Operation-Specific Configuration

This section describes the configurations required for the following operations:

  • Aggregation

  • Provisioning

Aggregation

  • Aggregation of devices: Before aggregating devices, create a correlation rule or configuration in the device application to map devices to the appropriate AirWatch users. For example, UserName is a device attribute which specifies the name of the user it belongs to, and the Display Name of the identity is also UserName. Using these values, you can create an Account Correlation configuration, setting the application Attribute as UserName and the Identity Attribute as Display Name.

  • Parameterized device aggregation: By default, AirWatch device aggregation retrieves device profiles and device applications. If you do not want to manage these entities, you can filter them from the aggregation so that they are not read into IdentityIQ.
    Use these parameters to filter aggregation:

    • aggregateDeviceProfile: (This is an application attribute on the AirWatch EMM application) that determines if the profiles connected to devices should be retrieved or not. The default behavior is to retrieve the profiles connected to the devices. To change this behavior, add this entry key to the application XML in the Debug pages:
      <entry key="aggregateDeviceProfileā€¯ value="false"/>

    • aggregateDeviceApp: (This is an application attribute on the AirWatch EMM Application) that determines if the application installed on devices should be retrieved or not. The default behavior is to retrieve the applications installed on the device. To change this behavior, add this entry key to the application XML in the Debug pages:
      <entry key="aggregateDeviceApp" value="false"/>

Provisioning

The following provisioning operations are available in IdentityIQ when integrating with AirWatch:

Delete Device

  • Delete Device operation from LCM: In addition to Delete Device, you will be prompted to select Entire Device Wipe or Enterprise Wipe Only options before deleting the device.

  • Delete Device operation from Certification: The default wipe operation is Enterprise Wipe Only. To change this default behavior to Entire Device Wipe add this entry key to the device application XML in the Debug pages:
    <entry key="defaultWipeFromCertification" value="Entire Device Wipe"/>

Note: The Delete Provisioning Policy should include a field prompting the user who is responsible for deleting devices to enter a security PIN. You can add a SecurityPIN field to the Delete Provisioning Policy; the field's type should be string.