Ivanti Mobile at Work is software used at the Medical Center to secure and manage business apps, documents, and other business content on smartphones and tablets. It allows CUIMC-IT to set security and management rules on these mobile devices. The Ivanti app provides the IT department with information about the device and its security state. It also allows users to access Epic from their smartphone or tablet. For an overview, please see Information Security's Mobile Device Management page.
No, you do not need to install it again if you have previously had your phone or tablet configured by NYP or Cornell Med.
Ivanti is targeted at phones and tablets running Apple iOS or Google Android operating system software:
To install Ivanti Mobile at Work see instructions for iPhone/iPad and Android devices.
To obtain a CWID please contact your department administrator or supervisor. CUIMC-IT is not able to create or request CWIDs. If you are not sure whether you have one already or need help with your CWID please see NYP's oneID Password Management page.
No. Only the container on your phone that holds business apps, such as Epic, will be wiped from the device. However, IT can wipe the entire device at your request.
IT can only see data such as carrier, country, device make and model, OS version, phone number, list of installed apps, name, phone number, and corporate email (SMS messages can't be read, see the next FAQ for more information). It also verifies that the device complies with using a passcode and encryption as required by University Policy. The Ivanti app permissions are as follows:
Apps | Ivanti Mobile at Work can only see apps that it manages (those that CUIMC makes available), and can only delete its own managed applications. |
Calls and text messages | Ivanti Mobile at Work cannot access test messages or calls. |
Messaging apps | Ivanti Mobile at Work can only see apps that it manages. Your personal messaging apps cannot be accessed. |
Location | Ivanti Mobile at Work does not track the location of your device. |
Device information | Ivanti Mobile at Work collects the phone number, IMEI, SIM, model, manufacture, device name, mobile carrier, storage capacity, and IP address. |
Device status | Last check-in, jail-broken/rooted device, OS version, PIN/Passcode present, device encryption, battery level. |
Pictures, videos, multimedia | Ivanti Mobile at Work cannot see your pictures or videos. |
Corporate wipe | Ivanti Mobile at Work can only retire your device, which will remove enrollment, corporate data, and any managed applications. Once the corporate wipe is performed, the device is no longer managed under Ivanti Mobile at Work. |
Full device wipe | This is only done via a ticket to the Information Security Office (ISO). ISO has to document the request and log in to a separate account with elevated privileges to perform a full device wipe. NOTE: This cannot be done if a corporate wipe was processed. |
Please see Mobile Device Management (MDM) Privacy Information for more details.
CUIMC-IT does not want to spy on you, nor does Ivanti Mobile at Work allow IT to see data such as personal email, voicemails, photos, videos, and web activity. Even within the bounds of technology, University policy strictly limits what CUIMC-IT can do. For more information, see the Acceptable Use of Information Resources Policy and the Information Security Charter.
When Ivanti is installed on the phone or tablet, a list of "profiles" with configuration settings will appear under Settings > General > Device Management. The "Password Policy" profile appears under the "Restrictions" area, which enforces a passcode to unlock the phone or tablet. This enables encryption where the passcode is the "key." You are also permitted to use your fingerprint (if supported by your device) to make it easier to unlock the device.
You are not required to access Epic on your personal device or install MDM on it, but you need to have a mobile device that can do so. You can use a separate device for University work if you prefer.
As with any other IT purchases, funding for mobile devices is worked out with your department. Please speak to your supervisor, Department Administrator, or Chair.
CUIMC uses Ivanti to protect information from being stolen or lost. Data theft can happen in many ways, but some of the more likely examples include:
You can talk to your Chair, the CIO, the CMIO, the COO, the Dean, or the Office of General Counsel, depending on your comfort level.
Yes, it requires a passcode of 6 or more characters, including both letters and numbers. Ivanti will enforce this passcode during enrollment/MobileIron setup. Note that University Policy already requires a passcode/screen lock.
Aside from enforcing a passcode, Ivanti allows a full or partial remote data wipe or passcode reset in the event of loss or theft. MobileIron encrypts your data so your phone or tablet is in compliance with Columbia’s mandatory endpoint security policy. Please review the full text of the policy for more details on security requirements for mobile devices.
Yes, we strongly recommend running a backup before installing and enrolling in Ivanti Mobile at Work.
You can follow the instructions to install Ivanti on the new device. Contact your Certified IT Group for assistance. See full steps to install Ivanti Mobile at Work on an iPhone/iPad or Android device.
No, Ivanti will not interact with any other applications on your device or otherwise affect its performance.
No, the app and enrolling are free.
No, corporate devices are for those individuals who do not want to use their personal devices for Epic. However, Ivanti is required in order to access Epic from a corporate or personally owned device.
On corporate-owned devices, Ivanti restricts access to Bluetooth, App Store, iCloud usage, and additional features that can are known or perceived as risk factors on corporate devices. CUIMC carries the full responsibility of protecting Epic data on corporate-owned devices. For more information, see our Mobile Device Management (MDM) Privacy Information page and the University's Registration And Protection of Endpoints Policy.