Fortinet black logo

Third Party MDM Device Integration

Home FortiNAC 9.4.0 Third Party MDM Device Integration
9.4.0
9.4.0
9.2.0
9.1.0
8.8.0
8.7.0
8.6.0
8.5.0
8.3.0

Airwatch/Workspace One Host/Device Registration Process

Airwatch/Workspace One Host/Device Registration Process

When Airwatch/Workspace One and FortiNAC are integrated, the registration process for hosts is as follows:

  1. A host connects to the network and is detected by FortiNAC.

  2. If the host is running an operating system not supported by Airwatch/Workspace One, it becomes a rogue and goes through the regular registration process (either through the captive portal, Device Profiler or any other registration method configured in FortiNAC).

  3. If the host is running one of the operating systems listed below, FortiNAC checks to see if the Airwatch/Workspace One MDM Agent is installed. This requires that On-Demand registration be enabled in the MDM Service record for the Airwatch/Workspace One integration with FortiNAC.

    • Android

    • Apple iOS

    • BlackBerry

    • Mac OS X

    • Symbian

    • Windows Mobile

    • Windows Phone

  4. Hosts without the Airwatch/Workspace One MDM Agent are sent to the captive portal where the user is asked to download and install an MDM agent before connecting to the production network.

  5. If the host has the Airwatch/Workspace One MDM Agent installed, FortiNAC connects to Airwatch/Workspace One and retrieves the host data from the Airwatch/Workspace One database and registers the host in FortiNAC.

  6. If the host is associated with a user in Airwatch/Workspace One that also exists in FortiNAC, then the host is registered to that user.

  7. If the user is unknown in FortiNAC, the host is registered as a device.

  8. Based on the User/Host Profile that matches the host, a Network Access Policy is applied and the host is placed in the appropriate VLAN.

  9. Settings selected for the MDM Service that controls the connection between Airwatch/Workspace One and FortiNAC determine when Airwatch/Workspace One is polled for updated information.

Previous
Next

Airwatch/Workspace One Host/Device Registration Process

When Airwatch/Workspace One and FortiNAC are integrated, the registration process for hosts is as follows:

  1. A host connects to the network and is detected by FortiNAC.

  2. If the host is running an operating system not supported by Airwatch/Workspace One, it becomes a rogue and goes through the regular registration process (either through the captive portal, Device Profiler or any other registration method configured in FortiNAC).

  3. If the host is running one of the operating systems listed below, FortiNAC checks to see if the Airwatch/Workspace One MDM Agent is installed. This requires that On-Demand registration be enabled in the MDM Service record for the Airwatch/Workspace One integration with FortiNAC.

    • Android

    • Apple iOS

    • BlackBerry

    • Mac OS X

    • Symbian

    • Windows Mobile

    • Windows Phone

  4. Hosts without the Airwatch/Workspace One MDM Agent are sent to the captive portal where the user is asked to download and install an MDM agent before connecting to the production network.

  5. If the host has the Airwatch/Workspace One MDM Agent installed, FortiNAC connects to Airwatch/Workspace One and retrieves the host data from the Airwatch/Workspace One database and registers the host in FortiNAC.

  6. If the host is associated with a user in Airwatch/Workspace One that also exists in FortiNAC, then the host is registered to that user.

  7. If the user is unknown in FortiNAC, the host is registered as a device.

  8. Based on the User/Host Profile that matches the host, a Network Access Policy is applied and the host is placed in the appropriate VLAN.

  9. Settings selected for the MDM Service that controls the connection between Airwatch/Workspace One and FortiNAC determine when Airwatch/Workspace One is polled for updated information.

Previous
Next