Tech partner spotlight: Jamf & 1GLOBAL

Learn how integrating Jamf with 1GLOBAL mitigates security risks while automating eSIM deployment.

June 12 2024 by

Kieran Newey

Jamie Cole

Jamf and 1GLOBAL secure your eSIM deployment and management workflows.

Connectivity challenges

The distribution of eSIMs and connectivity to iPhone and iPad is highly admin-intensive and steals time. Typically, managing both requires a significant level of manual intervention and support from internal resources.

This work not only includes the new deployment for end users and managing the bulk change from one mobile provider to another but also the pre-work in establishing a database in the first place.

At the simplest level, this includes which user/device is assigned which SIM and updates to the provider records. Recording whether a SIM is still under the control of the business, what its activation status is or if it’s being managed add a layer of complexity to management workflows.

The challenge of extending this across multiple countries, regions and providers — plus the internal cost and drain on resources — often makes this prohibitive. The additional risk of rising data usage through unauthorized tethering which a SIM swap without adequate visibility and control and the effort can seem like it outweighs the benefits.

Alongside cost and resource concerns, significant security risks were identified with using older physical SIMs in devices. In 2023, the FCC published concerns over the risk of physical SIMs and SIM swapping. This attack exposes a 2FA risk. This has the potential to expose corporate identity management, banking and finance data, as well as the exposure of personal information leading to identify theft and/or hijacking of accounts.

What solution is available to mitigate SIM swapping risks?

The best solution is eSIM technology. Not only does this make for a much more secure environment, but it also reduces administrative overhead because it's easier and less complex to manage.

Enter Jamf + 1GLOBAL

Jamf is a leader in Apple Mobile Device Management (MDM), while 1GLOBAL provides full ownership of the entire eSIM ecosystem. Together, we offer fully automated zero-touch deployment workflows that include global connectivity for iOS and iPadOS.

Requirements

Organizations only need the following key ingredients:

  1. A Jamf Pro instance
  2. A 1GLOBAL Enterprise account with plan
  3. An API configuration
  4. Supervised Apple mobile devices

Key benefits

  • Zero-touch deployment of new devices and eSIM with ADE
  • 90% reduction in the provisioning and administration of mobile providers
  • Accelerated deployments across multiple countries/regions
  • Reduction in IT overhead when distributing and supporting eSIM
  • Enhancements to management and security when integrated with Jamf Pro

How does eSIM management work?

With 1GLOBAL and Jamf integration, there are three key steps required to link customers to our solution.

Jamf Pro and 1Global Webhook: Create the 1GLOBAL Webhook API and Smart Device Group in Jamf Pro — one per country > Apple Business Manager: Add the devices to ABM and point to Jamf Pro > Enterprise SIMs tagged for Jamf.

The API is triggered upon the use of Smart Groups in Jamf. Specifically, the feature <strong>SmartGroupMobileDeviceMembershipChange</strong>. Using a webhook, the API looks for this change that kicks off when a change to the associated Smart Group is triggered. A request is then sent to 1GLOBAL’s API portal and uses their carrier permissions to distribute an eSIM to the scoped device’s unique Embedded Identity Document (EID).

Device added to a Smart Device Group: can be blank, a selection of individual devices and users. The location from the user info defines which Smart Group they belong to and therefore which API Webhook to add the devices to. > Jamf Pro triggers 1GLOBAL We

Summary

This secure method of deployment automates eSIM distribution, linking them in a frictionless way to supervised devices. The automated workflow eliminates the need for end-user instructions and setup support. In short, beyond the task of initially setting up the API, there is zero administrative overhead for IT to deploy eSIM technologies to scale.

Administrators can easily send eSIMs to all devices in their fleet, and then use reporting features to identify which eSIM belongs to specific users. Furthermore, granular details such as mobile number associations and carrier names are available in a simple one-off report.

What if I need to change mobile carrier providers?

Simply send a copy of this report to 1GLOBAL, providing them with all the information needed to manage the migration to your new provider.

eSIMs and security

From a security perspective, eSIMs are installed digitally on each device and cannot be physically removed. Additionally, they are protected and enforced by your organization’s security policy, meaning they are passcode protected and can’t be removed from the devices to compromise 2FA-like physical SIMs. Furthermore, admins also know which users are assigned to devices and therefore which eSIM is used by the assignee. Because of its tight-knit integration with Jamf and cloud-based identity and access management solutions, additional security policies that manage eSIM may also be leveraged. A few examples are:

  • Restrict the installation of additional eSIMs
  • Prevent modifying or deleting eSIMs by users

In other words, a truly frictionless zero-touch end-user experience that increases security for your users and organization while reducing the administrative workload on your IT team.

Global scaling

Apple iPhone is supported by 1GLOBAL for centralized voice and data services in the UK, US, NL, ES, FR, PL, DE, AU and HK with full number portability in each country. Singapore, Canada and Brazil will be added soon to the list of supported regions, allowing users to roam in over 190 countries.

Note: Apple iPad supports data-only plans and is available globally.

Secure and simplify your eSIM management with Jamf + 1GLOBAL

Tags: