Retire MobileIron Managed Devices when Active Directory Accounts are Disabled

You are here:
< Back

Problem

When a user account is disabled in Active Directory, the corresponding device(s) should also be retired.  Currently, there is no method that allows this from the MobileIron platform directly.  This can be accomplished using MobileIron Assemble.

Background

Management of an organization’s resources should be as easy as possible to avoid confusion, overlooking a step, or simply for knowledge transfer in general.  MDM platforms are a great way to manage mobile devices in a corporate environment, but they can add additional steps making management of user accounts and access to resources more complex.  The MobileIron MDM platform attempts to reduce as much of this complexity as possible while still providing a stable and secure solution.  MobileIron doesn’t currently have the ability to retire devices based on Active Directory Account status directly, but they have provided a tool that can provide that functionality called Assemble.  Assemble is an add-on product for MobileIron providing a lot of additional functionality using the MobileIron API.

Cause

The reason for leveraging MobileIron Assemble is due to the limitations of the current MobileIron GUI allowing this functionality.  It is assumed that the GUI interface will incorporate this functionality at some point.  An update to this article will be published in the event this changes.

Resolution

The following rule set will check the status of the associated Active Directory account for the devices currently managed by MobileIron and retire any devices that are associated with Active Directory accounts that are disabled.

[RuleNum]
numberofrules=1
sleeptime=250
delimeter=,
ad_data=yes

[Rule1]
NumberofElements=1
Action=retire

Element1_trigger=ad:disabled
Element1_description=AD account disabled

For further information on Assemble or to understand what the rules are doing, or general use of the tool, please visit the MobileIron Assemble support website, or review the quick reference guide located here.

Troubleshooting

Problem:  Assemble is not functioning as expected or at all

Resolution:  Many things could be causing Assemble to fail, from permission settings, to misconfigurations.  Please reference the MobileIron Assemble support page for further assistance in resolving issues with Assemble.

References

The MobileIron Assemble support website.

Last Updated On October 24, 2017