The JSS can be integrated with a network access management service, such as Cisco Identity Services Engine (ISE). Network integration allows the service to communicate with the JSS to verify that the computers and mobile devices on your network are compliant with your organization’s standards. With information from the JSS, the service can determine the level of network access to grant to a computer or mobile device, provide messaging to end users, and refer end users to enroll their computers and mobile devices to the JSS to become compliant.
Note: Enrollments that are referred to the JSS by the network access management service through network integration are performed as user-initiated enrollments.
Network integration can also allow the network access management service to send remote commands to computers and mobile devices via the JSS, including passcode lock and wipe commands.
Creating a network integration instance in the JSS prepares the JSS to integrate with a network access management service. This allows you to do the following:
When sites are defined in the JSS, select the site to add the network integration instance to.
Select the saved advanced computer search and advanced mobile device search to be used by the network access management service to verify computers and mobile devices that are compliant with your organization’s standards. Computers and mobile devices that appear in the search results are reported as compliant to the network access management service.
Specify compliance verification failure and compliance remediation messaging that can be displayed to end users via the network access management service.
Configure the passcode to be used when remotely locking or wiping computers via the network access management service.
After saving the network integration instance, view the network integration URL to be used by the network access management service to communicate with the specific JSS network integration instance.
Important: When using network integration on a per-site basis in the JSS, ensure that any site-specific configuration profiles and policies in the JSS do not conflict with computer and mobile device compliance verification performed through network integration.
For more information and requirements for configuring your network access management service to communicate with an MDM server, see your vendor’s documentation.
Adding a Network Integration Instance
Log in to the JSS with a web browser.
In the top-right corner of the page, click Settings .
Click Network Organization.
On a smartphone or iPod touch, this option is in the pop-up menu.
Click Network Integration .
Click New .
Note: Only one network integration instance can be added per site in the JSS. If all sites already have a network integration instance, you will not be able to add a new one.
Configure the network integration instance using the settings on the pane, including the site, the advanced computer search and advanced mobile device search to be used for compliance verification, compliance messaging to be displayed to users, and the remote lock and wipe passcode setting for computers.
Note: If you select the “Create Random Passcode” option for the passcode assignment method for computers, to identify the passcode used for a remote lock or wipe on a specific computer, you will need to view the management history for the computer in the JSS. (For information, see Viewing the History for a Computer.)
After saving the network integration instance, a unique network integration URL appears at the bottom of the pane. This URL will be used by the network access management service to communicate with the specific JSS network integration instance.
For related information, see the following sections in this guide: