Installing BigFix MDM Server for Android endpoints

Learn how to install BigFix MDM server for Android endpoints.

About this task

For instructions on how to install BigFix MCM Server for Android endpoints through WebUI, see Install BigFix MDM Service for Android.

In this section, you can find instructions on how to install BigFix MCM Server for Android endpoints using the BESUEM Fixlet Install BigFix Android MDM Server.

Before you begin: These prerequisites must be met to install the BigFix MDM Server for Android endpoints:
  • You must have the required certificates and keys. See, MDM SSL Certificates.
  • You must have BigFix Agent running on the MDM Server target.
  • If you are using non-GSuite (non-Google Workspace) account, you must know the administrator credentials of Managed Google Play Account Enterprise. To learn how to get the Google credentials, see Enroll to Managed Google Play Accounts enterprise

In the BESUEM Fixlet Install BigFix Android MDM Server (Version 2.1.0), provide this information:
  1. Enter the organization name. While enrolling a device, the organization name is displayed to the users along with the rest of the profile information.
  2. Enter user facing hostname. This is the hostname of the server that the enrolling devices should be pointing to. The value must be the hostname from a valid URL. For example, enter mdmserver.deploy.bigfix.com.
  3. Enter LDAP parameters. This is used for authorization to enroll users for MDM over the air. This limits enrollment to your MDM server to authorized users only. Omitting all LDAP parameters disables the need for LDAP authentication to enroll for MDM.
    1. LDAP URL: Valid format is ldap://<server>:<port>. For more information on LDAP URL formats, see https://ldap.com/ldap-urls/
    2. LDAP Base DN: Valid format "ou=Users,dc=example,dc=org"
    3. LDAP Bind User: The root point to bind to the server. For example, CN=domain join, OU=Users, OU=demo,DC=demo,DC=bigfix, DC=com DC=mydomain, DC=mycompany, DC=com. "user@example.org"
    4. LDAP Bind Password: The password entered here is encrypted and stored in the MDM_PARAM_4.enc file in the /var/opt/BESUEM/certs directory.
      Note: LDAP Authentication is turned on by default.
  4. Upload the files containing the details of the MDM Server TLS certificate and key contents.
    1. TLS key password: Enter a string to set TLS key password.
    2. In the MDM Server TLS Certificate section, click Upload File and browse through the location to select the TLS .crt file to be used.
    3. In the MDM Server TLS Key section, click Upload File and browse through the location to select the TLS .key file to be used.
  5. Upload the files containing the MDM Server authentication certificate and key contents.
    1. In the MDM Server Certificate Authority section, click Upload File and browse through the location to select the ca.cert.pem file.
    2. In the MDM Server Certificate content section, click Upload File and browse through the location to select the server.cert.pem file.
    3. In the MDM Server Key section, click Upload File and browse through the location to select the server.key file.
      Tip: For more information on how to generate .pem and .key files, see MDM SSL Certificates.
  6. Android Server Admin Credentials: This field appears when you select Android as the operating system. If you are using non-G-Suite account, enter a username and password to login into Admin Configuration page (Example: https://MDM_ENROLLMENT_SERVER/config) to proceed with Enterprise Registration and create Google credentials.
    1. Android Server Admin Username: Enter the user name
    2. Android Server Admin Password: Enter the password
      Tip: To learn how to generate googlecredentials.json file, see Enroll to Managed Google Play Accounts enterprise.
  7. Deploy the task to targeted systems.