1 MobileIron Confidential
BYODPortal.com Product Guide Version 2017.01.10
2 MobileIron Confidential
Contents
Overview and Features ................................................................................................................................. 4
Getting Help .................................................................................................................................................. 4
Core Server Requirements ............................................................................................................................ 4
On-Premise CORE Requirements .............................................................................................................. 4
Connected Cloud CORE Requirements ..................................................................................................... 5
End-User Requirements ............................................................................................................................ 6
Creating A New BYODPortal.com Company Account ................................................................................... 6
Configuration and End User Usage ............................................................................................................... 7
Accessing the Portal .................................................................................................................................. 7
Portal Administration – BYODPortal.com (Cloud Service) ........................................................................ 7
Logging In To the Admin Portal ............................................................................................................. 7
Logging In To the Admin Portal For The First Time ............................................................................... 7
Section: Portal Status & Reports ........................................................................................................... 8
Section: Your Account Settings ............................................................................................................. 8
Converting a Trial Portal Account to Your Subscription ....................................................................... 9
Configuring a Custom Domain Name (CNAME) .................................................................................... 9
Section: MobileIron CORE / Connected Cloud Settings ...................................................................... 10
Section: Your Portal Preferences ........................................................................................................ 11
Section: Terms of Service .................................................................................................................... 17
Further Customizations ....................................................................................................................... 19
Section: Custom Branding / CSS .......................................................................................................... 20
Section: Single Sign On Integration via SAML2 ................................................................................... 22
Section: Integrations ........................................................................................................................... 24
End User Usage – Registering a Device ................................................................................................... 25
Accessing With an Unsupported Device ............................................................................................. 25
Registration Screen ............................................................................................................................. 27
Terms of Service Acknowledgment .................................................................................................... 28
Final Registration Steps ....................................................................................................................... 29
Pending Registrations ......................................................................................................................... 32
Too Many Devices (Limiting Number of Devices per user) ................................................................. 32
3 MobileIron Confidential
Registering via a QR Code ................................................................................................................... 33
BYO.ME ............................................................................................................................................... 33
End User Usage – Managing Your Own Devices ..................................................................................... 34
Logging In To the Portal ...................................................................................................................... 34
The Device Management Screen ........................................................................................................ 34
Multi-User / Shared Device Scenarios .................................................................................................... 39
Customizing BYODPortal Workflow or Adding Your Own Logic ............................................................. 39
Embedding the BYOD Portal In Your Website ............................................................................................ 39
Running the BYOD Portal Update Set for ServiceNow................................................................................ 39
Downloading the Update Set for ServiceNow ........................................................................................ 40
For BYODPortal.com Customers: ........................................................................................................ 40
For Onpremise BYOD Portal Customers: ............................................................................................ 40
Installing the Update Set for ServiceNow ............................................................................................... 40
Configuring the Update Set for ServiceNow ........................................................................................... 42
For BYODPortal.com Customers: ........................................................................................................ 43
For Onpremise BYOD Portal Customers: ............................................................................................ 43
Configuring BYOD Portal ......................................................................................................................... 44
Using the BYOD Portal Update Set for ServiceNow ................................................................................ 44
Managing Devices ............................................................................................................................... 44
Enrolling A New Device ....................................................................................................................... 46
Running BYODPortal On-Premise ............................................................................................................... 50
System Requirements ............................................................................................................................. 50
Server OS and Software Requirements............................................................................................... 50
Server Hardware Requirements.......................................................................................................... 50
Installation .............................................................................................................................................. 50
Portal Administration (On-Premise) ....................................................................................................... 52
Setup and Preferences ........................................................................................................................ 52
Custom Workflow and Code Changes................................................................................................. 52
Upgrading The On-Premise Code ........................................................................................................ 52
Release Notes ............................................................................................................................................. 53
4 MobileIron Confidential
Overview and Features BYODPortal.com is a SAAS based solution meant to enhance and extend an organizations existing MDM
investment. With the service a user can create a custom self-service device management experience for
their end users, allowing users to easily register and manage their corporate connected devices, both
BYOD or corporate liable.
The solution works with your existing MobileIron Mobile Device Management solution (both on-premise and cloud based MobileIron deployments). There is nothing more to install to use BYODPortal.com The solution provides many key features around:
Registration Control
Self Service
Branding & Workflow
Single Sign On
Integration
Fully Customizable Open Code On premise Option (fully customizable workflow, integrations, etc.)
And more
Getting Help BYODPortal is supported by MobileIron Support. If you need product assistance, please contact
MobileIron support or your sales account manager.
Core Server Requirements BYODPortal.com supports integration with MobileIron’s CORE Platform (on-premise deployments), as
well as MobileIron’s Connected Cloud offering (SAAS Based MDM).
BYODPortal.com is currently compatible with the following MobileIron versions: Minimum 4.5.2.
On-Premise CORE Requirements The following is needed in order for BYODPortal.com to integrate with your MDM platform
properly:
Network Access to the MobileIron CORE’s My Phone@Work, Smartphone Manager, API
Connection, and iOS iReg URL portals. over port 443.
o Best practice is to create ACL’s on the MobileIron CORE that only allows access from the
BYODPortal network to the MobileIron API and Employee portal and Admin Portal.
5 MobileIron Confidential
o Here is the list of BYOD Portal IP’s:
54.164.10.146, 54.164.96.242. 54.84.11.118, 54.85.96.208, 54.88.124.155
o Also is best practice to disable self-registration rights on the MI Employee portal if you
plan to allow users to still access the default employee portal. Otherwise only allow
BYODPortal.com to access the employee portal via ACL.
o The picture below shows where in the CORE System portal to configure portal acl's.
Recommended portals to restrict are the My Phone@Work, Smartphone Manager, API
Connection, and iOS iReg URL portals.
A MobileIron account username/password that has API and FULL ADMIN rights to
MobileIron.
To be affective, your CORE must be set to PIN Only or PIN + Username/Password. Do not
use Username/Password only registration to make sure in app registration is disabled.
NOTE: PIN only based iReg/web based registration must be enabled to utilize SSO
features of BYOD Portal. Highly recommended to ensure PIN is turned on for iReg.
Connected Cloud CORE Requirements The following is needed in order for BYODPortal.com to integrate with your Connected Cloud
instance:
A MobileIron account username/password that has API and ADMIN rights to
MobileIron.
To be affective, your CORE must be set to PIN Only or PIN + Username/Password. Do not
use Username/Password only registration to make sure in app registration is disabled.
6 MobileIron Confidential
NOTE: PIN only based iReg/web based registration must be enabled to utilize SSO
features of BYOD Portal. Highly recommended to ensure PIN is turned on for iReg.
End-User Requirements Only thing an end user needs is a web browser. All major web browsers have been tested with
BYODPortal.com. To register a device, an end user needs the USER PORTAL role assigned to
him/her in MobileIron. If USER PORTAL role is not applied, user can not register, but they can
still manage existing devices.
Creating A New BYODPortal.com Company Account To use BYODPortal.com, you must first create an account for your organization. To do that, go to the
BYODPortal.com home page and select the Create An New Account link. The most important part of the
configuration is choosing your account name as it will be part of the URL that users use to register and
manage devices (i.e.: YOURCOMPANYNAME.byodportal.com).
Account names and private URL’s are served on a first come, first serve basis. Follow the instructions
from that point forward. You will be asked to verify your email address. A BYODPortal.com staff member
may contact you to verify your information before your account is activated.
Please note: If your organization has an active, licensed, subscription to byodportal.com, you are
entitled to creating as many portal accounts as you wish during your subscription. When creating an
account, be sure to enter in the Subscription Email address that was set up with your subscription.
Your subscriber email address can be different than your administrator email address. When the
account is created, the service will look to find a valid subscription under the subscriber email, and
send them a verification request.
7 MobileIron Confidential
Configuration and End User Usage
Accessing the Portal There are a few URL’s that will be used to access different parts of your portal:
Admin Site URL:
https://<YOUR_ACCOUNT_NAME>.byodportal.com/admin
This is the address you as an administrator will use to configure and manage your portal.
End User Self-Service Device Management:
https://<YOUR_ACCOUNT_NAME>.byodportal.com OR
https://<YOUR_ACCOUNT_NAME>.byodportal.com/manage
This is the address your users will use to login from their devices or desktops to manage their
devices that are currently managed by your MDM.
End User Self-Service Device Management:
https://<YOUR_ACCOUNT_NAME>.byodportal.com/reg
This is the address your users will use to register a new device. This is accessed from the device
they are trying to register.
CNAME Support: If you configured a custom domain name to use with this service (see CNAME
support), your end users will access the service at http://yourdomain for the employee self
service portal and http://yourdomain/reg for device registrations. The admin URL remains the
same as shown above.
Portal Administration – BYODPortal.com (Cloud Service)
Logging In To the Admin Portal
The admin will login to the admin URL (specified in the Accessing the Portal section of this
document). The username is the email address of the admin that was used when they created
the account as well as the password.
Logging In To the Admin Portal For The First Time
Your portal will be disabled until you finish configuring it. When you login for the first time, the
portal will prompt you to finish configuring the items needed in order to enable it.
