The ultimate balancing act

In technology, it’s hard to leave the past behind you. Organizations make substantial investments in technology that aren’t easily abandoned: equipment, people, processes, and, of course, time and money. Lots of time and money.

This situation becomes particularly painful when you consider the breathtaking speed with which new technologies, devices, operating systems, and with them, new threats, emerge.

How can organizations strike the balance between preserving the value of their existing technology investments and leveraging emerging technologies safely and securely?

Enter MobileIron. Gartner recognizes us as a leader in their most recent Unified Endpoint Management (UEM) Magic Quadrant based on our “up to date, scalable and proven UEM solution that integrates with a large security ecosystem.”

How does that translate to customer value? It means that working together with our technology ecosystem partners. MobileIron is building bridges from your newest endpoints back to the best practices, policies, and platforms of your current environment.

This blog illustrates three ways that MobileIron is working with our ecosystem partners to help customers bridge their present and emerging technology environments.

MobileIron plus identity providers:
Okta and Microsoft

MobileIron Access secures the use of cloud services on mobile devices by ensuring that only trusted users, on trusted devices, using trusted apps can reach your cloud services.

Many MobileIron customers have already deployed their IdP infrastructure and configured their cloud services to use that IdP. We now offer a new, simpler deployment model for MobileIron Access that allows you to take advantage of your existing IdP solution. MobileIron Access integrates with your IdP to authenticate your mobile traffic and leaves the IdP to manage the desktop authentication.

Using MobileIron plus your IdP provides:

  • Device and application identity (in addition to user identity)
  • Certification-based authorization
  • Native single sign-on (with no changes to your apps)
  • Rich context information for advanced policies

This implementation option is currently available for Okta and Microsoft ADFS.

See our Okta implementation guide online, or log into our support center for more information about how to implement with Microsoft ADFS.

MobileIron plus network access control:
Cisco ISE and Aruba ClearPass

When considering Network Access Control (NAC) in a mobile world, we can start by asking these questions:

  • How many mobile endpoints are on the network? Usually, there are more than expected.
  • What kinds of endpoints are they? In a bring-your-own-device (BYOD) environment, you may find types of endpoints you didn’t know you had.
  • When making a NAC decision, how much information is enough? Do the profiles I have provide enough information to make good access policy decisions?

Historically, NAC systems have relied on information from agent software running on laptops and desktops. Lacking similar visibility for mobile devices, access control decision criteria were limited to user credentials and directory attributes: detailed information about the mobile endpoint was not available. This created inconsistent policy application between traditional network endpoints and mobile devices, exposing organizations to a variety of risks.

By combining the robust endpoint profiling capabilities of solutions such as Cisco ISE or Aruba ClearPass with the comprehensive management capabilities of MobileIron, you can identify mobile devices attempting to access the network and take appropriate actions to ensure that the device posture is acceptable.

Most importantly, key workflows such as device configuration and policy application and enforcement are automated, enabling organizations to embrace the power of mobile computing while simplifying the end user experience and minimizing IT overhead.

For more information, see the resources sections on the Cisco ISE or the Aruba ClearPass pages in the MobileIron Marketplace.

MobileIron plus web security:
Cisco and McAfee

Historically, we’ve had a “choke-point” in the network infrastructure where we could enforce acceptable use policies. However, in the mobile and cloud world, endpoints are by definition outside your enterprise network perimeter, making web security and security operations more complex and challenging than ever.  

To solve these issues, MobileIron has partnered with companies like Cisco and McAfee to bring our rich catalog of mobile endpoint data to established web security solutions.

For example, with our support for Cisco Security Connector on iOS devices 11.3 or newer on managed devices, URL and app traffic can be vetted via Cisco’s Umbrella for url and content filtering, and the Cloud Lock CASB, and Clarity for anti-malware. 

With McAfee Secure Web Gateway, MobileIron offers two deployment options. You can either deploy McAfee’s gateway as a proxy upstream from MobileIron Sentry or use the VPN capability of the device to send the traffic from the device to the gateway.

Finally, we’re delighted to announce that MobileIron is the first UEM to integrate with McAfee’s ePolicy Orchestrator (ePO), McAfee’s tool for applying policies and monitoring for violations across traditional endpoints. ePO is also a part of McAfee’s Data Exchange Layer (DXL) messaging framework, allowing cross-platform communications. 

The new ePO plug-in works with MobileIron Core and allows administrators to select mobile device attributes they want to track, view, and develop policies for, and most importantly, take UEM actions based on the different policies and alerts that take place within ePO.

For more information see the McAfee ePO and Web Gateway pages on MobileIron Marketplace.


To hear more about these topics, you can replay our recent webinar here.  You can also explore our MobileIron Marketplace ( for more information about partners mentioned here as well as other MobileIron technology ecosystem partners.

We want to hear from you! You can reach us at