Quick Start Guide for Android Devices(1)

8/11/2019 Quick Start Guide for Android Devices(1)

http://slidepdf.com/reader/full/quick-start-guide-for-android-devices1 1/22

Quick Start Guide for Android Devices

Afaria 7 SP4



DOCUMENT ID: DC-AND-7-00-04

LAST REVISED: November 2013

Copyright © 2013 by SAP AG or an SAP affiliate company. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of

SAP AG. The information contained herein may be changed without prior notice.

Some software products marketed by SAP AG and its distributors contain proprietary software components of other software

vendors. National product specifications may vary.

These materials are provided by SAP AG and its affiliated companies ("SAP Group") for informational purposes only,

without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the

materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty

statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional

warranty.

SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered

trademarks of SAP AG in Germany and other countries. Please see http://www.sap.com/corporate-en/legal/copyright/

index.epx#trademark for additional trademark information and notices.

http://www.sap.com/corporate-en/legal/copyright/index.epx#trademark

http://www.sap.com/corporate-en/legal/copyright/index.epx#trademark



Contents

Android Device Management ...............................................1Group ..............................................................................1

Group Types ..........................................................1

Configuration Policies .....................................................1

Creating a Configuration Policy for Android ...........2

Application Policies .........................................................3

Creating an Application Policy for Android

Google Play Apps ..............................................3

Creating an Application Policy for Android

Enterprise Applications .....................................4

Enrollment Policies .........................................................6

Creating an Enrollment Policy for Android .............6

Android Device Enrollment ...................................................9

Enrolling an Android Device .........................................10

Removing the SAP Afaria Client ........................................13

Index ..................................................................................17

Quick Start Guide for Android Devices iii



Contents

iv Afaria



Android Device Management

You can use SAP Afaria to manage the Android devices in your organization.

You use an enrollment policy to add Android devices to SAP Afaria. When you add a device,

you assign the device to a group. Through group membership, the device is subject to

configuration and application policies that you set in SAP Afaria. Remediation policies

determine the actions that SAP Afaria takes when a device is not compliant.

To manage Android devices, SAP Afaria requires that users install the SAP Afaria client on

devices. Users can download the SAP Afaria client from the Google Play Store.

Group

A group is a collection of devices. Link a group to a policy to manage all devices in that group.

In the Afaria Administration console, the Group page is the landing page for group-focused

tasks.

Group TypesA group is a collection of devices. Policies allow you to manage all devices in that group.

These types of groups are available:

• Static – includes devices that you manually select. Membership changes only when you

add a device to the group, or delete a device from the group or from Afaria.

• Dynamic – includes devices that are included in a device view, as defined in the Device

page, when you click Select View on the left toolbar. Membership changes automatically

based on changes to the results of the view.

• User – includes devices that are associated with users that are included in a user group, as

defined by the Afaria server’s Windows users groups, LDAP groups, or NT domain

groups. Device members may change as user group membership changes. Membership

changes automatically based on changes to the selected groups.

• Composite – includes one or more groups of devices.

Configuration Policies

Configuration policies can define device settings (for example, passwords, Wi-Fi, roaming,

and VPN) and collect device inventory data (for example, hardware and software) without


Quick Start Guide for Android Devices 1



engaging users. Configuration policy settings and device inventory data collection vary by

device type.

For many settings, the configuration policy determines the items that are visible on the device.

For some devices, the policy can set items that are available only through manufacturer APIs

and are not visible in the user interface.

Creating a Configuration Policy for AndroidCreate a policy for scheduling device connections, collecting inventory, and configuring

device settings for Android devices.

Policy settings that are pushed from SAP Afaria may not always override the existing settings

on the device.

The policy includes multiple pages, such as Summary and Schedule. Complete them in any

order. To save changes on all pages, click Save at the top of any page.

1. On the Policy page, on the top toolbar, click New > Configuration > Android.2. On the Summary page, enter the policy name.

You can specify duplicate policy names across tenants and within a tenant for all policy

types. Changes made to support duplicate policy names are compatible with Afaria 6.6 and

7 servers.

3. Enter or select the remaining properties.

• Note – add a description for the policy.

• State – indicate published or unpublished. Connecting devices receive only published

policies.

• Priority – set a user-defined value used to determine which configuration policyprevails when multiple policies define the same default settings. The lower the numeric

value, the higher the priority.

• Authentication – connecting user identity against your authentication authority before

allowing the policy to run. This option is available only if you have authentication

enabled on the server, as defined on the Server > Configuration > Security page.

