Hardware reference guide

ManualsBrandsAlto ManualsComputer equipmentBEXT 100H

101

102

103

104

105

106

107

108

109

110

GlobalProtect Administrator’s Guide 99

Set Up the GlobalProtect Mobile Security Manager Define Deployment Policies

Import an iOS Provisioning Profile

To prevent the propagation of potentially malicious apps, iOS only allows users to install apps from approved

sources via the App Store. To enable users to install internally-developed apps on their iOS devices, you must

obtain a provisioning profile from the iOS Developer Enterprise Program (iDEP). You can then deploy the

provisioning profile to the authorized end devices to allow them to install the app. To simplify the process of

distributing deployment profiles, import the profiles onto the Mobile Security Manager and then deploy them

to managed devices through policy.

Use the following procedure to import an iOS provisioning profile onto the Mobile Security Manager:

Set Up a SCEP Configuration

The simple certificate enrollment protocol (SCEP) provides a mechanism for issuing certificates to a large

number of iOS devices. On the Mobile Security Manager, you can enable SCEP for issuing identity certificates

to the devices during the enrollment process. You can also use SCEP to obtain certificates required for other

configurations. Use the following procedure to create a SCEP configuration, either for use in Mobile Security

Manager enrollment, or for use with other iOS configurations.

Although the Mobile Security Manager simplifies the deployment of provisioning profiles to a large

number of mobile devices, there are some security factors to consider. When revoking access to

an app that has been enabled via a provisioning profile, the app will continue to run on the device

until the next power cycle even if the Mobile Security Manager policy removes the profile. In

addition, because provisioning profiles are synchronized with iTunes, the profile may get

re-installed the next time the end user syncs the device with iTunes.

Import an iOS Provisioning Profile

Step 1 Obtain the provisioning files you need to

enable device users to install your

internally-developed iOS apps.

For more information about how to create provisioning profiles and

deploy internally-developed apps, go to the following URL:

http://www.apple.com/business/accelerator/deploy/

Step 2 After you have your signed provisioning

profile, import it onto the Mobile Security

Manager.

1. Select

Policies > Configuration > iOS Provisioning Profiles and

click

Add.

2. Enter a

Name for the profile.

Browse to the location of the provisioning profile and then click

Open. The path and file name display in the File field.

4. Click

OK.

Step 3 Save your changes. Click

Commit.

Set Up a SCEP Configuration

Step 1 Configure the Mobile Security Manager

to integrate with an existing enterprise

SCEP server for issuing identity

certificates to iOS devices.

1. Select

Policies > Configuration > SCEP, click Add.

2. Enter a

Name to identify the CA, such as Enrollment_CA. This

name distinguishes this SCEP instance from other instances you

may use in configuration profiles.