Configuring and Deploying the iboss cloud Enterprise App using Jamf Pro

The iboss cloud enables administrators to provide web security and user identification for iOS devices via the iboss cloud Enterprise app. Using the iboss cloud, administrators can apply compliance standards, web filtering, malware defense, and data loss prevention to Internet access. You can use Jamf Pro to configure and deploy the iboss cloud Enterprise app to devices in your environment.

For more information about the iboss cloud, see the following website: https://www.iboss.com

Note:

It is strongly recommended that you test your iboss cloud configuration before deploying it to devices.

General Requirements

To manage the iboss cloud enterprise app using Jamf Pro, you need the following:

Adding the iboss cloud Enterprise app to Jamf Pro

  1. Log in to Jamf Pro.
  2. Click Devices at the top of the page.
  3. Click Mobile Device Apps.
  4. Click New.
  5. Select App Store app or VPP store app and click Next.
  6. In the Search field, enter "1446464246" or "iboss cloud Enterprise" and click Next.
  7. Click Add.
  8. Configure the app settings. The following settings are recommended:
    • Distribution MethodInstall Automatically/Prompt Users to Install
    • Automatically Force App UpdatesEnabled
    • Make App Managed when PossibleEnabled
    • Make App Managed if Currently Installed as UnmanagedEnabled
    • Remove App When Profile is RemovedEnabled
  9. Click the Scope tab and configure the scope of the app.
  10. Click Save.

Adding the Mobile Device Configuration to Jamf Pro

There are two ways to add the mobile device configuration to Jamf Pro:

  • (Recommended) Import the default mobile device configuration from the iboss cloud to Jamf Pro

  • Manually create the configuration profile in Jamf Pro

(Recommended Method) Importing the Default Mobile Device Configuration from iboss cloud to Jamf Pro

  1. In your iboss cloud environment, navigate to the Data Redirection page and click Cloud Connectors.
  2. Under iboss cloud for iOS, click Download.
  3. Select Unsupervised Settings.
  4. Open the downloaded file in a text editor and set the values within the VPN key to the following values:
    • AuthNameUse one of the following variables for the identifier type that will be populated for each device:
      • $USERNAME

      • $DEVICENAME

      • $SERIALNUMBER

    • ProviderBundleIdentifiercom.iboss.ibossCloudForIOSEnterprise.AppProxy
    • ProviderTypeRemove this key and its associated packet-tunnel string
    • VPNSubTypecom.iboss.ibossCloudForIOSEnterprise
  5. Set the values within the VendorConfig key to the following values:
    • WebSecurityKeySet this to the group security key for the policy's targeted filter group.
    • AutoLoginSecurityGroupsSet this to the group name that is associated with the security key from the WebSecurityKey parameter.
    • CloudRegistrationSSLPortIf the proxy port was provisioned as 8009, set this to 8016. If the proxy port was provisioned as 80, set this to 443
    • GatewayPortSet this to the port used by the iboss cloud proxy.
    • ProxyAutoConfigurationScriptURLSet this to the URL for the iboss cloud PAC script.
    • RunTimeModestandard
  6. Save your changes.
  7. In Jamf Pro, click Devices at the top of the page.
  8. Click Configuration Profiles.
  9. Click Upload.
  10. Select the file you just modified.
  11. Click Upload again.
  12. Use the General payload to configure the basic settings for the profile.
  13. From the Distribution Method pop-up menu, select Install Automatically.
  14. Use the rest of the payloads to configure the settings you want to apply.
  15. (Optional) If you plan to use SSL decryption, you must add the iboss cloud SSL decryption certificate to the configuration profile.
    1. Configure the Certificate payload.

    2. Enter a name for the certificate.

    3. From the Select Certificate Option pop-up menu, select Upload.

    4. Select Upload Certificate.
      Note:

      The file you upload to Jamf Pro must use the .cer file type.

    5. Upload your iboss cloud SSL decryption certificate.

  16. Click the Scope tab and configure the scope of the profile.
  17. Click Save.

Manually Creating the Mobile Device Configuration Profile in Jamf Pro

  1. In Jamf Pro, click Devices at the top of the page.
  2. Click Configuration Profiles.
  3. Click New.
  4. Use the General payload to configure the basic settings for the profile.
  5. In the Name field, enter the name of the iboss security filter group name.
  6. From the Distribution Method pop-up menu, select Install Automatically.
  7. Configure the VPN payload and modify the following settings:
    • VPN TypeVPN
    • Connection TypeCustom SSL
    • Provider TypeApp Proxy
    • IdentifierSet this to the bundle identifier that corresponds to the iboss cloud Enterprise app.
    • ServerSet this to the DNS hostname of your preferred iboss cloud DNS cluster.
    • AccountUse one of the following variables for the identifier type that will be populated for each device:
      • $USERNAME

      • $DEVICENAME

      • $SERIALNUMBER

  8. Under Custom Data, enter the following keys and values:
    • GatewayPortSet this to the port used by the iboss cloud proxy.
    • RunTimeModestandard
    • ProxyAutoConfigurationScriptURLSet this to the URL for the iboss cloud PAC script.
    • ComputerOverrideUserIf you want auto group categorization to occur with iboss cloud, set this to 0. If you want all group categorization to occur based on the device's configuration policy, set this to 1.
    • WebSecurityKeySet this to the group security key for the policy's targeted filter group.
    • GatewayHostUse the hostname of the preferred DNS cluster used for the Server field.
    • CloudRegistrationSSLPortIf the proxy port was provisioned as 8009, set this to 8016. If the proxy port was provisioned as 80, set this to 443.
    • LogLevel0
    • AutoLoginSecurityGroupsSet this to the group name that is associated with the security key from the WebSecurityKey parameter.
  9. Configure the following settings:
    • User AuthenticationCertificate
    • Identity CertificateNone
    • Enable VPN On DemandEnabled
    • Proxy SetupNone
  10. (Optional) If you plan to use SSL decryption, you must add the iboss cloud SSL decryption certificate to the configuration profile.
    1. Configure the Certificate payload.

    2. Enter a name for the certificate.

    3. From the Select Certificate Option pop-up menu, select Upload.

    4. Select Upload Certificate.
      Note:

      The file you upload to Jamf Pro must use the .cer file type.

    5. Upload your iboss cloud SSL decryption certificate.

  11. Click the Scope tab and configure the scope of the profile.
  12. Click Save.

Testing the iboss Configuration

After saving the configuration profile, check one of the devices included in the scope to confirm that the profile has installed successfully. Inspect the device's Certificate Trust settings to confirm that all relevant certificates are trusted.