Upload
tekotest
View
223
Download
0
Embed Size (px)
Citation preview
8/11/2019 Quick Start Guide for Android Devices(1)
http://slidepdf.com/reader/full/quick-start-guide-for-android-devices1 1/22
Quick Start Guide for Android Devices
Afaria 7 SP4
8/11/2019 Quick Start Guide for Android Devices(1)
http://slidepdf.com/reader/full/quick-start-guide-for-android-devices1 2/22
DOCUMENT ID: DC-AND-7-00-04
LAST REVISED: November 2013
Copyright © 2013 by SAP AG or an SAP affiliate company. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of
SAP AG. The information contained herein may be changed without prior notice.
Some software products marketed by SAP AG and its distributors contain proprietary software components of other software
vendors. National product specifications may vary.
These materials are provided by SAP AG and its affiliated companies ("SAP Group") for informational purposes only,
without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the
materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty
statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional
warranty.
SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered
trademarks of SAP AG in Germany and other countries. Please see http://www.sap.com/corporate-en/legal/copyright/
index.epx#trademark for additional trademark information and notices.
8/11/2019 Quick Start Guide for Android Devices(1)
http://slidepdf.com/reader/full/quick-start-guide-for-android-devices1 3/22
Contents
Android Device Management ...............................................1Group ..............................................................................1
Group Types ..........................................................1
Configuration Policies .....................................................1
Creating a Configuration Policy for Android ...........2
Application Policies .........................................................3
Creating an Application Policy for Android
Google Play Apps ..............................................3
Creating an Application Policy for Android
Enterprise Applications .....................................4
Enrollment Policies .........................................................6
Creating an Enrollment Policy for Android .............6
Android Device Enrollment ...................................................9
Enrolling an Android Device .........................................10
Removing the SAP Afaria Client ........................................13
Index ..................................................................................17
Quick Start Guide for Android Devices iii
8/11/2019 Quick Start Guide for Android Devices(1)
http://slidepdf.com/reader/full/quick-start-guide-for-android-devices1 4/22
Contents
iv Afaria
8/11/2019 Quick Start Guide for Android Devices(1)
http://slidepdf.com/reader/full/quick-start-guide-for-android-devices1 5/22
Android Device Management
You can use SAP Afaria to manage the Android devices in your organization.
You use an enrollment policy to add Android devices to SAP Afaria. When you add a device,
you assign the device to a group. Through group membership, the device is subject to
configuration and application policies that you set in SAP Afaria. Remediation policies
determine the actions that SAP Afaria takes when a device is not compliant.
To manage Android devices, SAP Afaria requires that users install the SAP Afaria client on
devices. Users can download the SAP Afaria client from the Google Play Store.
Group
A group is a collection of devices. Link a group to a policy to manage all devices in that group.
In the Afaria Administration console, the Group page is the landing page for group-focused
tasks.
Group TypesA group is a collection of devices. Policies allow you to manage all devices in that group.
These types of groups are available:
• Static – includes devices that you manually select. Membership changes only when you
add a device to the group, or delete a device from the group or from Afaria.
• Dynamic – includes devices that are included in a device view, as defined in the Device
page, when you click Select View on the left toolbar. Membership changes automatically
based on changes to the results of the view.
• User – includes devices that are associated with users that are included in a user group, as
defined by the Afaria server’s Windows users groups, LDAP groups, or NT domain
groups. Device members may change as user group membership changes. Membership
changes automatically based on changes to the selected groups.
• Composite – includes one or more groups of devices.
Configuration Policies
Configuration policies can define device settings (for example, passwords, Wi-Fi, roaming,
and VPN) and collect device inventory data (for example, hardware and software) without
Android Device Management
Quick Start Guide for Android Devices 1
8/11/2019 Quick Start Guide for Android Devices(1)
http://slidepdf.com/reader/full/quick-start-guide-for-android-devices1 6/22
engaging users. Configuration policy settings and device inventory data collection vary by
device type.
For many settings, the configuration policy determines the items that are visible on the device.
For some devices, the policy can set items that are available only through manufacturer APIs
and are not visible in the user interface.
Creating a Configuration Policy for AndroidCreate a policy for scheduling device connections, collecting inventory, and configuring
device settings for Android devices.
Policy settings that are pushed from SAP Afaria may not always override the existing settings
on the device.
The policy includes multiple pages, such as Summary and Schedule. Complete them in any
order. To save changes on all pages, click Save at the top of any page.
1. On the Policy page, on the top toolbar, click New > Configuration > Android.2. On the Summary page, enter the policy name.