8 MobileIron Confidential
Section: Portal Status & Reports
In this section you can see the status of your portal as well as run some reports including a 30-
day action/audit log, a Registration trend report over last 12 months, a device breakdown report
from your MDM solution, and a device info CSV export.
Section: Your Account Settings
In this section, you can manage your admin contact information as well as your company display
name. All your custom URL’s will show here as well.
9 MobileIron Confidential
Converting a Trial Portal Account to Your Subscription
You may convert a trial portal to production provided you have the subscriber email address for
your organization. Enter the email address in the Subscriber Email field and a verification
request will be sent to the company subscription contact. Once they verify the request via email
by clicking a link, the portal will be associated with your company account.
Configuring a Custom Domain Name (CNAME)
You may enter a custom domain name to be used with this portal. Requires you setup a CNAME
record for that address to point to CNAME.BYODPORTAL.COM. Leave blank if no custom
domain name will be used. If configured, your end users can use your custom domain to access
the BYODPortal, and the BYODPortal.com domain will be replaced on all end user facing screens
with your custom domain (ie, "To register a new device go to http://companydomain/reg.")
10 MobileIron Confidential
Note: The address bar will redirect to a URL that still shows a byodportal.com address to avoid
SSL certificate warnings.
Section: MobileIron CORE / Connected Cloud Settings
In this section, you specify specifics for your MDM server implementation. This includes your
implementation type (onsite vs. cloud), your MDM URL and API user name and password.
Connectivity will be tested upon saving the configuration.
NOTE: The MDM Account entered MUST HAVE FULL ADMIN AND API rights to your CORE.
Multiple/Conditional VSP/Cor/ Cloud Servers
The Core server entered above is the primary Core/VSP that is used for all end user
authentication and LDAP lookups. You have the ability to configure additional Core
11 MobileIron Confidential
servers and apply logic as to how you want devices spread across the cores by either
round robin, device type (user agent), device ownership, or user LDAP group.
Distribute which Core servers you want devices to enroll to by LDAP Group Name, by
Device User Agent Identifier (ie, entering 'contains' and 'iPad' would match the iPad's
user agent string), user ownership selection, or Random selection. If you choose the
'Migrate' option, the portal will migrate users from that specified Core server by un-
enrolling all of their devices from the server specified to the proper new Core server.
Setting Type and Logic only applies to device enrollment. Self service management
portal will automatically pull all devices for a user across all portals. Rules are run and
matched in the order they are entered. If a condition is not matched, then the default
core will be used to enroll the device. Admin username and password from the default
Core server are used for all additional cores.
Section: Your Portal Preferences
In this section, you can customize your portal experience for your end users.
12 MobileIron Confidential
Enable and Disabling of Mange and Registration Portals
You have the ability to use both the self service management portal and registration portal
(default) or just one. Disabling the Manage Portal will redirect a user to the registration portal.
Disabling the Registration portal will direct the user to the manage portal. Disabling both will
show a disabled message to the end user.
Default Language and Language Detection
BYOD Portal supports 9 languages in both admin and end user portals. Languages supported are
English, Spanish, French, Italian, German, Japanese, Korean, Chinese Simplified, Chinese
Traditional. By default, BYOD Portal will attempt to detect the default language of the end user
device and display the appropriate language. Otherwise, the default Language will be chosen.
If you wish to have everyone view the same language, regardless of the device language they
are accessing from, select the DETECT USER LANGUAGE option to OFF. This will force all users to
the default language selection.
End User Helpdesk Contact Instructions
Enter in your IT helpdesk contact information so that end users can be directed what to do in
case of any issues or questions they run into. This portion supports HTML. Videos can be
embedded providing end users with video tutorials.
13 MobileIron Confidential
Max Number of Devices
Choose the maximum number of devices a user can have registered at any time. If the user is
over that amount, they will be notified during the registration process and asked which devices
they no longer want any more.
Conditional Device Limits
The limit specified above is the default device limit for users. However you can apply
conditional limits based on the LDAP Group membership of a user. If the user doesn't
match any conditions, the default will be enforced.
14 MobileIron Confidential
Set Device Ownership
You may let users choose device ownership during registration, or lock in ownership in advance
for all users registering through the portal.
Allow Users To …
Choose if you want to allow users the ability to view apps, locate their device, unlock, lock,
retire (remove from management and selectively wipe corporate data and apps from the
device) as well as wipe (erase all data and reset) their devices from the End User Device
Management portal. When an item is switched off. That option is no longer visible to the end
user.
Platforms Supported
Toggle ON or OFF what device OS’s you are enabling to enroll via BYODPortal. If you want to be
more specific for each platform, keep the platform selection off and use the WHITELIST feature
below.
Managing Your Device Whitelist
Your device whitelist allows you to control exactly what device types may be granted access to
the BYOD registration portal and ultimately register against your MDM server. You may enter
any user agent identifier to look for. The device whitelist is treated as an OR condition to the
general platforms supported setting above (for example, if you are looking to only allow a
certain Android device, turn off Android support in the feature above and enter your Android
specifics in the Whitelist). To get a device user-agent, use the web
(http://www.zytrax.com/tech/web/mobile_ids.html) or surf your device to
http://whatsmyuseragent.com/ to learn what unique elements of the agent should be used. You
can also be creative for this. For example, if you want only Android 3 devices to register, you can
enter ‘Android 3’ as the identifier. Device white lists support wild cards in definitions (*).
15 MobileIron Confidential
Show Pin
Set this to OFF if you do not want to show the end users a registration PIN during the
registration process (for customers that would rather send the PIN via email to user).
Recommended that this is kept ON. When this setting is set to OFF, the auto configure button is
not shown to the end user, instead a message telling user to check their mailbox for the PIN.
16 MobileIron Confidential
Send Registration Email
Set this to OFF if you do not want to the CORE to send its registration email to the user. This
emai template can be customized in the Event Center of the CORE. Default behavior is ON.
Clientless iOS Registration
Choose if you wish to have your iOS users register without the MDM client. PLEASE NOTE: It is
highly recommended to turn this on for devices that are running iOS7 as MobileIron can simplify
the enrollment process with iOS7 by installing and configuring the MobileIron client remotely
after initial clientless enrollment. Also, the iREG / Web based registration setting on the CORE
must be set to PIN for this feature to work properly.
QR Code Display
On by default, disabling this feature will not show end users a QR code as a means for enrolling
devices on the enrollment screens..
17 MobileIron Confidential
QR Code Login
Enable to allow end users to enroll a device via a QR code from the self service portal. If disabled
the QR code will still display but only direct the device to the reg page and prepopulate
username of user but not authenticate user.
Android Sideload Client
Enable to pull the Android client directly from the MobileIron support site. This feature is useful
when Google Play is not accessible for your end users (ie, Users in China, etc.).
Alternate MI Clients
Enable switch between different white labeled carrier solutions.
Pending Device
If disabled, portal will not check to see if a user has existing pending devices. Recommended to
keep this feature ON to keep the core clean of many pending registrations.
Check Role
By default, the portal will determine if a user has User Portal role applied to them or their AD
group before they are allow to enroll a device. If this feature is off, that check will not occur.
Save Data
Default is ON. If set to OFF, BYOD Portal will not store any user actions (registrations, wipe,
located, etc.) in its database. This will disable the action reports in the Admin portal as well as
the end user will no longer be able to see actions taken against his/her device via their device
history report.
Section: Terms of Service
Enter your company’s end user agreement or BYOD terms here. You can also create a link to
external resources. Can be opened in full screen edit mode. Currently BYOD Portal supports one
ToS per portal. If you wish to incorporate multiple languages, it is recommended to have the
ToS displayed in multiple languages (one after another) with hyperlink anchors to each
language. If you wish to have different ToS entirely, you may create multiple BYOD Portal Cloud
accounts, or you may customize the On Premise BYOD Portal app code.
18 MobileIron Confidential
Conditional Terms of Service (End User Agreement)
The Terms of Service entered above is shown by default to end users enrolling a device. If you
wish to have multiple Terms of Service displayed to users based on LDAP Groups, you can Add
Multiple Terms of Service by clicking the Add / Remove / Manage Additional Terms button.
19 MobileIron Confidential
When added the terms can be edited by clicking on the Terms rule which will expand an HTML
editor for those terms in that rule.
Terms Auto-Pop (optional):
Select this option if you would like the End User Terms of Service to automatically pop up when
the user enters the registration page.
Send Confirmation To (optional):
Enter an email address here that you would like to send End User Agreement or Term
acceptance notifications to. Some companies require a proof of acceptance be sent to an audit
or compliance email folder upon end user acceptance. When enabled the email address
specified will receive an email in the following format with the following information:
The following user has accepted device registration terms and has
attempted to enroll a new device:
Username: username
Display Name: First Last
Email: <email address of user>
Date/Time: Wed Mar 5 15:55:29 UTC 2014
IP Address: 192.168.22.103
Platform: iPad
Employee Owned: False
Further Customizations
Further customizations are available today by bringing the BYODPortal On-Premise. Many
customers have opted to use MobileIron’s Open Code version of BYOD Portal to customize the
portal to fulfill specific business needs and workflow. Visit http://www.byodportal.com for more
information.