• Inventory – select the inventory type to collect. You can view inventory information on

the Device page's Device Inspector.

• Do not collect inventory – no inventory collection.

• Hardware – scan collects data relating to the device's physical components, such as

processors and memory cards.• Hardware and Software – scan collects hardware data and data for installed

software.

4. (Optional) To configure a daily connection, define Schedule page properties.

5. (Optional) Configure policy pages according to your requirements.


2 Afaria



Application Policies

Application policies define commercial and enterprise application packages for devices. The

policies determine which applications are available for devices to browse and install.

Creating an Application Policy for Android Google Play AppsCreate policies for managing applications from Google Play.

PrerequisitesComplete the procedure to prepare for a Google Play application, which includes recording

the application name.

The device user must have an account with Google Play. Google Play user agreements and

costs are independent of Afaria operations.

Task

The policy includes multiple pages, such as Summary and General. Complete them in any


The Configuration page is reserved for application onboarding data provisioning and is not

part of this procedure. See topic Provisioning Data for iOS and Android Applications for more

details.

1. On the top toolbar, click New > Application > Android Market.

Google Android Market is renamed to Google Play.

2. On the Summary page, enter the policy name and note and indicate whether the policy is

published or unpublished.


types. Connecting devices receive only published policies. Changes made in the Afaria

application to support duplicate policy names and multiple categories are compatible with

Afaria 6.6 and Afaria 7 servers.

3. (Optional) Select Featured to tag the application as featured, which means it appears in a

ticker on the home page of the device.

4. On the General page, define an application's information, and then click Update topopulate the Information box.

• Package – application name, such as com.amazon.kindle.

Data retrieval is subject to data availability from the Google Play.

5. (Optional) On the Categories page, select one or more categories to be associated with the

policy.





Click Add to add a new category.

6. (Optional) Select Yes or No to indicate whether the selected category is a featured

category.

7. (Optional) Click Browse and select the image file (.JPG or .PNG) to be associated with the

category and enter any additional note, if required.

Note: The maximum length allowed for the file name is 258 characters, and the maximum

image size allowed is 1MB. It is recommended that you use smaller image files of size up

to 100KB, to enable easy download and to minimize data traffic.

The recommended resolution for the category image on an Android device is up to 1920 x

1080 pixels. The category image is scaled to the required resolution, without changing the

aspect ratio, and is then centre-cropped.

8. (Optional) In the Available Categories list, make changes by selecting a category and

clicking Edit, Delete, Inspect Image or Clear Image.

If you delete a category that is attached to another policy, the category is deleted from thereferring policy also.

Clicking Inspect Image opens the image in Server > Category Image File window.

Clicking Clear Image removes the image associated with the Available Category.

9. (Optional) In the Pre-defined Categories list, make changes by selecting a category and

clicking Edit, Inspect Image or Clear Image.

Enterprise, Play Store and All are the Pre-defined System Categories listed.


Clicking Clear Image removes the image associated with the Pre-defined Category.

10. (Optional) On the Description Detail page, enter a description for the application andmodify the display name.

The display name of the application is automatically updated when you upload the

application package on General page.

Creating an Application Policy for Android Enterprise ApplicationsCreate policies for managing enterprise-developed applications on Android devices. For

Samsung Advanced Enterprise Security (AES) devices that use the Samsung-signed Afaria

application, you can create a required enterprise application for silent installation that the user

cannot remove unless you change the application's attribute to optional and redeliver the

policy.

The policy includes multiple pages, such as Summary and General. Complete them in any


The Configuration page is reserved for application onboarding data provisioning and is not

part of this procedure. See topic Provisioning Data for iOS and Android Applications for more

details.


4 Afaria



1. On the Policy page, on the top toolbar, click New > Application > Android

Enterprise.

2. On the Summary page, enter the policy name.


types. Changes made in the Afaria application to support duplicate policy names and

multiple categories are compatible with Afaria 6.6 and Afaria 7 servers.

3. Enter or select the remaining properties.

• Note – add a description for the policy.

• State – indicate published or unpublished.

• Featured – tag the application as featured, which means it appears in a ticker on the

home page of the device.

4. On the General page, define an application's information, and wait for it to populate the

information box before continuing.

• Install – choose optional or required. The required attribute affects only Samsung-

signed Afaria devices. It installs the application silently at the device, without userinteraction, and the user cannot remove it. To remove an Android required enterprise

application, use a configuration policy.