You can specify duplicate policy names across tenants and within a tenant for all policy
types. Changes made to support duplicate policy names are compatible with Afaria 6.6 and
7 servers.
3. Enter or select the remaining properties.
• Note – add a description for the policy.
• State – indicate published or unpublished. Connecting devices receive only published
policies.
• Priority – set a user-defined value used to determine which configuration policyprevails when multiple policies define the same default settings. The lower the numeric
value, the higher the priority.
• Authentication – connecting user identity against your authentication authority before
allowing the policy to run. This option is available only if you have authentication
enabled on the server, as defined on the Server > Configuration > Security page.
• Inventory – select the inventory type to collect. You can view inventory information on
the Device page's Device Inspector.
• Do not collect inventory – no inventory collection.
• Hardware – scan collects data relating to the device's physical components, such as
processors and memory cards.• Hardware and Software – scan collects hardware data and data for installed
software.
4. (Optional) To configure a daily connection, define Schedule page properties.
5. (Optional) Configure policy pages according to your requirements.
Android Device Management
2 Afaria
8/11/2019 Quick Start Guide for Android Devices(1)
http://slidepdf.com/reader/full/quick-start-guide-for-android-devices1 7/22
Application Policies
Application policies define commercial and enterprise application packages for devices. The
policies determine which applications are available for devices to browse and install.
Creating an Application Policy for Android Google Play AppsCreate policies for managing applications from Google Play.
PrerequisitesComplete the procedure to prepare for a Google Play application, which includes recording
the application name.
The device user must have an account with Google Play. Google Play user agreements and
costs are independent of Afaria operations.
Task
The policy includes multiple pages, such as Summary and General. Complete them in any
order. To save changes on all pages, click Save at the top of any page.
The Configuration page is reserved for application onboarding data provisioning and is not
part of this procedure. See topic Provisioning Data for iOS and Android Applications for more
details.
1. On the top toolbar, click New > Application > Android Market.
Google Android Market is renamed to Google Play.
2. On the Summary page, enter the policy name and note and indicate whether the policy is
published or unpublished.
You can specify duplicate policy names across tenants and within a tenant for all policy
types. Connecting devices receive only published policies. Changes made in the Afaria
application to support duplicate policy names and multiple categories are compatible with
Afaria 6.6 and Afaria 7 servers.
3. (Optional) Select Featured to tag the application as featured, which means it appears in a
ticker on the home page of the device.
4. On the General page, define an application's information, and then click Update topopulate the Information box.
• Package – application name, such as com.amazon.kindle.
Data retrieval is subject to data availability from the Google Play.
5. (Optional) On the Categories page, select one or more categories to be associated with the
policy.
Android Device Management
Quick Start Guide for Android Devices 3
8/11/2019 Quick Start Guide for Android Devices(1)
http://slidepdf.com/reader/full/quick-start-guide-for-android-devices1 8/22
Click Add to add a new category.
6. (Optional) Select Yes or No to indicate whether the selected category is a featured
category.
7. (Optional) Click Browse and select the image file (.JPG or .PNG) to be associated with the
category and enter any additional note, if required.
Note: The maximum length allowed for the file name is 258 characters, and the maximum
image size allowed is 1MB. It is recommended that you use smaller image files of size up
to 100KB, to enable easy download and to minimize data traffic.
The recommended resolution for the category image on an Android device is up to 1920 x
1080 pixels. The category image is scaled to the required resolution, without changing the
aspect ratio, and is then centre-cropped.
8. (Optional) In the Available Categories list, make changes by selecting a category and
clicking Edit, Delete, Inspect Image or Clear Image.
If you delete a category that is attached to another policy, the category is deleted from thereferring policy also.
Clicking Inspect Image opens the image in Server > Category Image File window.
Clicking Clear Image removes the image associated with the Available Category.
9. (Optional) In the Pre-defined Categories list, make changes by selecting a category and
clicking Edit, Inspect Image or Clear Image.
Enterprise, Play Store and All are the Pre-defined System Categories listed.
Clicking Inspect Image opens the image in Server > Category Image File window.
Clicking Clear Image removes the image associated with the Pre-defined Category.
10. (Optional) On the Description Detail page, enter a description for the application andmodify the display name.
The display name of the application is automatically updated when you upload the
application package on General page.
Creating an Application Policy for Android Enterprise ApplicationsCreate policies for managing enterprise-developed applications on Android devices. For
Samsung Advanced Enterprise Security (AES) devices that use the Samsung-signed Afaria
application, you can create a required enterprise application for silent installation that the user
cannot remove unless you change the application's attribute to optional and redeliver the
policy.
