Zum Inhalt springen
EBF Documentation

EBF product documentation

Find help using and administering EBF applications

EBF Onboarder

  • Release Notes
  • 01. Introduction
  • 02. Registration
  • 03. Preparation of the migration
  • 04. Migration project setup
  • 05. Communication Tool (previously Email Content Tool)
  • 06. Transformation Tool
  • 07. Enrollment Wizard
  • 08. Enrollment Advice
  • 09. Migration launch
  • 10. Migration monitoring
  • 11. Migration project management
  • 12. EBF Onboarder Status website
  • 13. Platforms
  • 14. Contact
  • Target System Jamf Pro / School
  • Target System MaaS360
  • Target System Microsoft Intune
  • Target System Omnissa Workspace ONE
  • Target System Ivanti EPMM and Neurons
  • Source System baramundi Management Suite (bMS)
  • Source System Jamf Pro
  • Source System MaaS360
  • Source System Microsoft Intune
  • Source System Omnissa Workspace ONE
  • Source System Ivanti EPMM Neurons / MobileIron Core and Cloud and Ivanti EPM (Landesk)
  • Source System BlackBerry UEM Cloud
  • Source System Blackberry UEM v12
View Categories
  • Home
  • Homepage
  • EBF Onboarder

Target System Ivanti EPMM and Neurons

7 min read

01. Introduction

There is a general documentation available for the EBF Onboarder, where you can find information about its prerequisites and the whole migration project. It describes how you can setup a migration project, how you can setup invitation emails and reminders which guide your users through the migration. It also tells you how to initiate the migration process and how to track the migration status.

This documentation complements the general EBF Onboarder documentation and provides more detailed information for the target system Ivanti EPMM and Neurons about:

  • the prerequisites for the target system,
  • the target system selection during the migration project setup,
  • the device selection during the migration project setup.

02. Prerequisites for the target system Ivanti EPMM

02.1. User import with LDAP

Importing users with LDAP allows you to benefit from an almost silent migration to Ivanti. LDAP already needs to be configured for this. To do this, pre-import your users from LDAP to Ivanti. The EBF Onboarder will then be able to find the users and their userIDs which match with the userIDs in the source system with the help of their email addresses. In this way, the EBF Onboarder can pre-register the devices during the migration process.

ATTENTION: If the search for the userID fails on the target system, it will fall back to search on the source system assuming that the LDAPs match. That’s why it is important to use a Service Account with the correct roles on the target system (see chapter 02.2).

If you can’t or don’t want to use LDAP to pre-import your users to Ivanti, you need to add your users to the target system manually. You have to use the same email addresses for the users in Ivanti as in the source system.

NOTE: To avoid user interactions (such as entering a password) during the migration process you can change the way how a device enrolls on the target system for the time of the migration: Use PIN based registration instead of password or password+PIN based registration.

02.2. Service Account

You need to create a Service Account in your target system which is dedicated to the EBF Onboarder. It must be assigned to Global Space and you must ensure that it has the API User role and all roles listed below in order to be able to migrate the devices.

The roles can be changed in your Ivanti Admin Portal by seleting the account in the tab ‘Admin’. Here click on ‘Actions’ >> ‘Edit Roles’.

Selection in the roles Selected permissions shows
Device Management View device page, device details
View device dashboard
Manage devices
Manage devices, restricted
Wipe device
Add device
Manage device enrollment (iOS only)
Delete retired device
Apply and remove device label
Send message to device
Change device ownership
Export to CSV
Retire device
View device
View device details
View device dashboard
Other device actions
Push profiles in device details
Edit comments in device details
Wipe device
Add device
Device enrollment (iOS only)
Delete retired device
Apply and remove device label
Send message to device
Change device ownership
Export to CSV
Retire device
Privacy Control View apps and iBooks in device details View device
View device details
View apps and iBooks in device details
Label Management View label
Manage label
View label
View device
View device details
Edit label
User Management View User View user
App Management View app
View app inventory
View app dashboard
Manage app
Distribute app
Import and edit app
View App Catalog
View Installed Apps
View app dashboard
Manage app related settings
Apply and remove application label and send message to an app
Import app and edit app configurations
Configuration Management View configuration
Manage configuration
Apply and remove configuration label
View configuration
Manage configuration
Apply and remove configuration label
Settings and Services Management View settings and services
Manage settings and services
View settings and services
Edit settings and services
Other Roles View device feature usage data
API
Mobile App
View device feature usage data
Access V1 API
Mobile App Access

ATTENTION: Make sure that ‚Enforce single sessions’ is NOT selected for the EBF Onboarder account in ‘Other roles’ in order to allow the Ivanti environment to accept several attempts of communication with the same Service Account coming from different migrations at the exact same time.