• KNOX Container App – Select if the application is only to be available for installation

in a device's KNOX container.

• Start Required App After Install – Select if you want the application to start

automatically following installation. This option is only available if you choose

Required as the Install option on this page.

• APK – click Browse to locate and upload the application (.apk). If an application

image is detected inside the APK file, it appears as the Application Icon.

The APK file path is relative to the administrator user's workstation. The packageserver does not serve an application policy without the APK file details, to the

connecting devices.

• Artwork (512x512px) – click Browse to locate and upload the image, which appears as

the Featured Application Artwork.

Artwork supports PNG and JPEG formats with a resolution of 512x512 pixels.

5. (Optional) On the Categories page, select one or more categories to be associated with the

policy.

Click Add to add a new category.

6. (Optional) Select Yes or No to indicate whether the selected category is a featuredcategory.

7. (Optional) Click Browse and select the image file (.JPG or .PNG) to be associated with the

category and enter any additional note, if required.

Note: The maximum length allowed for the file name is 258 characters, and the maximum

image size allowed is 1MB. It is recommended that you use smaller image files of size up

to 100KB, to enable easy download and to minimize data traffic.





The recommended resolution for the category image on an Android device is up to 1920 x

1080 pixels. The category image is scaled to the required resolution, without changing the

aspect ratio, and is then centre-cropped.

8. (Optional) In the Available Categories list, make changes by selecting a category and

clicking Edit, Delete, Inspect Image or Clear Image.

If you delete a category that is attached to another policy, the category is deleted from the

referring policy also.


Clicking Clear Image removes the image associated with the Available Category.

9. (Optional) In the Pre-defined Categories list, make changes by selecting a category and

clicking Edit, Inspect Image or Clear Image.

Enterprise, Play Store and All are the Pre-defined System Categories listed.


Clicking the Clear Image removes the image associated with the Pre-defined Category.10. (Optional) On the Description Detail page, enter a description for the application and

modify the display name.

The display name and the version of the application are automatically updated when you

upload the application package on General page.

11. Click New to browse to and select the application screen shot that appears on the device.

You can upload as many as eight screen shots from which you can select the application

image to appear on the device.

Note: The appearance of the uploaded image may change, depending on the size of the

image and the browser settings. The maximum image size allowed is 1MB.

Enrollment Policies

Enrollment policies automate enrolling a device in management. Enrollment policies define

initial device settings and associate devices with a groups for ongoing management.

Creating an Enrollment Policy for AndroidCreate a policy for enrolling Android devices in Afaria management.

The policy includes multiple pages, such as Summary and General. Complete them in anyorder. To save changes on all pages, click Save at the top of any page.

1. On the Policy page, on the top toolbar, click New > Enrollment > Android.

2. On the Summary page, enter the policy name and a description for the policy.


6 Afaria




types. Changes made in the Afaria application to support duplicate policy names are

compatible with Afaria 6.6 and Afaria 7 servers.

3. In the Code field, click Add and define the code properties:

• State – indicate whether devices are prevented from enrolling if the code is disabled at

enrollment time. If you do not want to use the code yet, set the state to disabled and

enable it later.

• Portal Only – indicate whether the code is valid only when used with Afaria Self-

Service Portal enrollment.

• URL Service – select your preferred URL shortening service, as enabled on the Server

> Configuration > Enrollment Code page.

The Google service produces case-sensitive codes.

• (Optional) Expiration Date – by default, expiration occurs at the end of the selected

day. If you do not specify a date, the code does not expire. Devices are prevented from

enrolling if the code is expired at enrollment time.

4. In the Code field, at the end of the line you are editing, click the Save icon to generate an

enrollment code and a creating date.

5. On the General page, define the policy for enrolling the devices.

• Server Address – Afaria server address or relay server address. The value, which you

can change here, is initially populated by the Address for Client Communication value,

as defined on the Server > Configuration > Device Communication page.

• (Optional) GCM Project ID – configure the Afaria client for Afaria-based Google

Cloud Messaging (GCM) push notifications.

• (Optional) Channel – default channel or channel set for the devices to request when

they connect to the Afaria server. For Android devices to appear on the list, thechannels must exist and must be published.

• (Optional) Connection – select automatic connection after install to have the device

initiate its first connection to the server without requiring user interaction.

• (Optional) Certificate – select to generate an identity certificate after the initial

connection to Afaria server, and use this certificate for future authentications against

the server and as the SSL client certificate for all future https connections. Identity

certificates are supported through the use of Afaria managed authentication option for

the enrollment and package servers.

