Install BigFix MDM Service for Android
Learn how to install BigFix MDM Service for Android through WebUI.
Before you begin
- You must have the necessary certificates and keys. See, BigFix PlugIn and MDM SSL certificates and keys.
- You must have the BigFix Agent running on the MDM Server target.
- You must be a Master Operator to perform this task through WebUI.
About this task
- From the WebUI main page, select .
- On the Modern Client Management page, click .
- On the Admin page, from the left navigation, under MDM Servers, select Install.
- Select Target Device. Click Edit Devices and select an appropriate target to install the MDM server on.
- Server Install Type: For Select OS, select Android.
- Install Parameters:
- Organization Name: Enter a string. While enrolling a device, the organization name entered here displayed to the users along with the rest of the profile information.
- User Facing Hostname: For over the air enrolls, this is the hostname of the server where users can visit to enroll in MDM. For over the air enrolls, this is the hostname of the server where users can visit to enroll in MDM. The value must be a valid URL. For example, mdmserver.deploy.bigfix.com. This is also where some Android Admin configuration takes place. See Enroll to Managed Google Play Accounts enterprise.
- LDAP parameters: This is used for authorization to enroll users for MDM over the
air. This limits enrollment to your MDM server to authorized users only.
Omitting all LDAP parameters disables the need for LDAP authentication to enroll
for MDM.
- Enable LDAP Auth: Select this check box only if you want to enable LDAP
Authentication. Note: For over the air enrollments, select this check box to ensure that the incoming enrollment requests are from authorized users. If LDAP auth is not enabled, any user who has access to the MDM enrollment URL can get enrolled into MDM.
- LDAP URL: Valid format is https://<server>:<port>. For more information on LDAP URL formats, see https://ldap.com/ldap-urls/
- LDAP Base DN: Valid format "dc=example,dc=org"
- LDAP Bind User: The root point to bind to the server. For example, DC=mydomain,DC=mycompany,DC=com. "user@example.org"
- LDAP Bind Password: Enter a string.
- Enable LDAP Auth: Select this check box only if you want to enable LDAP
Authentication.
- TLS Credentials: Enter the details of the MDM Server TLS
certificate and key contents.
- TLS Key Password: Enter a string to set TLS key password.
- TLS Certificate: Click Upload File and browse through the location to select the TLS .crt file.
- TLS Key: Click Upload File and browse through the location to select the TLS .key file.
- MDM Server Authentication Certificate and Key Content: Enter
the details of the MDM Server authentication certificate and key contents.
- For Certificate Authority, click Upload File and browse through the file location to select the ca.cert.pem file.
- For MDM Server Certificate, click Upload File and browse through the file location to select the server.cert.pem file.
- For MDM Server Key, click Upload File and browse through the file location to select the server.key file.
- For non G-Suite accounts, Android Server Admin Credentials are required. For G-Suite accounts, the Google Gsuite Credentials are required.Android Server Admin Credentials:Note: Either the Android Server Admin Credentials or the Google Gsuite Credentials are required, not both. The UI stops you if you try to enter both.
- Android Server Admin Username: Enter a string to set the Admin UI user name.
- Android Server Admin Password: Enter a string to set the Admin UI
password.Important: Set a strong and complex password (For example, at least 12 characters long - the longer, the better; has a combination of upper and lowercase letters, numbers, punctuation, and special symbols) for better application security.
or
Google GSuite Credentials: Click Upload file and browse through the file location to select the googlecredentials.json file. - Click Install.
Results: This action completes these activities:
- Downloads a set of docker images from software.bigfix.com which is needed for the MDM installation.
- Installs the services and certificates including the Plugin certificates and the TLS certificate on which the server runs.
- Applies all required configurations.