Network Integration

The JSS can be integrated with a network access management service, such as Cisco Identity Services Engine (ISE). Network integration allows the service to communicate with the JSS to verify that the computers and mobile devices on your network are compliant with your organization’s standards. With information from the JSS, the service can determine the level of network access to grant to a computer or mobile device, provide messaging to end users, and refer end users to enroll their computers and mobile devices to the JSS to become compliant.

Note: When the network access management service refers end users to enroll their computer or mobile device with the JSS, an enrollment URL is provided to the user in a webpage when they access the Internet. The end user can then access the enrollment URL to enroll with the JSS via user-initiated enrollment. (For more information, see User-Initiated Enrollment Settings.)

Network integration can also allow the network access management service to send remote commands to computers and mobile devices via the JSS, including passcode lock and wipe commands.

Creating a network integration instance in the JSS prepares the JSS to integrate with a network access management service. This allows you to do the following:

  • When sites are defined in the JSS, select the site to add the network integration instance to.

  • Select the saved advanced computer search and advanced mobile device search to be used by the network access management service to verify computers and mobile devices that are compliant with your organization’s standards. Computers and mobile devices that appear in the search results are reported as compliant to the network access management service.

  • Specify compliance verification failure and compliance remediation messaging that can be displayed to end users via the network access management service.

  • Configure the passcode to be used when remotely locking or wiping computers via the network access management service.

  • After saving the network integration instance, view the network integration URL to be used by the network access management service to communicate with the specific JSS network integration instance.

Important: When using network integration on a per-site basis in the JSS, ensure that any site-specific configuration profiles and policies in the JSS do not conflict with computer and mobile device compliance verification performed through network integration.

Requirements

For more information and requirements for configuring your network access management service to communicate with an MDM server, see your vendor’s documentation.

To allow the network access management service to send remote commands via the JSS, your environment must meet the requirements for sending remote commands to computers and mobile devices. (For more information, see Remote Commands for Computers and Remote Commands for Mobile Devices.)

Adding a Network Integration Instance

  1. Log in to the JSS with a web browser.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/15181102/Settings_icon.png .

  3. Click Network Organization.

  4. Click Network Integration images/download/thumbnails/15181102/Network_Integration.png .

  5. Click New images/download/thumbnails/15181102/New_icon.png .
    Note: Only one network integration instance can be added per site in the JSS. If all sites already have a network integration instance, you will not be able to add a new one.

  6. Configure the network integration instance using the settings on the pane, including the site, the advanced computer search and advanced mobile device search to be used for compliance verification, compliance messaging to be displayed to users, and the remote lock and wipe passcode setting for computers.
    Note: If you select the “Create Random Passcode” option for the passcode assignment method for computers, to identify the passcode used for a remote lock or wipe on a specific computer, you will need to view the management history for the computer in the JSS. (For information, see Viewing the History for a Computer.)

  7. Click Save.
    After saving the network integration instance, a unique network integration URL appears at the bottom of the pane. This URL will be used by the network access management service to communicate with the specific JSS network integration instance.

Related Information

For related information, see the following sections in this guide:

Copyright | Privacy | Terms of Use | Security
© copyright 2002-2017 Jamf. All rights reserved.