02.3. Network configurations

02.3.1. HTTPS port or redirected port

All API command connections from the Ivanti Onboarder server are made on port 443. If you don’t use port 443, you have to make sure that the firewall rules on your site will allow the Ivanti Onboarder server to access the port you have chosen to access your MobileIron server. Please also make sure, that the „Portal ACLs“ on the Core will allow the API access.

NOTE: Please read the general documentation to learn more about the IP whitelisting.

02.3.2. Portal access

The Service Account for the EBF Onboarder needs to have access to the Admin Portal, User Portal and API commands and must be able to log into port https 443 by default. The Service Account with API user role also needs to be able to search users on the target MDM system.

ATTENTION: If you have disabled port 443 for security reasons and are using a different port, please make sure that your firewall rules allow the EBF Onboarder servers and gate systems to access your login portal (/mifs).

NOTE: Please read the general documentation to get the IP addresses which are associated to the Ivanti Onboarder server and the gate.ebf.de.

02.4. User role

The EBF Onboarder will use the pre-login method for registering the devices in Ivanti. For this, it is required that your users have access to the Self-Service Portal. Make sure that the EBF Onboarder Service Account and all users that will be part of the migration project have access to the ‘User Portal’ by assigning the role ‘User Portal’.

03. Prerequisites for the target system Ivanti Neurons

03.1. Service Account

You need to create a Service Account in your target system which is dedicated to the EBF Onboarder. It must have the API User role and all roles listed below in order to be able to migrate the devices.

Admin roles can be changed in your Ivanti Admin Portal by seleting the account in the tab ‘Users’. Here click on ‘Actions’ >> ‘Assign Roles’.

Roles Requirement for your Service Account Applying to Space
Custom Device Enrollment Cross-space
User Read Only Cross-space
Send/Cancel Wipe Request Cross-space
Device Management Space-specific
App & Content Read Only Space-specific
Device Actions Space-specific

04. Target system selection

When you setup a migration project with the EBF Onboarder (please read the general documentation to learn more about this), you will be asked to define the target system.

04.1. Selecting the target system Ivanti EPMM

Select Ivanti EndPoint Manager Mobile (EPMM, MobileIron Core) as target system and enter the hostname of your on-prem server (without https://). Enter the user and password of the Service Account which you have created at your Ivanti EPMM (see chapter 02.2).

NOTE: If an error occurs, please check the network and firewall settings of your environment and make sure that the Service Account has the API User role.

04.2. Selecting the target system Ivanti Neurons

Select Ivanti Neurons for MDM (N-MDM, MobileIron Cloud) as target system and enter the email address and password of the Service Account which you have created at your Ivanti Neurons (see chapter 03.1).

NOTE: You don’t need to add the hostname of the server as it is a Cloud Tenant. The admin email address is unique, so that your tenant will be found automatically.

05. Device selection for the target system Ivanti EPMM

When you setup a migration project with the EBF Onboarder (please read the general documentation to learn more about this), you will be asked to select the devices you want to migrate.

When you select the single devices for Ivanti EPMM as a target system, you can choose to which group the devices should be added by selecting ‘Assign Label’ and by choosing a label of the list:

NOTE: When you type in several letters, a list of labels with these letters will be displayed. This will allow you to get access to the label you are looking for faster, instead of waiting for the full list of labels to be loaded.

Was this article useful?
Still stuck? How can we help?

How can we help?

Updated on 26. Februar 2024
Target System Omnissa Workspace ONESource System baramundi Management Suite (bMS)
Navigate through page
  • 01. Introduction
  • 02. Prerequisites for the target system Ivanti EPMM
    • 02.1. User import with LDAP
    • 02.2. Service Account
    • 02.3. Network configurations
      • 02.3.1. HTTPS port or redirected port
      • 02.3.2. Portal access
    • 02.4. User role
  • 03. Prerequisites for the target system Ivanti Neurons
    • 03.1. Service Account
  • 04. Target system selection
    • 04.1. Selecting the target system Ivanti EPMM
    • 04.2. Selecting the target system Ivanti Neurons
  • 05. Device selection for the target system Ivanti EPMM
Subscribe for EBF Newsletter
©2020 EBF-EDV Beratung Föllmer GmbH, All Rights Reserved
Imprint Terms and Conditions Privacy Statement Contact
Facebook-square Twitter-square Linkedin Xing-square Instagram
EBF Status Check