The policy includes multiple pages, such as Summary and General. Complete them in any
order. To save changes on all pages, click Save at the top of any page.
The Configuration page is reserved for application onboarding data provisioning and is not
part of this procedure. See topic Provisioning Data for iOS and Android Applications for more
details.
Android Device Management
4 Afaria
8/11/2019 Quick Start Guide for Android Devices(1)
http://slidepdf.com/reader/full/quick-start-guide-for-android-devices1 9/22
1. On the Policy page, on the top toolbar, click New > Application > Android
Enterprise.
2. On the Summary page, enter the policy name.
You can specify duplicate policy names across tenants and within a tenant for all policy
types. Changes made in the Afaria application to support duplicate policy names and
multiple categories are compatible with Afaria 6.6 and Afaria 7 servers.
3. Enter or select the remaining properties.
• Note – add a description for the policy.
• State – indicate published or unpublished.
• Featured – tag the application as featured, which means it appears in a ticker on the
home page of the device.
4. On the General page, define an application's information, and wait for it to populate the
information box before continuing.
• Install – choose optional or required. The required attribute affects only Samsung-
signed Afaria devices. It installs the application silently at the device, without userinteraction, and the user cannot remove it. To remove an Android required enterprise
application, use a configuration policy.
• KNOX Container App – Select if the application is only to be available for installation
in a device's KNOX container.
• Start Required App After Install – Select if you want the application to start
automatically following installation. This option is only available if you choose
Required as the Install option on this page.
• APK – click Browse to locate and upload the application (.apk). If an application
image is detected inside the APK file, it appears as the Application Icon.
The APK file path is relative to the administrator user's workstation. The packageserver does not serve an application policy without the APK file details, to the
connecting devices.
• Artwork (512x512px) – click Browse to locate and upload the image, which appears as
the Featured Application Artwork.
Artwork supports PNG and JPEG formats with a resolution of 512x512 pixels.
5. (Optional) On the Categories page, select one or more categories to be associated with the
policy.
Click Add to add a new category.
6. (Optional) Select Yes or No to indicate whether the selected category is a featuredcategory.
7. (Optional) Click Browse and select the image file (.JPG or .PNG) to be associated with the
category and enter any additional note, if required.
Note: The maximum length allowed for the file name is 258 characters, and the maximum
image size allowed is 1MB. It is recommended that you use smaller image files of size up
to 100KB, to enable easy download and to minimize data traffic.
Android Device Management
Quick Start Guide for Android Devices 5
8/11/2019 Quick Start Guide for Android Devices(1)
http://slidepdf.com/reader/full/quick-start-guide-for-android-devices1 10/22
The recommended resolution for the category image on an Android device is up to 1920 x
1080 pixels. The category image is scaled to the required resolution, without changing the
aspect ratio, and is then centre-cropped.
8. (Optional) In the Available Categories list, make changes by selecting a category and
clicking Edit, Delete, Inspect Image or Clear Image.
If you delete a category that is attached to another policy, the category is deleted from the
referring policy also.
Clicking Inspect Image opens the image in Server > Category Image File window.
Clicking Clear Image removes the image associated with the Available Category.
9. (Optional) In the Pre-defined Categories list, make changes by selecting a category and
clicking Edit, Inspect Image or Clear Image.
Enterprise, Play Store and All are the Pre-defined System Categories listed.
Clicking Inspect Image opens the image in Server > Category Image File window.
Clicking the Clear Image removes the image associated with the Pre-defined Category.10. (Optional) On the Description Detail page, enter a description for the application and
modify the display name.
The display name and the version of the application are automatically updated when you
upload the application package on General page.
11. Click New to browse to and select the application screen shot that appears on the device.
You can upload as many as eight screen shots from which you can select the application
image to appear on the device.
Note: The appearance of the uploaded image may change, depending on the size of the
image and the browser settings. The maximum image size allowed is 1MB.
Enrollment Policies
Enrollment policies automate enrolling a device in management. Enrollment policies define
initial device settings and associate devices with a groups for ongoing management.
Creating an Enrollment Policy for AndroidCreate a policy for enrolling Android devices in Afaria management.
The policy includes multiple pages, such as Summary and General. Complete them in anyorder. To save changes on all pages, click Save at the top of any page.
