of the PingID App Configurations tab with the iOS Managed App Settings fields for Key and Value highlighted.](_images/kkd1564020724155.png) 5. Click **Save**. | | | | - | -------------------------------------- | | | Repeat the entire process for Android. |