Showing results for 
Show  only  | Search instead for 
Did you mean: 

MobileIron Configuration Flow for iOS

Prerequisites :

This article assumes your device is already managed with MobileIron.  The enrollment of devices into MobileIron is not part of the scope for this document.

Configuration Steps

Following 3 configurations will need to be created in MobileIron cloud console:

  1. Configure server root CA certificate
  2. Configure Identity Certificate
  3. Create VPN Profile and distribute

Configure server root CA certificate:


Go to the Configuration tab, search for Certificate configuration, and click on it.

Screenshot (44).png

Enter the appropriate name in the Name field.
In the Configuration Setup field, choose the server root CA certificate from the system.


Screenshot (51).png

Click on Next → select in which device certificate to be pushed → click on Done.

For more details on distributing the certificate to a device, refer #3 Step.

Configure Mobileiron with SCEP Server


Step1: Configure Certificate Authority

1. Login to Mobileiron
2. Navigate to Admin → CertificateAuthority (on the left-hand pane)→ Add.
3. Select Create a Standalone Certificate Authority → Continue and fill in the CA Certificate details and Click Generate.


You will now be able to see the generated CA Authority as shown above in the image.

Configure Identity Certificate:


Step1: Go to Configurations tab, search for Identity Certificate configuration, and click on it.

Step 2: Configure Identity Certificate Template
1. Navigate to ConfigurationsAddIdentity Certificate.
2. From Configuration, Setup chooses Dynamically Generated.
3. Select Source as the Certificate Authority you created in the previous step, fill in details.
4. Test Configuration and Continue → Select distribution→ Save.



Create VPN Profile and distribute :


Go to the Configurations tab, search for VPN configuration, and click on it.


Enter all the required fields in the profile configuration.


For example, the following are the values used in Dev/QA testing:


Get this information from MVision cloud ->certificate page


Connection Type IKEv2
Local Identifier


(This string is SAN-(Subject Alternate Name) of client certificate)

Remote Identifier

(This string is SAN-(Subject Alternate Name) of server certificate)

Enable EAP true
TLS Minimum Version N/A
TLS Maximum Version N/A
EAP Authentication Certificate
Credential IPsecContainer:ClientCertsIdentityForTest
Dead Peer Detection Rate Medium
Server Certificate Issuer Common Name

VPN Server Root CA

(This string is CN-Common Name of server root certificate)

Server Certificate Common Name

(This string is CN-Common Name of server root certificate)

Use IP4 and IP6 subnets attributes true
Enable IKEv2 Mobility and Multihoming Protocol (MOBIKE) true
Enable Perfect Forward Secrecy (PFS) true
Enable IKEv2 redirect true
Enable NAT keepalive true
NAT keepalive interval 20 second(s)

IKE SA Params


Child SA Params

Encryption Algorithm: AES-256
Encryption Algorithm: SHA2-256
Diffie Hellman Group: 2
Lifetime In Minutes: 1440

Proxy Setup None

Distributing/Pushing the profile: Click on Next, click on Custom or All Devices.

Screenshot (56).png
If it is Custom, select in which mobile configuration to be pushed. 
Click on Done.

Screenshot (57).png

For Force Check-in, go to Devices tab → click on Actions → select Force Check-in.

Screenshot (58).png
This opens a new window with the "Force Check-in" button. Click on that button, then the configuration will be pushed immediately.

Screenshot (59).png

Check the status of the configuration Push


To check the pushed configuration status, Go to Devices tab, click on the registered device, and check the status of configuration.

Screenshot (60)_LI.jpg

Verify the VPN profile on your device


Verify the distributed VPN profile in the IOS device (Settings → VPN):



Labels (1)
Version history
Revision #:
8 of 8
Last update:
‎06-19-2020 09:28 AM
Updated by:

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community