Configuring and Deploying the iboss cloud Enterprise App using Jamf School

The iboss cloud enables administrators to provide web security and user identification for iOS devices via the iboss cloud Enterprise app. Using the iboss cloud, administrators can apply compliance standards, web filtering, malware defense, and data loss prevention to Internet access. You can use Jamf School to configure and deploy the iboss cloud Enterprise app to devices in your environment. To configure and deploy the iboss cloud Enterprise app, you must complete the following steps:

  1. Add the iboss cloud Enterprise app

  2. Add the mobile device configuration

  3. Test the iboss configuration

For more information about the iboss cloud, see the following website: https://www.iboss.com

Note: It is strongly recommended that you test your iboss cloud configuration before deploying it to devices.

Requirements

To configure and deploy the iboss cloud Enterprise app using Jamf School, you need:

Adding the iboss cloud Enterprise app to Jamf School

  1. In Jamf School, navigate to Apps in the sidebar.

  2. Click +Add App.

  3. Choose "Add iOS App" from the pop-up menu.

  4. In the Search field, enter "1446464246" or "iboss cloud Enterprise" and click Search.

  5. Click Add.

  6. Click + to distribute the app to a device group, ensuring the installation method is "Automatic installation".

  7. Select "Enable" from the Reinstall this app when it's removed by the end-user‌ pop-up menu.

  8. Select "Enable" from the ‌Automatically update this app when an update is available‌ pop-up menu.

  9. Click Save.

Adding the Mobile Device Configuration to Jamf School

There are two ways to add the mobile device configuration to Jamf School:

  • (Recommended) Import the default mobile device configuration from the iboss cloud to Jamf School

  • Manually create the configuration profile in Jamf School

(Recommended Method) Import the Default Mobile Device Configuration from iboss cloud to Jamf School

  1. In your iboss cloud environment, navigate to the Data Redirection page and click Cloud Connectors.

  2. In iboss cloud for iOS, click Download.

  3. Select Unsupervised Settings.

  4. Open the downloaded file in a text editor and set the values within the VPN key to the following values:

    • AuthName—Use one of the following variables for the identifier type that will be populated for each device:

      • %Username%

      • %Name%

      • %SerialNumber%

    • ProviderBundleIdentifier—com.iboss.ibossCloudForIOSEnterprise.AppProxy

    • ProviderType—Remove this key and its associated packet-tunnel string

    • VPNSubType—com.iboss.ibossCloudForIOSEnterprise

  5. Set the values within the VendorConfig key to the following values:

    • WebSecurityKey—Set this to the group security key for the policy's targeted filter group.

    • AutoLoginSecurityGroups—Set this to the group name that is associated with the security key from the WebSecurityKey parameter.

    • CloudRegistrationSSLPort—If the proxy port was provisioned as 8009, set this to 8016. If the proxy port was provisioned as 80, set this to 443

    • GatewayPort—Set this to the port used by the iboss cloud proxy.

    • ProxyAutoConfigurationScriptURL—Set this to the URL for the iboss cloud PAC script.

    • RunTimeMode—standard

  6. Save your changes.

  7. In Jamf School, navigate to Profiles in the sidebar.

  8. Click +Create Profile.

  9. Click Upload Custom Profile.

  10. Upload the file you just modified.

  11. Click Next and configure the settings as needed.

  12. Use the Scope payload to add a device group to the scope, ensuring the installation method is "Automatic installation".

  13. Use the rest of the payloads to configure the settings you want to apply.

  14. (Optional) If you plan to use SSL decryption, you must add the iboss cloud SSL decryption certificate to the profile.

    1. Click the Certificates payload.

    2. Upload your iboss cloud SSL decryption certificate.

      Note: The file you upload to Jamf School must use the .cer file type.

    3. Click Upload certificate.

  15. Click Save.

Manually Create the Mobile Device Configuration Profile in Jamf School

  1. In Jamf School, navigate to Profiles in the sidebar.

  2. Click +Create Profile.

  3. Select the operating system you want to make the profile for.

  4. Select the type of enrollment you want to make the profile for.

  5. Enter the name of the iboss security filter group name in the Profile name field and configure the additional settings as needed, including the removal policy and time filter.

  6. Click Finish.

  7. Use the Scope payload to add a device group to the scope, ensuring the installation method is "Automatic installation".

  8. Use the VPN payload to configure the following settings:

    • Connection Name—VPN

    • Connection Type—Custom SSL

    • Server—Set this to the DNS hostname of your preferred iboss cloud DNS cluster.

    • Account—Use one of the following variables for the identifier type that will be populated for each device:

      • %Username%

      • %Name%

      • %SerialNumber%

    • Identifier—Set this to the bundle identifier that corresponds to the iboss cloud Enterprise app.

    • Provider Type—App Proxy

    • Enable VPN On Demand—Enabled

  9. In the Custom Data settings, click +Add custom data and enter the following keys and values:

    • GatewayPort—Set this to the port used by the iboss cloud proxy.

    • RunTimeMode—standard

    • ProxyAutoConfigurationScriptURL—Set this to the URL for the iboss cloud PAC script.

    • ComputerOverrideUser—If you want auto group categorization to occur with iboss cloud, set this to 0. If you want all group categorization to occur based on the device's configuration policy, set this to 1.

    • WebSecurityKey—Set this to the group security key for the policy's targeted filter group.

    • GatewayHost—Use the hostname of the preferred DNS cluster used for the Server field.

    • CloudRegistrationSSLPort—If the proxy port was provisioned as 8009, set this to 8016. If the proxy port was provisioned as 80, set this to 443.

    • LogLevel—0

    • AutoLoginSecurityGroups—Set this to the group name that is associated with the security key from the WebSecurityKey parameter.

  10. Configure the following settings:

    • User Authentication—Certificate

  11. (Optional) If you plan to use SSL decryption, you must add the iboss cloud SSL decryption certificate to the profile.

    1. Click the Certificates payload.

    2. Upload your iboss cloud SSL decryption certificate.

      Note: The file you upload to Jamf School must use the .cer file type.

    3. Click Upload certificate.

  12. Click Save.

Testing the iboss Configuration

After saving the profile, check one of the devices included in the scope to confirm that the profile has installed successfully. Inspect the device's Certificate Trust settings to confirm that all relevant certificates are trusted.

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2020 Jamf. All rights reserved.