01. Introduction
There is a general documentation available for the EBF Onboarder, where you can find information about its prerequisites and the whole migration project. It describes how you can setup a migration project, how you can setup invitation emails and reminders which guide your users through the migration. It also tells you how to initiate the migration process and how to track the migration status.
This documentation complements the general EBF Onboarder documentation and provides more detailed information for the source system MobileIron.
ATTENTION: This documentation does not replace any MobileIron documentation. It is only describing prerequisites for the EBF Onboarder. Please consult the MobileIron documentation and support if necessary.
02. Prerequisites for the source system MobileIron02.1. Service Account
02.1. Service Account
You need to create an Admin Account in your source system which is dedicated to the EBF Onboarder. It must be assigned to Global Space and you must ensure that it has the API User role and all roles listed below in order to be able to migrate the devices.
Admin roles can be changed in your MobileIron dashboard by seleting the account in the tab ‘Admin’. Here click on ‘Actions’ >> ‘Edit Roles’.
| Selection in the roles | Permissions required | |
| Device Management | View device page, device details View device dashboard Manage devices Manage devices, restricted Wipe device Add device Manage device enrollment (iOS only) Delete retired device Apply and remove device label Send message to device Change device ownership Export to CSV Retire device | View device View device details View device dashboard Other device actions Push profiles in device details Edit comments in device details Wipe device Add device Device enrollment (iOS only) Delete retired device Apply and remove device label Send message to device Change device ownership Export to CSV Retire device |
| Privacy Control | View apps and ibooks in device details | View apps and ibooks in device details |
| Label Management | View label Manage label | View label View device View device details Edit label |
| User Management | View User | View User |
| App Management (To Create A Web Clip) | View app View app inventory View app dashboard Manage app Distribute app Import and edit app | View App Catalog View Installed Apps View app dashboard Manage app related settings Apply and remove application label and send message to an app Import app and edit app configurations Manage reviews |
| Configuration Management | View configuration Manage configuration Apply and remove configuration label | View configuration Manage configuration Apply and remove configuration label |
| Settings and Services Management | View settings and services Edit settings and services | View settings and services Edit settings and services |
| Other Roles | View device feature usage data API Mobile App | View device feature usage data Access V1 API Mobile App Access MIFS access |
ATTENTION: Make sure that ‚Enforce single sessions’ is NOT selected for the EBF Onboarder account in ‘Other roles’ in order to allow the MobileIron environment to accept several attempts of communication with the same Admin Account coming from different migrations at the exact same time.
02.2. Network configurations
02.2.1. HTTPS port or redirected port
All API command connections from the MobileIron-Onboarder server are made on port 443. If you don’t use port 443, you have to make sure that the firewall rules on your site will allow the MobileIron-Onboarder server to access the port you have chosen to access your MobileIron server. Please also make sure, that the „Portal ACLs“ on the Core will allow the API access.
NOTE: Please read the general documentation to learn more about the IP whitelisting.
02.2.2. Portal access
The Service Account for the EBF Onboarder needs to have access to the Admin Portal, User Portal and API commands and must be able to log into port https 443 by default. The Service Account with API user role also needs to be able to search users on the target MDM system.
ATTENTION: If you have disabled port 443 for security reasons and are using a different port, please make sure that your firewall rules allow the EBF Onboarder servers and gate systems to access your login portal (/mifs).
NOTE: Please read the general documentation to get the IP addresses which are associated to the MobileIron EBF Onboarder server and the gate.ebf.de.
02.3. User role
Make sure that the EBF Onboarder Service Account and all users that will be part of the migration project have access to the ‘User Portal’ by assigning the role ‘User Portal’.