Configuring and Deploying the iboss cloud Enterprise App using Jamf Pro

Updated: 01 July 2021

Product: Jamf Pro

The iboss cloud enables administrators to provide web security and user identification for iOS devices via the iboss cloud Enterprise app. Using the iboss cloud, administrators can apply compliance standards, web filtering, malware defense, and data loss prevention to Internet access. You can use Jamf Pro to configure and deploy the iboss cloud Enterprise app to devices in your environment.

For more information about the iboss cloud, see the following website: https://www.iboss.com

Note:

It is strongly recommended that you test your iboss cloud configuration before deploying it to devices.

General Requirements

To manage the iboss cloud enterprise app using Jamf Pro, you need the following:

Mobile devices with iOS 10 or later
An active iboss cloud subscription
The required ports open
For a list of the ports required, see the following webpage: https://support.ibosscloud.com/hc/en-us/articles/115007869047

Adding the iboss cloud Enterprise app to Jamf Pro

Log in to Jamf Pro.
Click Devices at the top of the page.
Click Mobile Device Apps.
Click New.
Select App Store app or VPP store app and click Next.
In the Search field, enter "1446464246" or "iboss cloud Enterprise" and click Next.
Click Add.
Configure the app settings. The following settings are recommended:
- Distribution Method—Install Automatically/Prompt Users to Install
- Automatically Force App Updates—Enabled
- Make App Managed when Possible—Enabled
- Make App Managed if Currently Installed as Unmanaged—Enabled
- Remove App When Profile is Removed—Enabled
Click the Scope tab and configure the scope of the app.
Click Save.

Adding the Mobile Device Configuration to Jamf Pro

There are two ways to add the mobile device configuration to Jamf Pro:

(Recommended) Import the default mobile device configuration from the iboss cloud to Jamf Pro
Manually create the configuration profile in Jamf Pro

(Recommended Method) Importing the Default Mobile Device Configuration from iboss cloud to Jamf Pro

In your iboss cloud environment, navigate to the Data Redirection page and click Cloud Connectors.
Under iboss cloud for iOS, click Download.
Select Unsupervised Settings.
Open the downloaded file in a text editor and set the values within the VPN key to the following values:
- AuthName—
  Use one of the following variables for the identifier type that will be populated for each device:
  $USERNAME
  $DEVICENAME
  $SERIALNUMBER
- ProviderBundleIdentifier—com.iboss.ibossCloudForIOSEnterprise.AppProxy
- ProviderType—Remove this key and its associated packet-tunnel string
- VPNSubType—com.iboss.ibossCloudForIOSEnterprise
Set the values within the VendorConfig key to the following values:
- WebSecurityKey—Set this to the group security key for the policy's targeted filter group.
- AutoLoginSecurityGroups—Set this to the group name that is associated with the security key from the WebSecurityKey parameter.
- CloudRegistrationSSLPort—If the proxy port was provisioned as 8009, set this to 8016. If the proxy port was provisioned as 80, set this to 443
- GatewayPort—Set this to the port used by the iboss cloud proxy.
- ProxyAutoConfigurationScriptURL—Set this to the URL for the iboss cloud PAC script.
- RunTimeMode—standard
Save your changes.
In Jamf Pro, click Devices at the top of the page.
Click Configuration Profiles.
Click Upload.
Select the file you just modified.
Click Upload again.
Use the General payload to configure the basic settings for the profile.
From the Distribution Method pop-up menu, select Install Automatically.
Use the rest of the payloads to configure the settings you want to apply.
(Optional) If you plan to use SSL decryption, you must add the iboss cloud SSL decryption certificate to the configuration profile.
1. Configure the Certificate payload.
2. Enter a name for the certificate.
3. From the Select Certificate Option pop-up menu, select Upload.
4. Select Upload Certificate.
  Note:
  The file you upload to Jamf Pro must use the .cer file type.
5. Upload your iboss cloud SSL decryption certificate.
Click the Scope tab and configure the scope of the profile.
Click Save.

Manually Creating the Mobile Device Configuration Profile in Jamf Pro

In Jamf Pro, click Devices at the top of the page.
Click Configuration Profiles.
Click New.
Use the General payload to configure the basic settings for the profile.
In the Name field, enter the name of the iboss security filter group name.
From the Distribution Method pop-up menu, select Install Automatically.
Configure the VPN payload and modify the following settings:
- VPN Type—VPN
- Connection Type—Custom SSL
- Provider Type—App Proxy
- Identifier—Set this to the bundle identifier that corresponds to the iboss cloud Enterprise app.
- Server—Set this to the DNS hostname of your preferred iboss cloud DNS cluster.
- Account—
  Use one of the following variables for the identifier type that will be populated for each device:
  $USERNAME
  $DEVICENAME
  $SERIALNUMBER
Under Custom Data, enter the following keys and values:
- GatewayPort—Set this to the port used by the iboss cloud proxy.
- RunTimeMode—standard
- ProxyAutoConfigurationScriptURL—Set this to the URL for the iboss cloud PAC script.
- ComputerOverrideUser—If you want auto group categorization to occur with iboss cloud, set this to 0. If you want all group categorization to occur based on the device's configuration policy, set this to 1.
- WebSecurityKey—Set this to the group security key for the policy's targeted filter group.
- GatewayHost—Use the hostname of the preferred DNS cluster used for the Server field.
- CloudRegistrationSSLPort—If the proxy port was provisioned as 8009, set this to 8016. If the proxy port was provisioned as 80, set this to 443.
- LogLevel—0
- AutoLoginSecurityGroups—Set this to the group name that is associated with the security key from the WebSecurityKey parameter.
Configure the following settings:
- User Authentication—Certificate
- Identity Certificate—None
- Enable VPN On Demand—Enabled
- Proxy Setup—None
(Optional) If you plan to use SSL decryption, you must add the iboss cloud SSL decryption certificate to the configuration profile.
1. Configure the Certificate payload.
2. Enter a name for the certificate.
3. From the Select Certificate Option pop-up menu, select Upload.
4. Select Upload Certificate.
  Note:
  The file you upload to Jamf Pro must use the .cer file type.
5. Upload your iboss cloud SSL decryption certificate.
Click the Scope tab and configure the scope of the profile.
Click Save.

Testing the iboss Configuration

After saving the configuration profile, check one of the devices included in the scope to confirm that the profile has installed successfully. Inspect the device's Certificate Trust settings to confirm that all relevant certificates are trusted.