Configuring the Check Point Harmony Mobile Dashboard Integration Settings

Assign the app to the selected groups of users or devices.

Note - For easy reference during configuration, you can record your settings in the special table

(See Integration Information).

Prerequisites

You need these details from your Citrix Endpoint Management Deployment:

The credentials that the Harmony Mobile Dashboard uses to connect to Citrix Endpoint Management.

  • Organization Local Group(s):

    This is the Citrix Endpoint Management locally defined groups where the users/ devices are members, and whose devices will be integrated with the Harmony Mobile Dashboard. Multiple groups can be integrated with the one Harmony Mobile Dashboard instance by entering each group name separated with a semicolon (;).

    Example: Delivery Group = SBM_local_group

  • Organization AD Group(s):

    This is the Citrix Endpoint Management AD groups where the users/ devices are members, and whose devices will be integrated with the Harmony Mobile Dashboard. Multiple groups can be integrated with the one Harmony Mobile Dashboard instance by entering each group name separated with a semicolon (;).

    Example: Delivery Group = Users_Group_SBM

  • Mitigation Attribute:

    This field will not be used as we will be using the CHKP Risk and Status tags.

  • Tag Device Status:

    Toggle ON to send preset mitigation tag CHKP_Status variable that can be set to “Provisioned”, “Active”, or “Inactive” by Harmony Mobile to reflect the status of the device within Harmony Mobile. This variable is interpreted as a "device property" of "CHKP_Status" by Citrix Endpoint Management.

  • Tag Device Risk:

    Toggle ON to send preset mitigation tag CHKP_Risk variable that can be set to

    High, Medium, Low, or None by Harmony Mobile to reflect the status of the device within Harmony Mobile. This variable is interpreted as a "device property" of "CHKP_Risk" by Citrix Endpoint Management.

  • For On-Premise UEM Environment, the TCP Web Services port (usually TCP port 4443 (HTTPS)) must be remotely accessible through your firewall from the Harmony Mobile Dashboard to the UEM system before trying to connect.

Note - Before you start, delete any existing devices in the Harmony Mobile Dashboard. Only the devices are synchronized from the UEM to the Harmony Mobile Dashboard, not users.

Configuring Integration Settings

After you complete the necessary steps, the Device Management pane shows the detailed status of the settings.

Procedure:

  1. From the Infinity Portal, go to Settings > Integrations.

  2. Click the “+” icon.

  3. Select Assets.

  4. In UEM service, select Citrix XenMobile.

  • Server Setup

    Configure your UEM to integrate with the created Citrix Endpoint Management devices:

    1. In Server Setup section, enter this information:

      • UEM service – Citrix Endpoint Management

      • Server Address - The full URL needed for the UEM service

      • User name

      • Password

      • Connector Setup (advanced)

      Using Connector (Optional)

      You can configure Harmony Mobile Connector when the UEM is on-premises and has no direct access from the Harmony Mobile cloud. For more information, see Harmony Mobile Connector Installation Guide.

    2. Click Next.

  • Synchronization Configuration

    Configure the devices and groups that you synchronize with Harmony Mobile Dashboard.

    1. In the Group(s) field:

      1. Click Group(s).

        A drop-down with list of the available groups opens.

      2. Select the group(s) you need for integration with Citrix Endpoint Management.

    1. In the Android Enterprise Groups field:

      In case your Android Enterprise devices are deployed with two profiles (Work and Personal) it is recommended to protect both of them. Select the appropriate groups for deployed applications as part of the Citrix Endpoint Management Android Enterprise deployment. See Using Android Enterprise with Harmony Mobile.

    1. In the Advanced section:

      Import Personally Identifiable Information (PII) and set the synchronization intervals.

      You can limit the import of the PII devices (users) to Harmony Mobile.

    1. Click Next.

    Note - If all entries are OFF, the placeholder information set for the email address is placed in the Harmony mobile dashboard’s Device Owner’s Email, in form of "UEMDevice UDID@vendor.UEM".

    Setting

    Description

    Value

    Device sync interval

    Interval to connect with UEM to sync devices.

    10-1440 minutes, in 10 minute intervals.

    Device deletion threshold

    Percentage of devices allowed for deletion after UEM device sync (in %)

     

    0-100% ; use 100% for no threshold *

     

    Deletion delay after

    Delay device deletion after several sync attempts – device is deleted after this amount of sync tries that confirmed deletion

     

    1-100 sync tries

     

    App sync interval

    Interval to connect with UEM to sync applications.

    10-1440 minutes, in 10 minute intervals.

    * 100% value is recommended for evaluation/test usage – when you are adding a small amount of devices

  • Tagging Configuration

    Specify the information sent to Citrix Endpoint Management and the risk level of the device.

    The tagging configuration will be synced to Citrix Endpoint Management and will be used in setting device risk status.

    1. In Tagging Section:

      Set Tag device status to ON.

      For integration with Citrix Endpoint Management, the Device Status tag is interpreted as a "device property" of "CHKP_ Status" with the values of Provisioned, Active, or Inactive.

      We will use the CHKP_Status device property to determine when to prompt the user to install the Harmony Mobile Protect app on their device. If the CHKP_Status device property hasn’t been set yet, then the device has not been synced with Harmony Mobile Dashboard.

    2. Set Tag device risk to ON.

      For integration with Citrix Endpoint Management, the Device Risk tag is interpreted as a "device property" of "CHKP_Risk" with the values of None, Low, Medium, or High.

      We will use the CHKP_Risk device property to determine when to enact certain policies or actions on the device. If the CHKP_Risk is High or Medium, then the device will be sent an in-app notification and blocked from running corporate apps.

    3. Set Tag device threat factor to ON.
      The Threat Factor tag (CHKP_TF) is a list of threat factors associated with the Security Risk level, such as TF_ BACKUP_TOOL, etc. These threat factors can be used to provide additional detail and granularity of the current Risk level, however, they are not necessarily appropriate for policy triggers. The CHKP_TF value is a sort of free-form comma separated string of threat factors from the BREClosed Behavioral Risk Engine database.

      Example:

    4. In Advanced section:

      Mitigation attribute: This field will not be used as we will be using the CHKP_Risk and Status tags.

    5. Click Next.

  • Deployment

    Specify the deployment status of a device.

    Note - This section is optional, because Citrix Endpoint Management manages the deployment automatically.

    If you use Harmony Mobile to manage the deployment:

    In the Advanced section:

    Enable options to send email and/or SMS notification to the new users with instructions to download and install the Harmony Mobile Protect app.

    Example:

    Click Finish.

    View the Integration Status (In the Infinity Portal, Settings > Device Management).

    The Device Management pane shows this information:

    • Server – The latest server configuration status.

    • Synchronization – The synchronized groups and the sync status.

      • Device Sync – The synced labels from Citrix Endpoint Management

      • App Sync – The last type applications were fetched from the UEM (For iOS deployments only).

    • Tagging – Tagging Configuration and Tagging Status.

    • Deployment – Deployment Configuration and Deployment Status.

    Click Edit in each section to edit the settings.