20 MobileIron Confidential
Section: Custom Branding / CSS
In this section, you can customize the look and feel of the BYOD Portal for your end users.
Custom Background Color
You may further customer the look of your portal by choosing a custom background color for
the scheme you have selected. You must click the ENABLE check box to have the new color
background take effect.
21 MobileIron Confidential
Custom Icon
You may upload your own logo file up to 400 px wide by 250 px high. The UI will automatically
resize to a 50x50 image to use on all your portal pages to brand in addition to your company
name. If you upload a logo bigger than 50x50 it is recommended that you customize the CSS of
the pages so that it displays correctly. Only JPEG, JPG, PNG, and GIF file types are supported. To
reset to the default BYODPortal icon, click the reset icon link.
Default Icon:
Custom CSS
You may alter the CSS of the Manage and Reg portals any way you like to customize the look and
feel to match other corporate assets more closely. Recommended to test CSS customizations
with browser developer tools (IE, Google Chrome Inspect Element option brings up the CSS
validator/tester in the Google Chrome browsers). Below is an example of a portal customized
via CSS:
22 MobileIron Confidential
Section: Single Sign On Integration via SAML2
You may integrate BYOD Portal with your organization’s preferred authentication source via
SAML2. BYOD Portal has been tested with popular SSO technologies from OKTA, OneLogin,
Ping, SecureAuth, Symplified, MS ADFS, and more. BYOD Portal supports Service Provider
initiated based authentication to your organization’s IDP.
SAML2 integration provides the following benefits:
No username/passwords entered in BYOD Portal systems for enrolling and
managing devices.
Allows seamless integration between your organization’s enterprise apps.
Allows for integrating BYOD Portal easily into your corporate employee portals.
By integrating with leading SSO technologies, BYOD Portal device enrollment
and management can be setup for 2 factor authentication.
23 MobileIron Confidential
When you enable the SAML SSO integration, the manage and reg byod portals will not be
accessible if you have misconfigured any of the settings. The admin interface will always remain
accessible.
BYODPortal.com accounts will have a custom Consumer/Target URL supplied in their SAML
form. This is unique to each customer. This does not apply to the onpremise BYOD Portal open
code product.
To configure SSO SAML integration, you will need to obtain your IDP login URL, SSO logout URL,
IDP x.509 certificate (in text format, with BEGIN/END CERTIFICATE TAGS, and publically signed),
as well as obtain which attribute will contain the username of the user to login to BYOD Portal
with (typically usernames are past in the NameID of the assertion).
24 MobileIron Confidential
You will need to provide to your security administrators the BYOD Portal Application Name, the
Consumer/App Url, and in some cases, alert them that BYOD Portal is requesting an “unspecified
NameID format” in its configuration.
If an error occurs, the integration will show the text of the assertion for troubleshooting
purposes. A common error is an invalid timestamp error. There is a Time Offset setting where
you can alter the BYOD Portal clock to match that of your IDP to avoid this error.
Please note: Each BYODPortal.com account has a unique Consumer URL and in many cases the
URL contains trailing characters (IE: ..). Be sure to utilize the whole URL including trailing
characters.
Section: Integrations
In this section, you can enable the packaged third party application integrations that BYOD
Portal Supports.
ServiceNOW Integration
BYODPortal can integrate with your company's ServiceNOW Service Catalog allowing your end
users to manage and enroll their devices (with manager authorization)directly from ServicNOW.
This feature requires that the MobileIron/BYODPortal Update Set be purchased and applied to
your ServiceNOW Cloud instance. The update set can be purchased from your authorized
MobileIron sales representative.
25 MobileIron Confidential
To enable the integration once its purchased, select ON and set your ServiceNOW Secret word.
This secret is used in ServiceNOW to authenticate between the portals via SSO.
Please note: The manage and registration portals will still be accessible via BYOD Portal by
default. To only allow access via ServiceNow, you must disable the portal in the portal
preferences section (See disabling Manage and Registration portals).
See ServcieNow Integration section below for information on how to install and configure the
Update Set as well as more information on how to use the integration.
Blackberry Migration Integration (Beta)
If enabled, this workflow will do the following:
Contact your BES Server to verify if a user does or does not have existing Blackberry
devices connected to a BES Server.
In the case the user does, the user is prompted that if they continue registering their iOS
or Android device that their Blackberry will be deactivated automatically.
When the user continues, the workflow removes the user accounts from the BES,
deactivating and selectively wiping the Blackberry device.
Please Note: This migration workflow is for Blackberry 5.04 only at this time. If using the
migration tool on premise you will need to make sure that the PHP-SOAP php library is installed
on your server.
End User Usage – Registering a Device The registration portal is designed to be accessed by the device that intends to be registered. User
should access via the original default browser on the device. Each page has a timeout of 2 minutes for
security reasons.
Accessing With an Unsupported Device
When your device hits the portal, and if the whitelist option is enabled, a device check takes
place and will either show you the login screen or an unsupported device error screen. Below is
the error screen.
26 MobileIron Confidential
Clicking on the Supported Devices button will show the user what devices are currently
supported by the portal. See following screenshot.
27 MobileIron Confidential
Registration Screen
With a valid device, you will be greeted by the Registration screen customized depending on
what device type you have (iPhone, iPad, Android, etc.). User enters their enterprise
username/password for LDAP authentication. Currently the portal is configured for single
domain registration, but can be customized to allow multiple domain logins. The screen also
contains language around accepting the company’s terms of service with links to the terms. This
screen can also be accessed via the Add A Device tab in the manage portal. If accessed from the
manage portal, the user will automatically be authenticated into the reg portal.
28 MobileIron Confidential
Terms of Service Acknowledgment
The Terms of Service displays via pop-up on the device
29 MobileIron Confidential
Final Registration Steps
The final registration page shows the user the Passcode they need to finish the registration
through the MobileIron client app. The passcode is also emailed to the user. The user then
clicks the link to launch the respective app store to install the MobileIron client.
30 MobileIron Confidential
User will then be greeted with the Congratulations page in the browser after installing the MI
client or immediately in the case of a clientless iOS registration (in which the device will be
prompted to install an MDM profile on the Apple device).
On Android devices, starting with the MobileIron 5.9 Mobile@Work client, Android users have
the ability to auto-configure the MobileIron client. Pin and Core address are displayed when
show Pin is enabled.
31 MobileIron Confidential
32 MobileIron Confidential
Pending Registrations
If a user has Registrations Pending the portal will not allow them to register a new device until
the previous registrations are complete, or the user retires/purges the pending registrations.
Too Many Devices (Limiting Number of Devices per user)
If a user has exceeded the max number of devices they may have actively registered, the
following error message will show telling the user how many too many they have and what the
limit is. If enabled in the config, a user can then retire devices until they are under the max
device threshold.
33 MobileIron Confidential
Registering via a QR Code
BYOD Portal allows user to begin the registration process by scanning a QR Code on the Add A
Device page in the self service portal. The QR code can either just direct the device to the
registration page, or automatically authenticate the user/device through into the registration
portal with no password prompt. This is optional but defaulted to enabled.
View a demo of QR enrollment at
http://www.youtube.com/watch?v=XD7c7qZjQP4&feature=share&list=UUwoBm2D8daoHrFpnI
0rUcEQ
BYO.ME
BYOD Portal provides a quick URL for users trying to quickly install and locate the MobileIron
MyPhone@Work client rather than typing in any complex URL’s or searching by name on the
app store. Users can point their device to http://byo.me to quickly get pointed to the MI client
on the appropriate app store. Desktop users can be linked to the web based app stores by going
to http://byo.me/i for iOS and http://byo.me/a for android. The URL’s can replace the long
URL’s used in the email templates on the MobileIron core server.
34 MobileIron Confidential
End User Usage – Managing Your Own Devices
Logging In To the Portal
User your enterprise or MI server credentials to log into the portal to view your managed
devices. Format will automatically adjust depending if you are accessing from a desktop, tablet,
or phone.
The Device Management Screen
The device management screen displays all devices registered with the Mobile Device
Management service and shows device type, status, and functions such as locate, lock, wake,
unlock, wipe, and remove from management (retire/corporate data wipe).
35 MobileIron Confidential
Understanding Status
If your device is in compliance, it will show a checkmark. Otherwise an alert icon will display.
Hovering over the icon will display the reason the device is out of compliance.
Device Details
The device details pop up will show information such as the wireless carrier, MAC, serial number
and much more.
36 MobileIron Confidential
Viewing Your Apps and Finding Out of Compliance Apps
Clicking the Apps button will display all apps on the user device and highlights app out of
compliance.
Locating A Device
Click the locate icon to popup a map and pin of the last known location of your device. Please
note that at this time BYODPortal.com customers uses Google mapping technology while BYOD
Portal Onpremise uses Mapquest for licensing reasons. Time is displayed in UTC.
37 MobileIron Confidential
Sending an SMS and/or Push Notification Message To A Device
Clicking the Message Device icon will show an input screen where end user may send a message
to their device. This is helpful in finding a device in close quarters, or in case of lost device,
sending a message to someone that may have picked up the device.
