Integrate XenMobile Mobile Device Management (MDM) with Cisco Identity Services Engine (ISE)

Contributed by John Bartel III

Cisco ISE is used to deploy, secure, monitor, integrate, and manage mobile devices in the workplace. The software downloaded to the mobile device controls the distribution of applications and patches and control data and configuration on the endpoint. XenMobile can integrate with Cisco ISE to manage non-compliant and unmanaged devices on the Cisco ISE console. XenMobile also allows you to selectively allow, deny, or quarantine access to corporate services.

To set up the integration with XenMobile, create a local service account on the XenMobile Server with the administrator RBAC role assigned to it. This role allows the Cisco ISE to access the XenMobile API. ISE needs to trust the XenMobile certificate. To download this certificate, open a web browser and navigate to your server URL and log in.

  1. After logging in, click the lock next to the URL in the address bar. XenMobile URL lock
  2. Click Certificate. XenMobile Certificate
  3. Select the Details tab and click Copy to File. Certificate details
  4. Follow the wizard to save the certificate locally.
  5. Log in to your Cisco ISE console and import the XenMobile certificate you previously downloaded. Import the certificate into Cisco ISE’s Trusted Certificate store. This import is necessary for Cisco ISE to trust communication with the XenMobile Server.
    1. Navigate to Administration > System > Certificates > Certificate Management > Trusted Certificates. Click Import.
    2. Give the certificate a name and check the boxes for Trust for authentication within ISE and Trust for authentication of Cisco Services.
  6. Add XenMobile as an external MDM inside Cisco ISE.
    1. Navigate to Administration > Network Resource > External MDM. Clicking Add and fill out the following:
      • Server Host: Your XenMobile FQDN
      • Port: 443
      • Instance name: The instance name of your XenMobile Server. The instance name is “zdm” by default on most deployments.
      • User Name: Type the name of the user that you created for this task. The user should be a local administrator account in the original admin RBAC group.
      • Password: The password for the user you just added.
      • Check where it says Enable.
  7. If the test is successful, click Submit.

For more information about Cisco ISE, see Cisco documentation.


The ISE integration isn’t supported with the hosted Endpoint Management.

Integrate XenMobile Mobile Device Management (MDM) with Cisco Identity Services Engine (ISE)

In this article