Identity certificates use only the Certificate Authority server assigned to the

enrollment server, and require the enrollment server to be configured as the CA proxy.This option is not available in the Afaria Administration console, and is available in<EnrollmentServer>\program files\AIPS\bin

\ServerSCEPtest.exe. It is set to On, by default, on new Afaria installations and

upgrades.





Note: Identity certificates are supported only on 2008 CA servers, for Android

versions 4.x and above. To support identity certificates, the Afaria application on the

device must be version SP3 or above.

• If automatically creating a name for enrolling devices, select naming options:

• Optional Prefix – enter a prefix to use for the name. For example "Sales_".

• Data Column – select a data item to concatenate with the prefix. The list includes

predefined columns, the user name variable, and any additional user-defined

substitution variables you defined. Select something meaningful to your

organization to facilitate effective searching, create a value for building custom

views, or differentiate like-named devices.

If you select a data item that is based on a user’s response to a user prompt that you

add to the enrollment policy, the user’s response forms the name, even if it is

inaccurate. For example, if you prompt for an e-mail address and the user

incorrectly types the address, the name contains the incorrect address, even if the

correct address is later stored in inventory.

Selecting an item that requires user prompts automatically adds the variable to thepolicy's Variable page.

6. On the Group page, select any groups to populate when devices enroll.

A device receives the group's linked policies.

Selecting a dynamic group forces a newly enrolled device into the group without any

evaluation of that group's definition criteria. Upon execution of the Dynamic Group

Refresh schedule, if the device does not meet the group criteria, it is removed from the

group.

7. On the Variable page, click Add to select any variables to populate during enrollment.

Users are prompted on the device during enrollment.Define the variable prompts:

• Variable – from the database, the variable to populate with the user's response.

• Device Prompt – the text for the user-facing prompt.

• Entry Mask – indicate whether the entry at the device is masked with asterisk (*)

characters as the user types.


8 Afaria



Android Device Enrollment

Enrollment adds an Android device to SAP Afaria management.

1. The administrator creates an enrollment policy in SAP Afaria. Application and

configuration policies can apply to the enrollment through an associated group. The

enrollment policy creates the enrollment code that the administrator shares with the user

through either the self-service portal or another means of communication.

2. The user downloads and installs the SAP Afaria client. The client is available through the

self-service portal and application stores.

3. The user enters the enrollment code into the self-service portal to complete the enrollment

process.





Enrolling an Android Device

When the enrollment is complete, the device is subject to the policies in SAP Afaria. These

policies might require you to perform additional actions on the device. For example, youmight need to set a passcode for the device.

1. On a device, browse to the self-service portal. Your administrator provides the address for

the portal.

2. Enter your credentials and tap Log on.

3. Tap Enroll New Device.


10 Afaria



4. Tap Install to download and install the SAP Afaria client.

5. Tap Submit to submit the enrollment code to SAP Afaria.





6. Tap OK.

7. Enter the required information and tap Done.


12 Afaria



Removing the SAP Afaria Client

You can remove an Android device from management by removing the Afaria client from the

device. To remove the client from the device, you must first remove the device administratorprivileges for the client.

1. To remove Afariadevice administrator privileges, perform these tasks:

a) On the device, tap Settings.

b) Tap Security.

c) Tap Device administrators.





d) Clear the check box for the Afaria client.

e) To remove the administrative privileges, tap Deactivate.


14 Afaria



f) Tap OK to confirm the removal of the administrative privileges.

2. To remove the Afariaclient from the device, perform these tasks:

a) On the device, tap Settings.

b) Tap Applications.

c) Tap the client icon.





d) Tap Uninstall.

e) Tap OK to confirm the removal of the client.


16 Afaria



IndexA

AndroidAfaria client 13

application policy 3, 4

device management 1

enrollment 10

application policy 3

C

composite group

defined 1

configuration policy 1

Android 2

D

device settings

configuring 1

dynamic group

defined 1

E

enrollment

Android 10

enrollment policy 6Android 6

G

group

composite 1

dynamic 1

static 1

user 1Group

Group page in console 1

Group page in Afaria Administration console 1

P

policy

applications for iOS and Android 3

configuration 1

enrollment 6

S

SAP Afaria client

installing 10

removing 13

static group

defined 1

U

user groupdefined 1

Index




Index

Documents

Quick Start Guide for Android Devices(1)