Locking and Unlocking a Device
Locking a device will send the device to a lock state where user will have to enter in PIN to gain
access to the device again (if PIN/Password is set on device). When unlocking a device
behaviors are different in each platform. In case of iOS, the password/pin will be cleared and the
user will be prompted to enter in a new one. In case of Android, depending on device, the
device may simply unlock or a temporary password maybe set. The temporary password is
shown on the BYOD Portal screen for the user to reference.
38 MobileIron Confidential
Retiring/Removing a Device
When the Remove button is selected, the device is retired from the MobileIron Core. All
corporate apps, configs, and data are removed from device. Personal data is left behind.
Wiping a Device
Resets device and removes all user data from device, including personal data.
Checking In a Device
A device may be forced to check to report location, new status, details and compliance data as
well as pull new policies and configurations from the MobileIron Core. It may take up to 5
minutes for a device to check in.
Audit Log
A user can view actions taken against his/her device in the last 30 days.
39 MobileIron Confidential
Multi-User / Shared Device Scenarios There are use cases where your users share a device and a device has multiple users logging in and out t
throughout the day (tablets in retail settings or healthcare settings). MobileIron’s CORE now supports
this use case directly. The BYODPortal.com Login&Out App is no longer supported.
Customizing BYODPortal Workflow or Adding Your Own Logic If you require the ability to further customize BYODPortal or would like to use BYODPortal as the
basis/platform on which to build your own in-house mobile device self-service portal, please visit
http://www.byodportal.com for more information on installing the BYODPortal web app on-premise.
Installation and customization services are also available.
Embedding the BYOD Portal In Your Website BYOD Portal can be integrated into your existing company portal via an iframe or frame with basic
unbranded styling optimized for anchoring into another existing portal. All that is needed is to include
the service_view=embed query string at the end of your portal URL. It is recommended to use this
integration in conjunction with a Single Sign On technology.
For example: http://byodportal.com/manage/a=youraccount&service_view=embed
Running the BYOD Portal Update Set for ServiceNow BYOD Portal cloud (Byodportal.com) or On-Premise can integrate with ServiceNow’s Service Catalog via
MobileIron’s BYOD Portal Update Set for ServiceNow. For more information, contact your MobileIron
40 MobileIron Confidential
sales representative. Please see installation instructions that come with the Update Set download for
install help. The solution is certified on ServiceNow versions Berlin to Dublin.
Downloading the Update Set for ServiceNow
For BYODPortal.com Customers:
Your portal should have the ServiceNow Integration section enabled in the Integrations section of
the admin portal. Here you can download the update set.
For Onpremise BYOD Portal Customers:
Your organization should have received an email with download credentials. The download site is
located at https://www.byodportal.com/download.
Installing the Update Set for ServiceNow
As with any customization you install on your system, you’ll want to thoroughly test the MobileIron
BYOD update set in your development environment before committing it to your production
environment.
Please Note: The Update Set will create the proper Service Catalog categories, but will not display
them in your service catalog by default. You must add the newly created items to your catalog page.
Extract the downloaded update set.
41 MobileIron Confidential
Log in to the ServiceNow instance where you plan on installing the update set. Make sure that
you log in as a user with admin rights.
Navigate to ‘System Update Sets -> Retrieved Update Sets’ in your Service-now instance and
click the ‘Import Update Set from XML’ link at the bottom of the list
Browse to the update set XML file that you extracted in step 1 and click the ‘Upload’ button. The
upload must be an XML file.
Once the update set has been uploaded, open the ‘Retrieved Update Set’ record and click the
‘Preview Update Set’ button. Let the preview finish and then review the information or return to
the update set.
Once the update set has been previewed go back to the update set record (System Update Sets -
> Retrieved Update Sets’) open it and click the ‘Commit Update Set’ button. This process may
42 MobileIron Confidential
take a while depending on the size of the update set you are committing. Once the process is
finished, you will see a confirmation message as shown below.
Your update set is ready to use! You may need to refresh your browser to see the new
Integration – BYODPortal application. Please Note: The Update Set will create the proper
Service Catalog categories, but will not display them in your service catalog by default. You
must add the newly created items to your catalog page.
Configuring the Update Set for ServiceNow
Access the BYOD Portal Update Set Properties in the Update Set Integration menu. Only enable Debug
Logging for troubleshooting.
43 MobileIron Confidential
For BYODPortal.com Customers:
Properties: Only fields that need to be configured are the byod portal account name (where account
name would mycompany if your byodportal address is mycompany.byodportal.com) and the shared
secret. The URL to the API does not need to be edited. By default the integration uses the
user_name field from the ServiceNow user table to interact with the MobileIron CORE. If another
field is needed, you may change to the necessary field name here.
Scheduled Import: It is recommended that have the scheduled import run atleast every 24 hours.
Edit the scheduled import to your preference. During the import, data such as Terms of Service,
Device Whitelist, Ownership preferences are imported into ServiceNow. The import will also be
used in the near future to populate ServiceNow Assets and CI’s.
For Onpremise BYOD Portal Customers:
Properties: Fields to be configured are the URL to BYOD Portal (set this to your BYOD Portal site
address appended by /api) and the shared secret. The account name needs to be set as
“userportal”. By default the integration uses the user_name field from the ServiceNow user table to
interact with the MobileIron CORE. If another field is needed, you may change to the necessary field
name here.
Scheduled Import: You must change It is recommended that have the scheduled import run atleast
every 24 hours. Edit the scheduled import to your preference. During the import, data such as
Terms of Service, Device Whitelist, Ownership preferences are imported into ServiceNow. The
import will also be used in the near future to populate ServiceNow Assets and CI’s.
44 MobileIron Confidential
REST Messages: You must edit the EnrollDevice and Getlist Rest endpoints to point to your BYOD
Portal server address, appended with ‘/api.’ Example: https://mybyodportal/api
Configuring BYOD Portal In the ServiceNow Integrations section of the admin portal (or setup.php for Onpremise deployments)
you must first enable SeviceNow integration by setting the config to ON. Next enter a secret in the
ServiceNow secret input box. Please make sure that the secret is the same in both the Update Set
properties in ServiceNow and in BYOD Portal.
Once configured and functioning, you may wish to only allow end users the ability to enroll and manage
devices through ServiceNow. To do this, you may disable access to the Manage and Registration portals
by disabling those portals in your BYOD Portal configuration.
Using the BYOD Portal Update Set for ServiceNow The BYOD Portal Integration can be accessed by end users through the ServiceNow Service Catalog.
Managing Devices
User launches into their own device management screen from the Service Catalog under BYOD
Services.
45 MobileIron Confidential
User can view details of all enrolled devices including, compliance status, location, battery, apps,
and much more. Users also have ability to perform basic management functions such as locating a
device, locking/unlocking a device, and fully wiping (factory reset) or selectively wiping (removing
device from management and removing corporate data/apps/access from device).
46 MobileIron Confidential
Enrolling A New Device
Users login and then begin to enroll their mobile devices via the company’s ServiceNow Service
Catalog.
47 MobileIron Confidential
User views and accepts terms of service pop-up then chooses from list of approved devices (both
terms and devices pulled from BYODPortal)
48 MobileIron Confidential
If the enrolling user has a manager, the manager approves or denies the request via ServiceNow
approval workflow.
49 MobileIron Confidential
MobileIron/BYODPortal validates that user meets enrollment requirements (ie, user limited to X
number devices, has no other pending enrollments, etc.)
User presented and emailed a URL and one time use pin to finish the enrollment process.
Corporate configs, email, apps, etc. are deployed to the device.
50 MobileIron Confidential
Running BYODPortal On-Premise BYODPortal can be installed as an on-premise web application. If you would like more information,
please contact your MobileIron Sales Representative.
This solution runs on top of any Apache/PHP server. If you are unfamiliar with setting up a server to run
Apache/PHP, a detailed deployment guide for this solution is available at https://mobileiron-
support.force.com/customer/articles/MI_Article/BYOD-Portal-Deployment-
Guide?startURL=/articles/MI_Article/BYOD-Portal-Deployment-Guide
System Requirements To install BYOD Portal On-Premise, you need a physical or virtual server to satisfy the following
requirements:
Server OS and Software Requirements
Developed on Centos 6 Linux (recommended), but will run on any Linux server that satisfies
the below requirements.
Apache 2
PHP 5.3 – 5.4 (Note: PHP 5.5 Is NOT supported at this time.)
o php5-mcrypt
o php5-curl
o php-xml
sendmail or postfix
MYSQL Server
Server Hardware Requirements
1 x 2Ghz CPU
4GB RAM
4GB Hard Disk
Installation 1) First unzip the contents of the distribution by placing the ZIP in your target directory and
running the "unzip <filename>" command. BYODPortal can be run in the root web directory or a
subdirectory on your server. If run in a subdirectory, be sure to have the Apache configuration
point to the correct subdirectory.
2) Change permissions to the common/config.php file to writable. (i.e. CHMOD 666
common/config.php) If the file is not writeable, then the rest of the setup will fail. Also make
sure the /imagesdirectory directory is writable as well.
