This section describes the steps to configure PingID's MDM integration, which verifies that devices connected through the PingID mobile app are managed by the organization’s MDM infrastructure.
MDM is the administration of mobile devices, such as smartphones, tablet computers, and laptops. It can also be applied to desktop computers. Organizations can control activities of their employees by implementing MDM products or services. MDM primarily deals with corporate data segregation, securing emails and corporate documents on mobile devices. MDM enforces corporate policies, and supports the integration and management of mobile devices including laptops and handhelds of various categories.
- The PingID MDM feature can only be used when the organization integrates with an MDM system.
- Two MDM systems cannot manage the same mobile device.
- This solution should work with any MDM system from the major vendors. PingID is
officially supported with the following MDM solutions:
- MobileIron
- Workspace ONE UEM (formerly known as AirWatch)
- Microsoft Intune
Flow
The basic flow comprises the following stages:
- In the PingID admin portal, generate a token for MDM or manually enter or edit a token.
- Configure the third-party MDM system for PingID integration:
- Generate and configure an APNS certificate for iOS in the MDM system. For examples see:
- Configure Android for Work in the MDM system so that the PingID app configuration can be pushed to managed phone sets. For examples, see:
- In the organization's MDM system, add PingID as a managed app and configure the token that was generated in the PingID admin portal. For examples, see:
- After configuration, the MDM system distributes the token to its managed devices.
- At pairing and authentication time, the PingID server compares the user's token with
current active tokens. PingID permits administrators to define more than one active
token.
- If there is no match between the user's token with PingID's current active tokens, the pairing or authentication flow is halted.
- If the user's token matches a current active token on the PingID server, the pairing or authentication flow will progress.
Ongoing maintenance
As part of periodic MDM maintenance activities, you can generate new tokens for the PingID app and revoke old tokens. For more information, see the following topics:
- For PingID:
- For the supported MDM systems: