Install BigFix MDM Service for Android

Learn how to install BigFix MDM Service for Android through WebUI.

Before you begin

These prerequisites must be met to install the BigFix MDM Server for Android endpoints:
  • You must have the necessary certificates and keys. See, BigFix PlugIn and MDM SSL certificates and keys.
  • You must have the BigFix Agent running on the MDM Server target.
  • You must be a Master Operator to perform this task through WebUI.

About this task

To install BigFix MDM server for Android endpoints:
  1. From the WebUI main page, select Apps > MCM.
  2. On the Modern Client Management page, click Admin.
  3. On the Admin page, from the left navigation, under MDM Servers, select Install.
  4. Select Target Device. Click Edit Devices and select an appropriate target to install the MDM server on.
  5. Server Install Type: For Select OS, select Android.
    Install MDM Server
  6. Install Parameters:
    • Organization Name: Enter a string. While enrolling a device, the organization name entered here displayed to the users along with the rest of the profile information.
    • User Facing Hostname: For over the air enrolls, this is the hostname of the server where users can visit to enroll in MDM. For over the air enrolls, this is the hostname of the server where users can visit to enroll in MDM. The value must be a valid URL. For example, mdmserver.deploy.bigfix.com. This is also where some Android Admin configuration takes place. See Enroll to Managed Google Play Accounts enterprise.
  7. LDAP parameters: This is used for authorization to enroll users for MDM over the air. This limits enrollment to your MDM server to authorized users only. Omitting all LDAP parameters disables the need for LDAP authentication to enroll for MDM.
    • Enable LDAP Auth: Select this check box only if you want to enable LDAP Authentication.
      Note: For over the air enrollments, select this check box to ensure that the incoming enrollment requests are from authorized users. If LDAP auth is not enabled, any user who has access to the MDM enrollment URL can get enrolled into MDM.
    • LDAP URL: Valid format is https://<server>:<port>. For more information on LDAP URL formats, see https://ldap.com/ldap-urls/
    • LDAP Base DN: Valid format "dc=example,dc=org"
    • LDAP Bind User: The root point to bind to the server. For example, DC=mydomain,DC=mycompany,DC=com. "user@example.org"
    • LDAP Bind Password: Enter a string.
  8. TLS Credentials: Enter the details of the MDM Server TLS certificate and key contents.
    1. TLS Key Password: Enter a string to set TLS key password.
    2. TLS Certificate: Click Upload File and browse through the location to select the TLS .crt file.
    3. TLS Key: Click Upload File and browse through the location to select the TLS .key file.
  9. MDM Server Authentication Certificate and Key Content: Enter the details of the MDM Server authentication certificate and key contents.
    1. For Certificate Authority, click Upload File and browse through the file location to select the ca.cert.pem file.
    2. For MDM Server Certificate, click Upload File and browse through the file location to select the server.cert.pem file.
    3. For MDM Server Key, click Upload File and browse through the file location to select the server.key file.
      Tip: For more information on how to generate .pem and .key files, see MDM SSL certificates.
  10. For non G-Suite accounts, Android Server Admin Credentials are required. For G-Suite accounts, the Google Gsuite Credentials are required.
    Note: Either the Android Server Admin Credentials or the Google Gsuite Credentials are required, not both. The UI stops you if you try to enter both.
    Android Server Admin Credentials:
    1. Android Server Admin Username: Enter a string to set the Admin UI user name.
    2. Android Server Admin Password: Enter a string to set the Admin UI password.
      Important: Set a strong and complex password (For example, at least 12 characters long - the longer, the better; has a combination of upper and lowercase letters, numbers, punctuation, and special symbols) for better application security.
    For more information on how to generate googlecredentials.json file, see Enroll to Managed Google Play Accounts enterprise.

    or

    Google GSuite Credentials: Click Upload file and browse through the file location to select the googlecredentials.json file.
  11. Click Install.
Results: This action completes these activities:
  1. Downloads a set of docker images from software.bigfix.com which is needed for the MDM installation.
  2. Installs the services and certificates including the Plugin certificates and the TLS certificate on which the server runs.
  3. Applies all required configurations.