Mobile Device Management

Smartphones and tablets used at CUIMC can access Epic clinical suites by installing the free Ivanti app.  Ivanti is an established Mobile Device Management (MDM) program that uses "container" technology to secure pre-defined aspects of the phone or tablet, apps, and data.  Apps and data outside of the container, including your calls, photos, messages, etc. are not managed and cannot be accessed by Ivanti. 

It is not required if you do not need to use Epic on your phone or tablet, and can be installed on both department and personally owned equipment.  If you are already using NYP's MDM, you do not need to install it again for CUIMC. 

A quick overview follows, and be sure to see our MDM FAQs.  An MDM Epic Rollout flyer (PDF) with QR codes linking to installation instructions is also available.

Please see CUIMC Managed Apps if you have concerns regarding  the "App Management Change" message on your iPhone

Using MDM at CUIMC

What do I need?

  1. You must have a CWID (NYPH Center Wide ID) account, which is also required for Epic.
    If you do not have one please contact your department administrator or supervisor, CUIMC IT is not able to create or request CWIDs.
  2. A smartphone or tablet with Internet access using:
    • iOS 12.0 or higher (iPhone or iPad)
    • Android 8.0 or higher

If you will be downloading and installing Ivanti at work on your own phone or tablet, you will also need an Apple ID or Google Play account.

How do I set up Ivanti on my device?

Ivanti will be pre-installed on devices ordered via CUIT's form if the option for Epic Access is checked, or it can be downloaded and installed by following our instructions for iPhone/iPad or Android.  IMPORTANT:

  • Be sure to back up any existing data on the phone or tablet before installing.
  • Devices provided by your department and/or ordered through CUIT's form without selecting Epic Access may have another MDM program (such as CUIT's EMM/AirWatch) installed.  See steps to check for MDM, which includes details on contacting us to Migrate to CUIMC Ivanti for devices that have AirWatch installed.

What happens during Ivanti set up?

Ivanti will verify or enforce that the device:

  • Is not jailbroken or rooted, indicating that built-in security features have been bypassed
  • Is set to auto-lock, with either a minimum 6 character passcode or fingerprint (if supported by the device) to unlock
  • Uses full encryption
  • Ivanti will also set up the Voice Wi-Fi network as the preferred nework on your device, please see this FAQ for more details.

Note that auto-lock and full encryption are already required by University Policy.  For more details on how Ivanti is used including what it can and cannot access on your device please see the FAQs and Mobile Device Management (MDM) Privacy Information.

MobileIron apps on an iPhone home screen

What happens after Ivanti is installed?

Once installed, Epic apps including Rover and Haiku are also set up and can be used by logging in with your CWID.

Other approved CUIMC apps can be downloaded through a "Work" store icon.

In case of a lost or stolen device, the IT department can quarantine it (to prevent loss of corporate data) or, in extreme cases, remotely wipe the device. Users can request the device to be wiped of just the MobileIron container (CUIMC/Epic applications) or request a full device wipe. 

Confirming Installation

If there are problems using Ivanti please make sure it has installed properly by checking for mobile device management.  iPhones and iPads may miss the steps to install a profile after Ivanti is downloaded, if so please see the last section of Troubleshoot Ivanti Errors for help.

How do I remove Ivanti and unenroll from MDM on my personal phone?

To remove CUIMC's EMM management framework, please follow the instructions for iPhone and Android. Note: CUIMC-owned devices must remain enrolled.