51 MobileIron Confidential
3) Open install/index.php web page in your browser to launch the setup wizard. The wizard will
check that the system satisfies all requirements to run the portal
4) The wizard will walk through populating your MYSQL database with necessary tables and create
an administrator account for the portal as well. NOTE: You must have the empty MYSQL
database created before running the wizard. You will be asked for the DB name on the server as
well as the DB username and password during the setup.
5) Once created, access the admin portal to configure your portal at https://<server>/admin
6) Verify you have a CORE account with Admin and API roles.
7) To scale across multiple servers behind a load balancer, it is recommended to run the MYSQL
server on a dedicated server, and then clone multiple portal front end servers.
8) For best performance, we recommend that a PHP accelerator such as PHP Express or Zend
optimizer be run for high scale environments. (optional)
9) Product help is available by contacting MobileIron technical support.
10) It’s recommended that the app be run as an HTTPS based web application to protect user data.
11) ServiceNOW integration requires that the BYOD Portal Update Set for ServiceNow be installed in
your ServiceNow instance. Integration will not work if your byod portal server is not setup with a
valid SSL certificate.
52 MobileIron Confidential
Portal Administration (On-Premise)
Setup and Preferences
The BYOD Portal On-Premise Application (non cloud) provides the same exact admin portal as
the cloud service. The only difference is that there are no CNAME configuration settings.
Custom Workflow and Code Changes
BYOD Portal On-Premise is offered as an open code application, meaning you can alter the code
as you see fit. It is recommended to keep track of any code changes as this will affect how you
will handle future upgrades.
Upgrading The On-Premise Code
Customers will receive a notice when a new version is available. The updated version can be
downloaded directly from BYODPortal.com with the credentials provided to you at time of
purchase.
53 MobileIron Confidential
Release Notes
2017.01.10 Service Update
Fixes Description
Fix PHP Mailer Library Update
Updated third party component in BYOD Portal to address security issues found in older PHP Mailer versions.
Fix Registration Problems After Upgrading To Core 9.2
LDAP based configurations not working after upgrading to Core 9.2.
Fix Conditional Limits Not Working
In certain circumstances, conditional limits are not being enforced.
Fix Windows 10 Anniversary Edition Fix
Windows Mobile 10 Anniversary Edition registration instructions were incorrect.
Fix Security Updates
Various security updates to application and infrastructure.
2016.07.28 Service Update
Fixes Description
Fix Security Updates
Various security updates to application and infrastructure.
Fix On-Premise Installer Update
Updated and consolidated SQL in On-Premise Installer
Fix Windows 10 Devices Not Enrolling Successfully
Some Windows 10 devices were not enrolling successfully in BYOD Portal.
54 MobileIron Confidential
Fix Windows 10 Devices Not Showing In Manage Portal
Win10 devices were not displaying in the self service portal.
Fix Windows 10 Functions Removed
Self service functions not available to Windows 10 devices were removed from display in self service portal for Windows 10 devices.
Fix Apps Not Displaying In Self Service Portal
Device applications were not displayed when viewing a device application inventory.
Fix Android Client Auto configuration Not Working
Updates made to Android Mobile@Work client and to BYODPortal to accommodate the auto configuration feature.
Fix iReg Error Explanation
iReg Error now displays the following error: " Core not configured correctly. Pease contact your administrator and ask them to set iOS Web Based Registration Requirement to Registration PIN under the Device Registration System Settings."
2016.03.09 Fix Notes
Fixes Description
Fix Windows 10 Support
Portal now accurately detects Windows 10 Mobile and PC devices.
Fix Windows Enrollment Messaging
On device enrollment messages now matche exact messages used on Core with explicit
instructions on enrolling Windows 10 vs 8.1 vs 8 vs 7 devices.
Fix ServiceNOW Support for Windows Phone devices
The correct URL is now shown through ServiceNOW for Windows enrollments. Messages now
match exact messages used in Core instructions.
Fix Core 9.x Support
55 MobileIron Confidential
Updated to support upcoming MI Core releases.
Fix Whitelist False Positives
Fixed an issue where in some cases devices were getting by the Whitelist control.
Fix Android Client MIRP URL
Updated MIRP URL used in Android registrations for launching the MI Client from BYOD Portal
during enrollment.
Fix Security Updates
Code updates to address and potential security concerns.
Fix Conditional Limits via LDAP
Fixed issue that only allowed users to enroll one less device than specified when restriction set
by LDAP rule.
Fix Updated Documentation
Documentation Updated.
Fix On-prem Installer Update
Installer updated to support latest DB requirements of BYOD Portal.
Feature Disable Auditing
Administrator can now disable auditing so that there is absolutely no data saved on BYOD
Portal. This includes user actions and registrations. If disabled users cannot see their own
actions in the last 30 days.
2015.05.28 Fix Notes
Fixes Description
Fix Persisted Ownership on Terms Display
Ownership selection persists when terms of service is conditional shown to end user after
login.
56 MobileIron Confidential
Feature Core Selection By Ownership
Registration core can be chosen by end user ownership selection.
Fix Core 8.x Support
Updated to support latest MI Core release.
Fix Clientless Enrollment Fails on Core 8.x When Terms of Service Enabled in Core
Clientless enrollment now works in all Core 8.x configurations.
Fix Uploading Log Fails In On premise Install
Logo was not saving to correct directly in on premise installation.
Fix Background Color not setting when Register Globals is configured OFF in PHP
Register globals is no longer a configuration needed on PHP server to set background color.
Fix Certain Windows Phones detecting as Android
Fixed detection scheme used to determine if a device is a Windows Phone device.
Fix Wrong URL Showing for Windows Phone Enrollments via Service Now
Correct instructions and URL now show properly.
Fix Fixed Issue With Choosing Core By LDAP Group
Fixed issue that affected the ability to choose a core by user LDAP membership.
Fix Conditional Terms of Service Always Converts to Lowercase on Save
Case is properly preserved after Conditional Terms of Service are saved..
Fix Changed Message Clarifying Why Pin Based Registration is Needed for Web Based
Registration
Only we based registration in the core needs to be set to PIN in order to use BYOD Portal. IN-
App registration does not need to be.
57 MobileIron Confidential
12/22/2014C Fix Notes
Fixes Description
Fix QR Code Scanning Showing Portal Disabled
When a user scans a QR code to enroll a device, the resulting page shows that the registration
portal is disabled.
Fix On-Prem Installer Not Supporting ‘$’ in DB Password
When a ‘$’ character is used in the DB password field, the portal will not function appropriately.
12/22/2014B Fix Notes
Fixes Description
Fix Device Details and Status Popups Only Working For First Device On Screen
When a user has multiple devices displayed on the self service portal, only the 1st device details
and status popups function.
12/22/2014 Maintenance Release
Fixes Description
Fix Number of Devices Enrolled Not Accurate
In certain situations, the portal was informing users that they were over their device limit when
they were not.
Fix ServiceNow Enrollment URL Shows Incorrect When ServiceNow Is Configured to Send HTML
Pin was becoming attached to enrollment URL giving users a 404 when they attempted to put
enrollment URL into their phone.
58 MobileIron Confidential
Fix Autodetect of Windows 8 vs 8.1 via ServiceNow Enrollment
Both instructions shown to end user, causing confusion. Portal now auto-detects Windows
Phone version and provides correct instructions to end user.
Fix QR Code Failure Via ServiceNow
In certain situations the QR code was not rendering with the correct URL via ServiceNow
enrollments.
Fix Mixed Case Admin Email Address Would Result In Admin Login Failure
Portal does not allow admin to login when they use mixed case email addresses.
Fix Security Fixes
Multiple security vulnerabilities have been fixed in this release, please see the following
KB article for more details: https://help.mobileiron.com/customer/articles/MI_Article/BYOD-
Portal-Security-Update-December-2014
Known Issues
Occasionally in Chrome there will be JavaScript popups that occur when moving from one Admin Portal tab to another. The fix is to clear browser history/cache and access admin portal again.
Its is not recommended to run SAML support on the VSP/Core admin interface as many features such as looking up a user's ldap group, or displaying of an end user's installed apps will not display when the VSP is setup to use SAML for VSP Admin site authentication.
Password and Android App Admin rights compliance status are not displaying properly in the Manage portal
There is no way to detect if the device is using an in app browser or not on Android when using a QR scanner. (byodportal.com and onpremise)
Onpremise version of BYOD Portal Does not support PHP 5.5 and above. BYOD Portal host server must be configured with PHP 5.3-5.4.
October Fix Release (10/14/2014)
59 MobileIron Confidential
Fixes Description
Fix Password Reset Function Not Sending Emails or Resetting Password
Admins can now reset password.
Fix Conditional Limits Not Being Enforced
Limits were being set to default value rather than conditional.
Fix Some Windows Phone Devices Recognized As Android
Some WP8.1 devices were being detected as Android devices. This has been resolved.
Fix ServiceNOW Update Set Unable to Pull Terms of Service from BYOD Portal
Fix Onpremise Installation Requred Register Globals ON In PHP
Register Globals no longer needed.
Fix Conditional Limit Error Check
Admin portal verifies that conditional limit entered is a number.
