Configuring eSIM from the IBM MaaS360 Portal

Configure an eSIM from the IBM® MaaS360® Portal to activate cellular data plans, add an eSIM, or delete an eSIM on eSIM-capable devices.

Traditionally, cellular devices require a physical nano-SIM to activate a cellular plan from a carrier. Carriers assign a cellular plan and include the device with the SIM card. Modern devices now support an embedded SIM (eSIM) that can digitally store this information and function without using physical space on the device. The eSIM streamlines the user provisioning process for employees and reduces the logistics around shipping the physical SIM cards.

Important: The difference between iOS and Android is in the implementation by their operating systems. Unlike Android, iOS does not require an activation code for eSIM provisioning through MDM. Instead, the carrier information is directly integrated into the eSIM API that enables seamless profile download and activation.

In MaaS360, you can use device actions to deploy eSIM configuration to eSIM capable iPhones and iPads. This configuration contains an eSIM URL that is purchased from vendors. After the deployment, MaaS360 installs the eSIM profile and then activates the cellular plan on devices.

Note: This feature is supported on the following Apple devices.
  • iOS version 13 and later
  • iPadOS version 13 and later

Deploying eSIM configuration from the IBM MaaS360 Portal for iOS devices

Prerequisites

Administrators must verify the following device conditions.
  • Devices are registered with a cellular network provider.
  • The eSIM provider URL and network tether information are available.
  • A device group that requires eSIM activation is created in advance.
Follow these steps to deploy eSIM profiles to multiple devices.
  1. From the IBM MaaS360 Portal home page, go to Devices > Groups.
  2. Hover over the More option for the device group and then select Manage eSIM Configuration.
  3. Enter the Provider URL and select the Requires Network Tethering checkbox if the device uses network tethering.
    Example of carrier URLs.
    • Verizon: https://2.vzw.otgeuicc.com
    • AT&T: https://cust-001-v4-prod-atl2.gdsb.net
    • T-Mobile: https://t-mobile.gdsb.net
  4. Click Continue.
Follow these steps to deploy an eSIM to an individual device.
  1. From the IBM MaaS360 Portal home page, go to Devices > Inventory.
  2. Click View to open the Device Summary page for that device.
  3. Click More in the upper-right and then select Manage eSIM Configuration.
  4. In the Manage eSIM Configuration window, enter the Provider URL and select the Requires Network Tethering checkbox if the device uses network tethering.
    Example of carrier URLs.
    • Verizon: https://2.vzw.otgeuicc.com
    • AT&T: https://cust-001-v4-prod-atl2.gdsb.net
    • T-Mobile: https://t-mobile.gdsb.net
  5. Click Continue.

Tracking the eSIM deployment status for iOS devices

After you deploy the eSIM profiles to devices, administrators can track the deployment status in the Device History page.

Protecting eSIM on iOS devices

After the eSIM is activated on devices, administrators must preserve the data plan when they reset the devices and prevent users from accidentally modifying the data plans.

To protect the cellular plan, administrators must turn off the following iOS MDM policy settings and republish the policy:
  • Supervised Settings > Allow erase All Contents & Settings
  • Supervised Settings > Allow Cellular Data Usage Modification

To retain the data plan, administrators must select the Preserve Data Plan checkbox when issuing the Wipe action.

Deploying eSIM configuration from the IBM MaaS360 Portal for Android devices

This feature is supported on Android devices with version 15 and later.

IT administrators can remotely add or delete the eSIM profiles to corporate devices. For eSIM provisioning on Android devices through MDM, an activation code is mandatory. This activation code is provided by the carrier and has details like the SM-DP+ (Subscription Manager Data Preparation) address and the activation key.

The activation code must be delivered to the device either through the MDM solution or manually.

Prerequisites

Administrators must verify the following information before they can add an eSIM for Android devices.
  • eSIM Activation Code is available.
  • The device must have Android version 15 or later.
  • The device must support eSIM.
Important: You can send the eSIM custom commands from the IBM MaaS360 Portal to an individual device only. You cannot send the commands to a group of devices because the parameters are specific to a single device.
Follow these steps to deploy an eSIM to an individual device.
  1. From the IBM MaaS360 Portal home page, go to Devices > Inventory.
  2. Click View to open the Device Summary page for that device.
  3. Click More in the upper-right and select Android Custom Command.
  4. Enter the eSIM download custom command as given in Download-eSIM options.

Deleting an eSIM from Android devices

Prerequisites

Administrators must verify the following information before they can delete an eSIM from Android devices.
  • The eSIM is installed by using the eSIM download custom command.
  • ICCID of the eSIM is available. This ID can be found in the Network Information under Device View.
Follow these steps to delete an eSIM from an individual device.
  1. From the IBM MaaS360 Portal home page, go to Devices > Inventory.
  2. Click View to open the Device Summary page for that device.
  3. Click More in the upper-right and select Android Custom Command.
  4. Enter the eSIM delete custom command as given in Delete-eSIM options.

Tracking the eSIM deployment status for Android devices

After you run the eSIM custom command, administrators can track the deployment status in the Device History page.

Error messages for Android devices

The following error messages are displayed when you add or delete an eSIM for Android devices.

Error message Description
eSIM action is only supported by Android OS 15 and higher This error occurs when you try to use the eSIM custom command on an Android device that runs on an OS version lesser than 15.
eUICC is missing or defective on the device This error occurs when eUICC (Embedded Universal Integrated Circuit Card) that manages the eSIM functionality is not available in the device or is not functioning correctly.
Device does not support eSIM This error occurs when you try to use the eSIM custom command on an Android device that does not have the hardware necessary to support eSIM functionality
eSIM configuration failed This error occurs when a problem exists on the eSIM network carrier.
eSIM activation code is invalid This error occurs during the following scenarios.
  1. The device is trying to download an eSIM profile but no valid activation code is provided.
  2. The activation code that is provided is in an incorrect format, making it unreadable or invalid for the device to process.
eSIM profile already exists This error occurs when the profile fails to load onto the device's eSIM chip, such as when the ICCID of the profile already exists on it.
Note: This error does not occur when you try to reuse the same activation code to download the same profile.
ICCID not found on device This error occurs if the admin does not manage ICCID in the eSIM delete command, and if the eSIM profile was not installed by using eSIM download command.
An eSIM profile download is already in progress This error occurs when the device is downloading or activating an eSIM profile, preventing any other eSIM custom command actions at the same time.
Download is not allowed because the device is locked to a specific network carrier This error occurs when the device is carrier-locked, restricting it to specific carrier profiles as enforced by the original mobile service provider.
The eSIM profile associated with this activation code has already been activated This error occurs when the eSIM profile that is linked to the activation code is already activated on a device.
eSIM action is only supported on Android Enterprise devices This error occurs when you try to use the eSIM custom command on an Android device that is not Android Enterprise enrolled.