Configuring the Check Point Harmony Mobile Dashboard Integration Settings

Note - For easy reference during configuration, you can record your settings in the special table

(See Integration Information).

Prerequisites

The following information is required for the integration:

Server - The URL of your MobileIron Core system. Usually same as the MobileIron Core console.
User name and Password - Credentials of the API admin account used for integration. See Creating API Account for Integration with the Harmony Mobile.
Group(s) - The MobileIron Core device provisioning groups that represent the devices where we deploy the Harmony Mobile solution. The devices in these groups are synced and integrated with the Harmony Mobile service.

Note - Before you start, delete any existing devices in the Harmony Mobile dashboard.

Configuring the Integration Settings

To configure the Integration settings:

Access your Harmony Mobile dashboard through the Infinity Portal.
Go to Settings > Integration.
Click + to create a new integration setting.

The Integration wizard appears.

Select Assets.

Configure the settings for MobileIron Core UEM Unified Endpoint Management. An architecture and approach that controls different types of devices such as computers, smartphones and IoT devices from a centralized command point. deployment.

Server Setup

These are the UEM server settings used to synchronize devices into Harmony Mobile:
1. In Server Setup section, enter these details:
  - UEM service – MobileIron Core
  - Display Name – Enter displayed name or use default.
  - Server Address – The full URL needed for the UEM service.
  - User name – UEM Admin previously created.
  - Password
  - Connector Setup (advanced)
  If the UEM server uses a self-signed certificate for external communication, select the Server uses self-signed certificate checkbox. You can upload the certificate directly (use CER file format base64 [PEM] encoded) or paste the certificate text directly in the box.
  
  Using Connector (Optional)
  
  You can configure Harmony Mobile Connector when the UEM is on-premises and has no direct access from the Harmony Mobile cloud. For more information, see Harmony Mobile Connector Installation Guide.
2. Click Next.

Synchronization Configuration

Configure the Labels of devices that synchronize with Harmony Mobile dashboard. The drop-down list automatically populates all the labels in MobileIron Core.

In the Label(s) field:
1. Click Label(s). A drop-down with list of the available labels appears.
2. Select the label(s) you need for integration with MobileIron Core.
In the Android Enterprise Groups field:

If applicable for your implementation, select the groups for the deployed devices as part of the MobileIron UEM Android Enterprise deployment. See Configuring UEM to Deploy the Harmony Mobile Protect app.

In the Advanced section:

Import Personally Identifiable Information (PII) and set the synchronization intervals.

You can limit the import of the PII devices (users) to Harmony Mobile.

Note - If all entries are OFF, the placeholder information set for the email address is placed in the Harmony Mobile dashboard’s device owner’s email, in form of 'UEMDevice UDID@vendor.UEM'.

Setting	Description	Values
Device sync interval	Interval to connect with UEM to sync devices.	10-1440 minutes, in 10 minute intervals.
Device deletion threshold	Percentage of devices allowed for deletion after UEM device sync (in %).	0-100% ; use 100% for no threshold *
Deletion delay after	Delay device deletion after several sync attempts – device is deleted after this amount of sync tries that confirmed deletion	1-100 sync tries.
App sync interval	Interval to connect with UEM to sync applications.	10-1440 minutes, in 10 minute intervals.

* 100% value is recommended for evaluation/test usage – when you are adding a small amount of devices.

Click Next.

Tagging Configuration

Specify the information sent to MobileIron Core and the risk level of the device.

The tagging configuration is synced to MobileIron Core and it is used to set the device risk status.

See: Creating a Secondary Device Provisioning Group (Optional), Creating a Mitigation Process, Creating a Compliance Policy for the Devices at Risk and Applying the Harmony Mobile Protect app Configuration and Policy Enforcement.

In Tagging section:

Set Tag device status to ON.

Create Mobile Device Extension Attribute and name it Status. See Connecting the Harmony Mobile Protect app to your Device.

Update each mobile device MobileIron Core with one of these Status values (see Creating a Device Provisioning Group for Harmony Mobile).

Status	Description
CHKP_Status	During the first synchronization of a device in Harmony Mobile dashboard.
CHKP_Risk	After the user installs and registers to Harmony Mobile.
CHKP_TF	If the device did not connect with Harmony Mobile for X number of days (as configured by the Harmony Mobile administrator) .

Set Tag device risk to ON.
- Create Mobile Device Extension Attribute and name it risk_level. See Connecting the Harmony Mobile Protect app to your Device.
- Update each mobile device in MobileIron Core with one of these risk_level values:
  - None
  - Low
  - Medium
  - High

In Advanced section:

The Mitigation tag is only applicable for the devices at High Risk. See Connecting the Harmony Mobile Protect app to your Device.

Note - Create this User Group in MobileIron Core before you use it. See Setting Parameters for the Device Protection.

Click Next.

Deployment

Check the Allow auto device addition prior to device sync option if you require a faster device enrollment (recommended). Without this option checked, the device cannot connect to the Harmony Mobile dashboard not until a complete sync step has created the device in the dashboard. This option generates a unique dashboard token to be used in the UEM configuration that informs the device which dashboard it needs to register to.

If you use Harmony Mobile to manage the deployment:

In this screen, you can see the Use token in application configuration settings. Save this token for later to manage the application as explained in Adding the Harmony Mobile Protect app to your App Catalog.

Advanced

Note - The Advanced section is optional, because MobileIron Core manages the deployment automatically.

In this section, you can enable the options to send email and/or SMS notification to the new users with instructions to download and install the Harmony Mobile Protect App. See Adding the Harmony Mobile Protect app to your App Catalog.

Click Finish.

After you complete the necessary steps, the Integrations window shows the detailed status of the UEM settings integrated with the Harmony Mobile dashboard.
View the integration status In Settings > Integrations menu.

Select the integration you want to view and click the i icon on the top right.
- UEM Server – The latest server configuration status.
- Synchronization – The synchronized groups and the sync status.
  - Device Sync – The synchronized labels from MobileIron Core.
  - App Sync – The last time applications were fetched from the UEM (applicable for iOS deployments only).
- Tagging – Tagging configuration and tagging status.
- Deployment – Deployment configuration and deployment status.
The 3 dots on the top of the integration settings allow you to select these extra functions:
- Edit - To edit the settings.
- Sync Now - To force an immediate device sync call and not wait for the next auto sync cycle.
- Pause / Resume - To temporarily stop or resume the device sync process.
- Remove - To remove the integration settings.
To add more integration settings from other UEM solutions (if relevant for your deployment), click +. The Harmony Mobile supports integration of multiple UEM solutions from a single dashboard.