Fix Error Messages Corrected in Admin Portal
Error messages showing incorrectly for Conditional Terms and Limits functions.
Fix ServiceNOW Terms of Service Showing Error when TOS had HTML elements that contained an ampersand
2014.08.29
Feature Description Product
Feature Unified Code Base
Both BYODPortal.com and Onpremise versions now use the same unified code base providing feature parity between the two.
Cloud and Onprem
Feature MYSQL Requirement
BYOD Portal Onpremise now requires a MYSQL Database Server
Onprem
60 MobileIron Confidential
Feature Description Product
Feature New Installer
BYOD Portal Onpremise now features a full installer that tests server for necessary requirements as well as builds database and creates admin account.
Onprem
Feature New Admin Interface
Onpremise install now uses the same Admin portal interface as the BYOD Portal cloud product.
Onprem
Feature Multiple/Conditional Core Support
Portal now supports multiple VSP/Cores/Connected Cloud servers. Manage portal will pull from all specified servers while during registration, servers can be chosen via user LDAP group, device type, or at random.
Cloud and Onprem
Feature Multiple/Conditional Terms of Service
Portal now supports multiple Terms of Service. Terms of Service can be conditionally shown to users based on their LDAP Group memberships.
Cloud and Onprem
Feature Conditional Device Limit
Number of devices can be limited based on user’s LDAP Group membership.
Cloud and Onprem
Feature Disable Terms of Service
Ability to not display a terms of service during enrollment is now supported.
Cloud and Onprem
Feature Embedded Portal / iFrame Support
BYOD Portal can now be embedded with no styling in a company portal via iFrame by adding the embed keyword in the URL. Admin portal shows the embed code for the BYOD Portal instance in the integrations section.
Cloud and Onprem
Feature New functions added to Onpremise Code
Functions to lookup a user's LDAP group, choose a user's core server, and more have been added to the open code of BYOD Portal.
Onprem
61 MobileIron Confidential
Feature Description Product
Feature Migration from One VSP/Core to another
Portal now supports workflow of helping to migrate users from one core/connected cloud server to another core server or connected cloud server by specifying core servers that users will be migrating from. Workflow then assists user in retiring devices from old servers and enrolling into new servers.
Cloud and Onprem
Feature Implemented New Device Detection Library
New Library helps detect device OS, Type (Tablet vs Phone vs Computer), and Makes and Models of devices.
Cloud and Onprem
Feature Disable Send Message To Device
Admins can now disable the end user's ability to send Push Notifications or SMS messages to their devices.
Cloud and Onprem
Feature Windows Phone 8.1 End User Features Added
Locate, Lock and Checkin options added to WP8.1 Self Service Support.
Cloud and Onprem
Fixes Description Product
Fix VSP Sends Registration Email via ServiceNOW when Send Email Option is Off
ServiceNow Integration now obeys the Send Email option.
Cloud and Onprem
Fix Last Connected Shows Previous Phones Data
This occurred when no last connected data was available for a device.
Cloud and Onprem
Fix Add Device button disabled when Reg portal is disabled
The add device button is removed from view when admin disables the enrollment portal.
Cloud and Onprem
Fix Removal of Location and Export admin reports/buttons
The Location Report and Device CSV export has been removed as that data should be reported on from the VSP/Core itself.
Cloud and Onprem
Fix Show PIN not enforced with WinPhone enrollments Cloud and Onprem
62 MobileIron Confidential
Feature Description Product
When Show Pin was set to OFF, PIN was still displayed to users enrolling WP8 devices.
Fix PIN Showing as Part of registration URL in ServiceNOW
PIN was truncated into the URL which was causing email clients to add PIN to the end of the enrollment URL.
Cloud and Onprem
Fix Core URL Not Showing in Android Enrollments via ServiceNOW
BYOD.ME url was being shown but the CORE URL was not to end users.
Cloud and Onprem
Fix ServiceNOW Secret Now Hidden From View
Previously was in plain text in a form field. Now it resides in a password field.
Cloud and Onprem
Fix Self Service Portal Limited to 6 Devices
Now all of a user's devices (unlimited) are shown on screen.
Cloud and Onprem
Fix Style updated in Manage and Reg portals
One single Style now in use that is completely responsive depending on device type.
Cloud and Onprem
Known Issues Product
Occasionally in Chrome there will be JavaScript popups that occur when moving from one Admin Portal tab to another. The fix is to clear browser history/cache and access admin portal again.
Cloud
Its is not recommended to run SAML support on the VSP/Core admin interface as many features such as looking up a user's ldap group, or displaying of an end user's installed apps will not display when the VSP is setup to use SAML for VSP Admin site authentication.
Cloud and Onprem
Password and Android App Admin rights compliance status are not displaying properly in the Manage portal
Cloud and Onprem
There is no way to detect if the device is using an in app browser or not on Android when using a QR scanner. (byodportal.com and onpremise)
Cloud and Onprem
63 MobileIron Confidential
Known Issues Product
Admin portal page wraps when display is less than 1000 pixels wide. Cloud and Onprem
When uploading a new custom logo it can take up to 15 minutes for the logo to be visible by everyone via the Internet.
Cloud
ServiceNow enrollment does not currently support side loading of Android client. Enrollment must be done via Google Play.
Cloud and Onprem
ServiceNow QR Support does not verify if the QR reader is using Safari or an inapp browser during clientless enrollment on iOS devices. iOS clientless enrollment will only work with QR readers that use the native safari browser, not an inapp browser.
Cloud and Onprem
2014.07.18
Feature Description Product
Feature New Self Service Interface
New self service interface to align with other MobileIron interfaces.
Cloud and Onprem
Feature ServiceNow Dublin Certification
Product now certified on latest ServiceNOW release.
Cloud and Onprem
Feature Unlimited Device Setting
Ability to not limit user device count.
Cloud and Onprem
Feature Session Remains Intact After Clearing Pending Registrations
Users no longer have to re-login after clearing pending registrations.
Cloud and Onprem
Feature Disable/Enable Pending Device Check
If disabled, users will be able to enroll new devices, regardless if they have existing pending registrations or not.
Cloud and Onprem
64 MobileIron Confidential
Feature Description Product
Feature Windows 8.1 Device Pin Support
Workflow now supports Windows 8.1 Devices
Cloud and Onprem
Feature Disable QR Code
Ability to stop QR code from showing on enrollment screens.
Cloud and Onprem
Feature Disable Android Auto Configure Button
When show pin setting is set to OFF, the auto-configure button will now not show.
Cloud and Onprem
Feature Support of QR Codes in ServiceNow Cloud and Onprem
Feature ServiceNOW support for clientless iOS enrollment Cloud and Onprem
Feature Use of much smallerURL when enrolling via ServiceNOW Cloud and Onprem
Feature http://BYO.ME url for installing client BYOD Portal provides a quick URL for users trying to quickly install and locate the MobileIron MyPhone@Work client rather than typing in any complex URL’s or searching by name on the app store. Users can point their device to http://byo.me to quickly get pointed to the MI client on the appropriate app store. Desktop users can be linked to the web based app stores by going to http://byo.me/i for iOS and http://byo.me/a for android.
Cloud and Onprem
Feature Autosize of Logo Upload
Currently logo must be 50x50 in size. This feature will autosize the logo to fit by CSS but allow for the uploading or larger resolution logo files up to 400x250. Onpremise version has the stylesheet update only.
Cloud and Onprem
Feature Variable Domain Names for Byodportal.com
For carrier partners who need to run the portal under a different URL.
Cloud Only
Feature Push Notification to Device Cloud and Onprem
65 MobileIron Confidential
Feature Description Product
Allow user to send a device a custom push notification message.
Feature Whitelist support for Wildcards
Admin may enter a white list entry such as iPad*3 which would white list all iPad's running ios3 for example.
Cloud and Onprem
Fixes Description Product
Fix Invalid State Error showing when users logging in with Email address
State corrupted when a user logs in with an email address and the LDAP username is not the email address.
Cloud and Onprem
Fix Role Check Failing on CORE 6.x
In some cases Role checks were failing on CORE 6.x. Using new role check api call and workflow to validate role check finding is accurate.
Cloud and Onprem
Fix UI Not Loading when SAML enabled and CSS is customized
Not being redirected to IDP when CSS is customized and SAML enabled.
Cloud and Onprem
Fix Battery Showing 0% for iOS Cloud and Onprem
Fix Fix supported devices popup.
Fixed spelling and format of supported devices screen.
Cloud and Onprem
Fix Self Service Refresh Button redirecting to BYODPortal.com home page if session is timed out.
Cloud and Onprem
Fix Number of devices in manage portal limited to 5
Limit on screen is now 10 devices. Will paginate in future release.
Cloud and Onprem
66 MobileIron Confidential
Known Issues Product
Occasionally in Chrome there will be javascript popups that occur when moving from one Admin Portal tab to another. The fix is to clear browser history/cache and access admin portal again.
Cloud
Some features such as displaying of an end user's installed apps will not display when the CORE is setup to use SAML for CORE Admin site authentication.
