Deploy Splunk Mobile at scale with Mobile Device Management
You can scale app delivery to a large number of mobile devices, secure content access, and manage data on mobile devices through with Mobile Device Management (MDM). With admin setup in Splunk Cloud Gateway and a compatible MDM provider, users can register and authenticate their devices directly in the Splunk Mobile app with their Splunk Enterprise credentials. Users won't need access to Splunk Cloud Gateway.
In-app device registration using MDM for Android devices is currently a beta feature. If you're interested in deploying Splunk Mobile for Android with MDM, contact mobile-team@splunk.com.
To distribute Splunk Mobile using MDM, you must take the following steps:
- Generate identifier files from all of the Splunk Enterprise instances that you want your Splunk Mobile users to have access to.
- Combine the identifier files into a single JSON file using the concatenation feature in Splunk Cloud Gateway.
- If you're deploying Splunk Mobile at scale to Android device users, wrap the Splunk Mobile app using the MobileIron app wrapper
- Add the Splunk Mobile app in MobileIron.
- Upload and deploy the combined JSON file as a configuration in MobileIron to Splunk Mobile users.
For more details about MDM and how the Splunk Mobile in-app device registration process works, see About Mobile Device Management with Splunk Mobile.
Prerequisites and requirements
You can deploy Splunk Mobile at scale with MDM. Other Connected Experiences apps currently don't have MDM support.
Complete the following prerequisites before you deploy Splunk Mobile at scale with MDM:
- Have admin role access to Splunk Enterprise and MobileIron.
- Install Splunk Cloud Gateway on your Splunk Enterprise search head.
- Have Splunk Mobile users.
- Confirm that your Cloud Gateway ID is unique and easily identifiable. In the Splunk Mobile, the Cloud Gateway IDs represent Splunk Enterprise instances that users can register to.
- Contact mobile-team@splunk.com to receive an MDM-compatible build of Splunk Mobile.
Your organization must meet the following requirements to use the MDM-distributed Splunk Mobile app:
- Use LDAP or local Splunk accounts.
- Use a compatible MDM service. Splunk Mobile is compatible with the MDM provider MobileIron.
User devices must meet the following requirements to use the wrapped Splunk Mobile app:
- Have the MobileIron Client app on their devices.
- Have the MobileIron Client app configured with a user profile.
Steps
Complete the following steps to deploy Splunk Mobile at scale with MDM.
Generate identifier files
Generate identifier files from Splunk Cloud Gateway on all of the Splunk Enterprise instances that you want to register users to:
- Log into the Splunk Enterprise instance that you want to register users to.
- Navigate to the Configure tab of Splunk Cloud Gateway.
- Click Generate Instance Identifier File.
Generating a new instance identifier file overwrites the previous MDM signing key. Users who haven't registered using the previously deployed Splunk Mobile app can't register until they receive the new MDM signing key. You must recombine the instance identifier files and upload the new combined JSON file as a configuration to MobileIron for users to register their devices.
The identifier file contains the instance's Splunk Cloud Gateway public key, Cloud Gateway ID, deployment ID, and an MDM signing private key. The identifier file allows the mobile client to find which Splunk Enterprise instance to access.
Combine identifier files
Combine the identifier files in Splunk Cloud Gateway:
- On any of the Splunk Enterprise instances that you generated an identifier file with, navigate to the Configure tab of Splunk Cloud Gateway.
- Upload all of the identifier files.
- Click Combine identifier files.
Splunk Cloud Gateway runs a concatenation script that combines the identifiers into a single JSON file.
Add the Splunk Mobile app in MobileIron
See "Adding an in-house app" in the MobileIron Admin Guide on the MobileIron website to add Splunk Mobile to MobileIron Cloud.
See "Manually importing iOS apps from the Apple App Store" in the MobileIron Core Apps@Work Guide on the MobileIron website to add Splunk Mobile to MobileIron Core.
Deploy the combined JSON file as an AppConnect custom configuration in MobileIron
See "Configuring AppConnect Apps" in the MobileIron Admin Guide on the MobileIron Cloud documentation to deploy the combined JSON file as a configuration in MobileIron Cloud.
See "iOS managed app configuration" in Getting Started with MobileIron Core on the MobileIron website to deploy the combined JSON file as a configuration in MobileIron Core.
User registration
When a user launches Splunk Mobile, they select from a list of Cloud Gateway IDs that represent the Splunk Enterprise instances that identifier files are generated from. Splunk Mobile users can select a Cloud Gateway ID and register to that Splunk Enterprise instance using their Splunk Enterprise credentials.
About MDM and In-app Registration | Troubleshoot Splunk Cloud Gateway |
This documentation applies to the following versions of Splunk® Cloud Gateway (Legacy): 1.6.0, 1.7.0, 1.7.2
Feedback submitted, thanks!