Hardware reference guide
74 GlobalProtect Administrator’s Guide
Set Up the Mobile Security Manager for Device Management Set Up the GlobalProtect Mobile Security Manager
Step 2 Configure the Mobile Security Manager
to use the authentication profile for
device enrollment.
1. Select Setup > Settings > Server and then click the Edit icon
in the Authentication Settings section.
2. Select the
Authentication Profile from the drop-down.
3. (Optional) If you want the Mobile Security Manager to save the
password the mobile device user enters when authenticating,
make sure the
Save User Password On Server check box is
selected. If you choose to save the password, the Mobile
Security Manager will be able to automatically configure the user
credentials in the configuration settings it pushes to the device.
For example, it can use the saved credentials (the username is
always saved on the server) to automatically configure the email
profile that gets pushed to the device so that the end user does
not have to manually set them.
Step 3 Set up the Mobile Security Manager to
issue identity certificates.
Although the Mobile Security
Manager can issue identity
certificates to all authenticated
mobile devices, you may choose to
leverage an existing SCEP server to
issue identity certificates for your
iOS devices as described in the next
step. Android devices cannot use
SCEP and therefore you must
configure the Mobile Security
Manager to issue identity
certificates for all Android devices.
Define which CA root certificate the Mobile Security Manager
should use to issue identity certificates to Android devices and, if not
using SCEP, to iOS devices. If you are using an enterprise CA, import
the root CA certificate and the associated private key (
Setup >
Certificate Management > Certificates > Import
). Otherwise,
generate a self-signed root CA certificate:
1. To create a self-signed root CA certificate on the Mobile
Security Manager, select
Setup > Certificate Management >
Certificates > Device Certificates
and then click Generate.
2. Enter a
Certificate Name, such as Mobility_CA. The certificate
name cannot contain any spaces.
3. Do not select a value in the
Signed By field (this is what
indicates that it is self-signed).
4. Select the
Certificate Authority check box and then click OK to
generate the certificate. The Mobile Security Manager will
automatically use this signing certificate to issue identity
certificates for devices during enrollment.
Set Up the Mobile Security Manager for Enrollment (Continued)