Cloud and Onprem
Password and Android App Admin rights compliance status are not displaying properly in the Manage portal
Cloud and Onprem
There is no way to detect if the device is using an in app browser or not on Android when using a QR scanner. (byodportal.com and onpremise)
Cloud and Onprem
Admin portal page wraps when display is less than 1000 pixels wide. Cloud
Previous onpremise versions will not work with CORE 6.x and above when registering new devices using Onpremise version 2014.04.29 and prior. There is a fix available but it is recommended to update the onpremise code to the latest release to account for the updates and new features in the latest CORE versions.
Onprem
When uploading a new custom logo it can take up to 15 minutes for the logo to be visible by everyone via the Internet.
Cloud
ServiceNow enrollment does not currently support side loading of Android client.
Enrollment must be done via Google Play.
Cloud and Onprem
2014.06.06
Feature/Fix Description Product Status
Feature CORE Version Detection
Portal will detect version of CORE to determine API call
compatibility. New function created.
Cloud and
Onprem
Complete
67 MobileIron Confidential
Feature/Fix Description Product Status
Feature More Information In User Terms Acceptance
Acknowledgement
Added device information and owner information in the
acknowledgement.
Cloud and
Onprem
Complete
Fix ServiceNow format is lost after a retire/wipe via
ServiceNow
After screen refresh in ServiceNow, CSS is lost and shows
default portal interface, including the Add A Device tab.
Cloud and
Onprem
Complete
Feature Client selection support for Vodafone and DT
Added ability to choose between default MobileIron
branded client or Vodafone or DT branded clients. (For
Vodafone and DT customers only)
Cloud and
Onprem
Complete
Feature Add Device Name for iOS To Device Tab
This will help distinguish between WIFI only devices. iOS
devices only as Android does not offer device names.
Cloud and
Onprem
Complete
Feature Add Carrier Information To Device Details
Show carrier Information in device details pop up in
management portal.
Cloud and
Onprem
Complete
Fix Prepopulate SSO Fields In Onprem Setup Utility
Pre-populating with example data to help aide in
configuration.
Onprem Complete
Feature Blackberry Migration Workflow
New workflow option to query BES to learn if user has
BES attached devices and prompt user to delete those
Cloud and
Onprem
Complete
68 MobileIron Confidential
Feature/Fix Description Product Status
devices via the portal before they are allowed to enroll
new device.
Fix Show Accurate Roaming Status In Manage Portal
Show accurate international roamin status in portal for
devices w/ home carriers outside the USA.
Cloud and
Onprem
Complete
Feature Updated Onprem Setup Utility UI
UI updated for easier navigation through the setup
utility.
Onprem Complete
Fix Terms warning not showing in Setup Utility
Warning showing admin that they must enter in terms of
service is not detecting correct.y.
Onprem Complete
Fix Errors Not Showing In Admin UI
Some errors such as if a CNAME setup is not done
correctly are not showing in the admin UI.
Cloud Complete
Fix API Call Reduction
Clean up number of calls made to CORE API during the
enrollment process.
Cloud and
Onprem
Complete
Feature Timing Offset for SAML Assertion
Ability to offset the timestamps with the SAML IDP and
BYOD Portal (useful when getting invalid timestamp error
messages)
Cloud and
Onprem
Complete
Fix Failed registrations with CORE 6.x Cloud and
Onprem
Complete
69 MobileIron Confidential
Feature/Fix Description Product Status
In many cases the changes in CORE 6.x was causing
registration failures/errors due to changes in CORE API.
Fix Registration URL and QR Code Shouldn't Show When
Over Limit
Portal now just shows end user error letting them know
they are over device limit.
Cloud and
Onprem
Complete
Fix Account Status Undetermined in Admin portal
Admin portal now shows correct account status for all
account types.
Cloud Complete
Fix HTML Editor Not Working in IE10+
HTML Editor has been updated to latest code base
compatible with all major browser versions.
Cloud Complete
Fix DNS Lookup of CNAMES Failing
In certain cases when DNS return mixed case CNAME
results, the validation was failing. This was fixed as well
as a backup DNS lookup as a secondary check before
showing an error. Additionally DNS lookup is only run
once during initial save.
Cloud Complete
Fix Session Errors Not Showing for Certain Manage Functions
When session is invalid certain functions were not
showing an error rather redirecting user to portal home
page with no message. This has been fixed.
Cloud and
Onprem
Complete
Known Issues Product
70 MobileIron Confidential
Feature/Fix Description Product Status
Occasionally in Chrome there will be javascript popups that occur when moving
from one Admin Portal tab to another. The fix is to clear browser history/cache
and access admin portal again.
Cloud
Some features such as displaying of an end user's installed apps will not display
when the CORE is setup to use SAML for CORE Admin site authentication.
Cloud and
Onprem
Password and Android App Admin rights compliance status are not displaying
properly in the Manage portal
Cloud and
Onprem
There is no way to detect if the device is using an in app browser or not on
Android when using a QR scanner. (byodportal.com and onpremise)
Cloud and
Onprem
Admin portal page wraps when display is less than 1000 pixels wide. Cloud
Previous onpremise versions will not work with CORE 6.x and above when
registering new devices using Onpremise version 2014.04.29 and prior. There is a
fix available but it is recommended to update the onpremise code to the latest
release to account for the updates and new features in the latest CORE versions.
Onprem
2014.02.28 Updates
Terms of Service Acceptance Email now contains end user full display name, email, and platform or device enrolled
and has been reformatted. (byodportal.com and onpremise)
Fixed issue where the Reg Link was not working from the Add Device screen in manage portal in some instances
(onpremise)
Fixed time format compatibility issue with ServiceNow Update Set (byodportal.com and onpremise)
Fixed issue where the Logout URL was not working and/or not logging user out of BYOD Portal when SSO was enabled
(byodportal.com and onpremise)
71 MobileIron Confidential
Added ability for admins to associated existing portal accounts with a company subscription (byodportal.com)
Admin Portal Website has been updated to new UI. (byodportal.com)
Fixed multiple issues with Admin Portal and IE8. (byodportal.com)
Fixed issues with Manage Portal and IE8 and IE9 browsers.(byodportal.com)
ServiceNow documentation moved to user guilde. (byodportal.com and onpremise)
Account Sign Up Process and UI has been updated (byodportal.com)
Admin can now choose to have Android client sideloaded instead of installed from Google Play (Byodportal.com and
onpremise).
Fixed issue with SAML integration where the assertions were not being parsed properly, especially when integrating
with MS ADFS (byodportal.com)
Added auto configuration button for Android client for all android registration types.
Fixed issue where autopop of terms was not occurring (onpremise only)
Fixed issue where CSV whitelist was not restricting device properly. (onpremise only)
Fixed issue where supported devices button was showing devices on the whitelist.csv when whitelist feature was
disable (onpremise only)
Known Issue: When Android client is sideloaded user must first allow for installation of unsigned apps in device
settings.
Known Issue: Password and Android App Admin rights are not displaying properly in the Manage portal
(BYODPortal.com and onpremise).’
Known Issue: There is no way to detect if the device is using an in app browser or not on Android when using a QR
scanner. (byodportal.com and onpremise)
Known Issue: Admin portal page wraps when display is less than 1000 pixels wide. Will be addressed in next release.
2014.01.24 Updates
Fixed issue where when the last tabbed device is retired in the manage portal, screen reloads showing no tab.
(byodportal.com and onpremise)
Fixed possible security vulnerabilities uncovered during security scan including setting cookies to be forced to use
HTTPS as well as a XSS concern with a form variable on the registration portal. (byodportal.com and onpremise)
Site copyright notice, terms of use, and privacy notice updated on byodportal.com.
Fixed issue where Chinese language detection was only detection traditional and not simplified. (byodportal.com and
onpremise)
Added feature that allows an administrator to disable either the Manage or Registration portals while keeping the
other active. (byodportal.com and onpremise)
Terms of service now has a CLOSE button on the button of the modal popup. (byodportal.com and onpremise)
When a user tries using and invalid or expired QR code, a descriptive error now displays. Previously user was just
redirected to portal home page. (byodportal.com and onpremise)
Fixed issue with modal/pop-ups in Manage portal on IE8 and IE9 browsers. (byodportal.com and onpremise)
Fixed issue with default background showing as WHITE on IE8 and IE9 browsers. (byodportal.com and onpremise)
QR Scanning enrollment now detects if a device is trying to enroll with an In Application browser on iOS devices and
displays error if it is. Users are recommended to use a QR scanner that opens URL’s in the default safari browser.
(byodportal.com and onpremise)
QR Scanning enrollment on Android shows the end user a warning telling user to make sure the QR scanner can open
links in the default web browser. KNOWN ISSUE: There is no way to detect if the device is using an in app browser or
not. (byodportal.com and onpremise)
Fixed issue where error was showing when a Company name , help desk contact information, and ServiceNow secret
contained an apostrophe. (byodportal.com and onpremise)
Fixed issue where the register button was overflowing on Safari browsers below the intended surround.
