Setting up your XenMobile Connector in the Lookout Mobile Endpoint Security Console
Once you have configured XenMobile, you can set up a connector in the Lookout MES Console.
- Log in to the Lookout MES Console at https://app.lookout.com.
- In the left sidebar, click Integrations.
- Under Choose a product to set up, click the XenMobile tile.The XenMobile Connector page opens.
- Under Connector Settings, enter the following:
Field Value Label for this MDM connection (Optional) A user friendly name for the connector.
This label displays in the MDM column of the Lookout MES Console Devices list so that you can determine which connector and MDM instance a device belongs to.
XenMobile URL Your Citrix Endpoint Management URL, including the port.
For example,
https://myhost.xm.cloud.com:4443Username Enter the Username and Password from Creating an API User. Password - Click Create Integration in the top right corner.If creation is successful, a banner notification appears and additional sections become enabled.
If you get a certificate error, click Certificate Details. Otherwise continue with Step 6.
- Look for errors on the certificate details screen.Typical errors include expired or broken certificates as shown here:
Error How to Fix the Error Expired certificate The certificate expiration date is in the past. Replace the MDM certificate with a new certificate. Broken certificate. One or more intermediate certificates do not validate correctly. Replace the MDM certificate with a valid certificate. - Retry entering all required information into the Integration connector.
- Look for errors on the certificate details screen.
- Scroll down to Enrollment Management and enter the following:
Field Value Automatically drive Lookout for Work enrollment on XenMobile managed devices ON Use the following label to identify devices that should have the Lookout for Work app activated Select your enrollment user group from Creating User Groups. This should be Lookout for Work. How often should Lookout check for new devices? Lookout recommends using the default 5 minute interval. Automatically send activation emails to XenMobile managed devices OFF
For an MDM integration, you should drive enrollment through your MDM, not via Lookout MES Console invitation emails.
Delete device on unenrollment ON - Scroll down to State Sync and enable the toggles, then input the following labels:
If you choose not to synchronize a specific state to XenMobile, leave the corresponding toggle off.
- Device Status:
Field Value Devices with Lookout activated Lookout MES - Activated - Connection Status:
Field Value Devices that are unreachable by Lookout Lookout MES - Unreachable Devices that have lost connectivity with Lookout Lookout MES - Disconnected - Risk Status:
Field Value Devices with any issues present Lookout MES - Threats Present Devices with no issues present Lookout MES - Secured Note:NOTE: You do not need to define these fields in XenMobile. It automatically adds them to enrolled devices as custom properties.
- Device Status:
- If you have purchased the feature to add specific risk classifications to synchronize with your MDM you can add them using this procedure.Otherwise continue on to step 9.Note:
NOTE: If you purchased the feature to add risk classifications to synchronize with your MDM, a Risk Classification section is visible in the Lookout connector.
Here are some examples of risk classifications you can add:
Example Risk Classification Example Labels Example Description Phishing and Content Protection Disabled Lookout MES - PCP Disabled Devices with PCP disabled VPN Permission Not Accepted Lookout MES - VPN Prohibited Devices with VPN Permission not accepted In the Lookout connector Risk Classification section (visible only if you purchased this feature), follow these substeps:
- Click Add Risk Classification.
- Set to Enable.
- Choose the desired risk classification from the dropdown to synchronize with your MDM.
Risk classification synchronization occurs only if a state sync event occurs.
- Enter the label for the selected risk classification to synchronize with your MDM.
If you choose not to synchronize a specific state to your MDM, leave the corresponding toggle off.
- Repeat steps i - iv for each additional risk classification you want to synchronize with your MDM.
Each risk classification you add here must have a corresponding unique label defined in your MDM.
- Scroll down to Error Management and enter an email address for error reporting.
- (Optional) Scroll down to Group Management and enter a Lookout MES Console Device Group for new devices from this connector.
By default, new devices are added to the Default Group in the Lookout MES Console. For more information about Device Groups, see the Lookout MES Console Administrator's Guide.
- Click Save Changes in the top right corner.You can review connector settings from the Integrations module at any time.
- Add the new Lookout properties as columns in the XenMobile Devices list:
Once a device checks in with the new properties, you can add them to the Devices list.
- Login to the Endpoint Management Console.
- In the top navigation bar, click Manage > Devices.
- Click the dropdown arrow on the right side of the header row of the Devices table:
- Check the Lookout MES - <Status > properties you created in Step 7.
