Home
Support
Product Support
Security
Cisco Identity Services Engine
Configuration Guides

Integrate MDM and UEM Servers with Cisco ISE

View all Saved Content

PDF

Is this helpful?

Helpful Unhelpful

Feedback

Thank you for your feedback. Your response has been recorded.

Ask about this document

Cisco Configuration Guide, Release 4.2

Table of contents

Expand all sections

About this document

Integrate UEM and MDM Servers with Cisco ISE

Unified endpoint management in Cisco ISE
MAC address for VPN-connected endpoints

Integrate Cisco Meraki Systems Manager

Cisco Meraki Systems Manager
Set up Cisco Meraki Systems Manager as an MDM or UEM server

Integrate Microsoft Endpoint Manager Intune

Microsoft Intune and Cisco ISE
Configure Microsoft Endpoint Manager Intune
Manage VPN-connected mobile devices with Microsoft Intune
Connect Microsoft Intune to Cisco ISE as a mobile device management server

Integrate Ivanti (previously MobileIron) UEM

Ivanti (previously MobileIron) UEM servers
Set up MobileIron Cloud UEM servers
Set up MobileIron Core UEM servers

Ivanti (previously MobileIron) UEM servers

Updated: February 6, 2026

Want to summarize with AI?

On this page

Overview

Configuration steps in Ivanti
Configuration steps in Cisco ISE

Overview

This section describes how to connect Ivanti UEM servers to Cisco ISE.

MobileIron is now part of Ivanti. At the time of writing, MobileIron continues to offer Unified Endpoint Management (UEM) solutions such as MobileIron Core (On-Premises) and MobileIron Cloud.

Cisco ISE release 3.1 leverages APIs through the BasicAuth framework to connect to MobileIron Core or MobileIron Cloud servers. It receives GUID values from these servers. Cisco ISE uses these GUID values instead of MAC addresses to identify endpoints. This process enables reliable authentication even when MAC Address Randomization is in use.

GUID-based authentication uses client certificates, also called X509 or Identity Certificates. To ensure certificates sent from MobileIron Cloud or MobileIron Core servers to Cisco ISE include GUID values, complete these tasks:

Configuration steps in Ivanti

To use GUID with Cisco ISE, ensure you have MobileIron Core 11.3.0.0 Build 24 or later.

In the MobileIron Cloud or MobileIron Core administrator portal:

Create a user account and assign the required API permissions to it.
Configure a Certificate Authority (CA).
Configure an Identity Certificate to include GUID information.
Upload root certificates or trusted certificates, as required.
Configure a Wi-Fi profile.

Tip

If you have already connected MobileIron Cloud or MobileIron Core servers to your Cisco ISE release 3.1 and want to receive GUIDs from the connected servers, perform steps 3, 4, and 5, as required.

When you edit your existing Identity Certificate or Wi-Fi configurations, or both, MobileIron republishes the updated configurations to your managed devices that are connected.

Although MobileIron does not recommend using self-signed certificates or a local CA, this guide includes the steps for self-signed certificates and a local CA as an example to highlight the Subject and Subject Alternative Name attribute configurations necessary for handling random and changing MAC addresses in Cisco ISE release 3.1.

Configuration steps in Cisco ISE

In Cisco ISE:

Upload the certificate generated in the MobileIron portal.
Connect the MobileIron UEM servers.

Need help?

Open a support case

(Requires a Cisco Service Contract)

Bias-free language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.