Showing results for 
Show  only  | Search instead for 
Did you mean: 

MobileIron Configuration Flow for iOS

Prerequisites :

This article assumes your device is already managed with MobileIron.  The enrollment of devices into MobileIron is not part of the scope for this document.

Configuration Steps

Following 3 configurations will need to be created in MobileIron cloud console:

  1. Configure server root CA certificate
  2. Configure Identity Certificate
  3. Create VPN Profile and distribute

Configure server root CA certificate:

Go to Configuration tab, search for Certificate configuration and click on it.

Screenshot (44).png
Enter appropriate name in Name field.
In Configuration Setup field, choose the server root CA certificate from system.

Screenshot (51).png

Click on Next → select in which device certificate to be pushed → click on Done.

For more details on distributing the certificate to a device, refer #3 Step.

Configure Identity Certificate:

Go to Configurations tab, search for Identity Certificate configuration and click on it.

Screenshot (52).png
Give proper name in Name field.
In Configuration Setup field, choose Certificate Distribution as Single File from drop down list.
In Identity Certificate data field choose the device certificate from the machine.
Give the password of the device certificate which was given at the time of creation.
Click on Next → select No Device → click on Done

Screenshot (53).png

Create VPN Profile and distribute :

Go to Configurations tab, search for VPN configuration and click on it.

Screenshot (54).png

Enter all the required fields in the profile configuration.


For example, following are the values used in Dev/QA testing:


Get this information from MVision cloud ->certificate page


Connection Type IKEv2
Local Identifier


(This string is SAN-(Subject Alternate Name) of client certificate)

Remote Identifier

(This string is SAN-(Subject Alternate Name) of server certificate)

Enable EAP true
TLS Minimum Version N/A
TLS Maximum Version N/A
EAP Authentication Certificate
Credential IPsecContainer:ClientCertsIdentityForTest
Dead Peer Detection Rate Medium
Server Certificate Issuer Common Name

VPN Server Root CA

(This string is CN-Common Name of server root certificate)

Server Certificate Common Name

(This string is CN-Common Name of server root certificate)

Use IP4 and IP6 subnets attributes true
Enable IKEv2 Mobility and Multihoming Protocol (MOBIKE) true
Enable Perfect Forward Secrecy (PFS) true
Enable IKEv2 redirect true
Enable NAT keepalive true
NAT keepalive interval 20 second(s)

IKE SA Params


Child SA Params

Encryption Algorithm: AES-256
Encryption Algorithm: SHA2-256
Diffie Hellman Group: 2
Lifetime In Minutes: 1440

Proxy Setup None

Distributing/Pushing the profile: Click on Next, click on Custom or All Devices.

Screenshot (56).png
If it is Custom, select in which mobile configuration to be pushed. 
Click on Done.

Screenshot (57).png

For Force Check-in , go to Devices tab → click on Actions → select Force Check-in.

Screenshot (58).png
This opens a new window with "Force Check-in" button. Click on that button, then the configuration will be pushed immediately.

Screenshot (59).png

Check the status of the configuration Push

To check the pushed configuration status, Go to Devices tab, click on registered device, and check the status of configuration.

Screenshot (60)_LI.jpg

Verify the VPN profile on your device

verify the distributed VPN profile in the IOS device (Settings → VPN):



Labels (1)
Version history
Revision #:
6 of 6
Last update:
‎10-17-2019 02:49 PM
Updated by:

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community