(byodportal.com and onpremise)
Fixed some data handling issues on the Onpremise setup utility script. (onpremise only)
72 MobileIron Confidential
ServiceNow Integration supports ability to disable the registration portal on BYOD Portal to force users to use the
SNOW Service Catalog only. (byodportal.com and onpremise)
Locate maps is now using Google maps API for cloud service. Onpremise still uses Mapquest due to licensing reasons.
(byodportal.com only).
Fixed display issues in the Italian and French language files. (byodportal.com and onpremise)
2013.12.11 Updates
Fixed issue where users logging in by email address were not seeing their devices show in the manage portal. Email is
converted to principal name of user. (onpremise and byodportal.com)
Fixed issue where SAML Logout config was not working when specified in configuration (onpremise only).
Updated SAML Support to fully support SecureAuth and Symplyfied SSO. (onpremise and byodportal.com)
All of UI elements now moved to new Bootstrap version 3 UI framework. (onpremise and byodportal.com)
Add A Device tab in Manage portal now pops open as a model to better display registration instructions. (onpremise
and byodportal.com)
Add A Device tab in Manage portal now displays a QR code for registering a new device. Configuration option allows
for user to get authenticated via QR code or just taken to registration page. (onpremise and byodportal.com)
Responsive UI enhancements to provide a uniform display across all device types. (onpremise and byodportal.com)
Style sheet updates to accommodate for new UI capabilities in Bootstrap 3. (byodportal.com and onpremise)
Fixed issue where manage URL was not showing after an enrollment was completed (onpremise only)
Fixed an issue with detecting Chinese language preference in some browsers (onpremise and byodportal.com)
2013.11.19 Updates
Fixed issue where registration instructions not showing in manage portal when a user has 0 devices registered
(onpremise and byodportal.com)
Fixed issue where CSV whitelist was not functioning correctly when enabled (onpremise only)
Optimized the parsing of the XML returned from the CORE API when displaying devices (onpremise and
byodportal.com)
2013.11.14 Updates
Fixed issue where Send Registration Email setting was not functioning correctly (onpremise only)
Fixed XSS Vulnerability when an unsupported device accesses the portal and is displayed their useragent
(byodportal.com and onpremise)
Fixed issue where alert icon was showing broken for compromised Android devices. (byodportal.com and onpremise)
Fixed sample code that shows to display a custom screen and set an appropriate label based on response. Label was
not setting correctly previously. (onpremise only)
Modified look and style of registration page (byodportal.com and onpremise)
Fixed issue where user’s with a space in their username or are using email address as their username were not having
their devices displayed (byodportal.com and onpremise)
Removed the Dark Template option from product. (byodportal.com and onpremise)
Consolidated mobile and desktop CSS files into common/portal.css. (byodportal.com and onpremise)
Fixed issues with SAML integration. Known issue exists with SecureAuth and Symplified SSO. (byodportal.com and
onpremise)
Changed pop up dialogs to use Bootstrap UI elements (change in popup behavior) (byodportal.com and onpremise)
Manage portal now displays to user the maximum number of devices they are allowed to register. (byodportal.com
and onpremise)
73 MobileIron Confidential
2013.10.21 Updates
Fixed issue related to clientless ios registration with users with apostrophe’s in their usernames (byodportal.com and
onprem)
Fixed issue where roles check was not performing correctly for certain LDAP users in CORE 5.7.x and 5.8. Reverted to
old method of checking roles and populating roles data until the CORE API is fixed. (byodportal.com and onprem)
Increased height of registration screen in desktop*.css stylesheets. (byodportal.com and onprem)
2013.10.09 Updates
Fixed issue related to MacOS not being able to register when iOS Clientless is turn on (byodportal.com and onprem)
Fixed issue where the wrong device ownership is applied when registering via reg portal (onprem only)
Fixed issue where number of devices or pending device block was not being enforced if the username was being returned from AD in mixed case (byodportal.com and onprem)
SAML2 Interface in the admin panel (byodportal.com)
Fixed issue where the status was not showing in manage portal for devices (onprem only)
New Tab View of devices in Manage portal (byodportal.com and onprem)
Single Sign On support between Manage and Reg portals(byodportal.com and onprem)
When a user is over the device limit and tries to register, the user is now directed back to the manage portal to remove the devices they no longer want. (byodportal.com and onprem)
When using SAML, and clientless iOS registration, admins must set the CORE to PIN web based registration (ireg) in the CORE admin portal settings. A new error message will dispay to user if this is not set and registration will stay in a pending state. (byodportal.com and onprem)
Displayed new Help icon and help desk contact information in the manage portal (byodportal.com and onprem)
Code Cleanup where all functions moved to functions library in the onpremise open code (onprem)
Fixed issue preventing ServiceNOW integration form not displaying and registering correctly for some portals
(byodportal.com and onprem)
Altered Italian Language file (byodportal.com and onprem)
Added error capture for when a clientless iOS registration takes place and the ireg portal is not set to pin based reg.
(byodportal.com and onprem)
Added loading spinner to forms to avoid a user clicking the submit button twice. (byodportal.com and onprem)
Added delay in clientless registration congrats page so that users do not get confused if followed by an error.
(byodportal.com and onprem)
Added new items to the language files. (byodportal.com and onprem)
Fixed an issue with the digest system in the ServiceNow integration where digests with a + sign were causing failures.
(byodportal.com and onprem)
Added the EnrollmentServer/Discovery.svc target URL to the confirmation page of Windows 8 devices when
registering against connected cloud CORE’s. See Windows Phone 8 FAQ on MI Support Site for more
information. (byodportal.com and onprem)
Fixed an issue with ServiceNOW integration where only a CORE that is ldap connected will register new devices. Fix
now allows for integration with CORE’s using local users.
2013.09.15 Updates
Updated and fixed the onpremise setup utility to detect if PHP server is configured correctly.
Switched location mapping technology to Mapquest for BYODPortal.com and Onprem code.
Fixed an issue with Winphone devices registering to a Connected Cloud CORE (byodportal and onprem)
Fixed issue where new custom icons where not saving correctly for accounts that already set a custom icon.
Changed terms pop up to not have any opacity mask as it was causing issues in some mobile browsers.
74 MobileIron Confidential
Removed Devices and ActiveSync reports from admin console. Customers should view these reports in their CORE or
Atlas interfaces as those reports are better optimized from those interfaces. (byodportal.com)
Added ability to download audit log in CSV format from admin console (byodportal.com)
Added an actions report that shows trend of end user actions on the portal (byodportal.com)
Updated graphing libraries for admin console for extended browser compatibility including IE8 (IE8 with compatibility
mode enabled is still not supported). Some reports are not visible for IE8 and are hidden from view.
Removed checkin icon for WinPhone devices as that function is not supported on the Core
Changed default behavior of ios registration to clientless to accommodate for auto population of MI client (new
accounts only, will not affect existing accounts)
Fixed issue that added whitespace to custom CSS entries on save from admin panel (byodportal.com)
2013.09.01 Updates
Added SAML 2 libraries for SSO
Fixed Issue with users with apostrophes in their username
Fixed an issue where sometimes the the screen was showing no text when the portal had trouble detecting the
browser language
Fixed an issue where the ServiceNow registration integration was sending Android instructions for iOS devices
Fixed an issue where the ServiceNow registration screen was not showing all registration device options
Fixed an issue in ServiceNow integration where Multi-byte characters were not working correctly via API
Updated input variables in global API
Fixed issues where content not showing in IE7 browsers correctly
Fixed Issue where confirmation text was not showing on certain functions w/ onpremise code.
Fixed issue where registration time/date was not displaying correctly w/ onpremise code
2013.08.18 Updates
Fixed issue where devices not showing for users that entered username with mixed case on login.
Fixed issue where some Android devices were showing as not supported.
Fixed issue where the ownership of a device was improperly changing to corporate if a user was retiring a single
device during the retirement workflow.
Removed Blackberry 10 reference from admin portal
Fixed issue when account is pending activation and no text is being displayed.
2013.08.08 Updates
CSS Customization support. Admins can alter the CSS of the manage and reg portals to change the appearance of BYOD Portal
Localization – support for 9 languages in the admin and end user portals including English, French, Italian, German, Spanish, Chinese Simplified and Traditional, Japanese, Korean.
Language auto detect – portal detects and displays appropriate language for user based on language of device/browser. Detection can be shut off so users are forced to view a default language as well. The default behavior for existing accounts is set to OFF not to change any workflow/appearance that existing customers have in place.
Mac OSX Registration and Self Service Support
Users now have ability to clear existing pending registrations during registration process
Clientless iOS registration fix for CORE’s using a Self Signed Certificate
Ability to disable CORE from sending registration email to end user when they register via BYOD Portal
Sorting of device white list in admin portal by Manufacturer, then Model for easier management of lists
Fix of issue where all devices not correctly showing for complex usernames
Change max number of devices to 10
75 MobileIron Confidential
Adjustment of CSS files to accommodate for language support - users may have to clear browser cache to properly see the new styles correctly.
Changed reference to MI client to Mobile@Work
Fixed issue with WinPhone 8 devices registering with Connected Cloud CORE’s
Autodetect and block non-safari browsers on iOS and Mac OSX devices when registering
Various image and presentation changes.
Display registered on date and formatted text for last checkin
Tested with latest CORE 5.7.x