1. On the Policy page, on the top toolbar, click New > Enrollment > Android.
2. On the Summary page, enter the policy name and a description for the policy.
Android Device Management
6 Afaria
8/11/2019 Quick Start Guide for Android Devices(1)
http://slidepdf.com/reader/full/quick-start-guide-for-android-devices1 11/22
You can specify duplicate policy names across tenants and within a tenant for all policy
types. Changes made in the Afaria application to support duplicate policy names are
compatible with Afaria 6.6 and Afaria 7 servers.
3. In the Code field, click Add and define the code properties:
• State – indicate whether devices are prevented from enrolling if the code is disabled at
enrollment time. If you do not want to use the code yet, set the state to disabled and
enable it later.
• Portal Only – indicate whether the code is valid only when used with Afaria Self-
Service Portal enrollment.
• URL Service – select your preferred URL shortening service, as enabled on the Server
> Configuration > Enrollment Code page.
The Google service produces case-sensitive codes.
• (Optional) Expiration Date – by default, expiration occurs at the end of the selected
day. If you do not specify a date, the code does not expire. Devices are prevented from
enrolling if the code is expired at enrollment time.
4. In the Code field, at the end of the line you are editing, click the Save icon to generate an
enrollment code and a creating date.
5. On the General page, define the policy for enrolling the devices.
• Server Address – Afaria server address or relay server address. The value, which you
can change here, is initially populated by the Address for Client Communication value,
as defined on the Server > Configuration > Device Communication page.
• (Optional) GCM Project ID – configure the Afaria client for Afaria-based Google
Cloud Messaging (GCM) push notifications.
• (Optional) Channel – default channel or channel set for the devices to request when
they connect to the Afaria server. For Android devices to appear on the list, thechannels must exist and must be published.
• (Optional) Connection – select automatic connection after install to have the device
initiate its first connection to the server without requiring user interaction.
• (Optional) Certificate – select to generate an identity certificate after the initial
connection to Afaria server, and use this certificate for future authentications against
the server and as the SSL client certificate for all future https connections. Identity
certificates are supported through the use of Afaria managed authentication option for
the enrollment and package servers.
Identity certificates use only the Certificate Authority server assigned to the
enrollment server, and require the enrollment server to be configured as the CA proxy.This option is not available in the Afaria Administration console, and is available in<EnrollmentServer>\program files\AIPS\bin
\ServerSCEPtest.exe. It is set to On, by default, on new Afaria installations and
upgrades.
Android Device Management
Quick Start Guide for Android Devices 7
8/11/2019 Quick Start Guide for Android Devices(1)
http://slidepdf.com/reader/full/quick-start-guide-for-android-devices1 12/22
Note: Identity certificates are supported only on 2008 CA servers, for Android
versions 4.x and above. To support identity certificates, the Afaria application on the
device must be version SP3 or above.
• If automatically creating a name for enrolling devices, select naming options:
• Optional Prefix – enter a prefix to use for the name. For example "Sales_".
• Data Column – select a data item to concatenate with the prefix. The list includes
predefined columns, the user name variable, and any additional user-defined
substitution variables you defined. Select something meaningful to your
organization to facilitate effective searching, create a value for building custom
views, or differentiate like-named devices.
If you select a data item that is based on a user’s response to a user prompt that you
add to the enrollment policy, the user’s response forms the name, even if it is
inaccurate. For example, if you prompt for an e-mail address and the user
incorrectly types the address, the name contains the incorrect address, even if the
correct address is later stored in inventory.
Selecting an item that requires user prompts automatically adds the variable to thepolicy's Variable page.
6. On the Group page, select any groups to populate when devices enroll.
A device receives the group's linked policies.
Selecting a dynamic group forces a newly enrolled device into the group without any
evaluation of that group's definition criteria. Upon execution of the Dynamic Group
Refresh schedule, if the device does not meet the group criteria, it is removed from the
group.
7. On the Variable page, click Add to select any variables to populate during enrollment.
Users are prompted on the device during enrollment.Define the variable prompts:
• Variable – from the database, the variable to populate with the user's response.
• Device Prompt – the text for the user-facing prompt.
• Entry Mask – indicate whether the entry at the device is masked with asterisk (*)
characters as the user types.
Android Device Management
8 Afaria
8/11/2019 Quick Start Guide for Android Devices(1)
http://slidepdf.com/reader/full/quick-start-guide-for-android-devices1 13/22
Android Device Enrollment
Enrollment adds an Android device to SAP Afaria management.
1. The administrator creates an enrollment policy in SAP Afaria. Application and
configuration policies can apply to the enrollment through an associated group. The
enrollment policy creates the enrollment code that the administrator shares with the user
through either the self-service portal or another means of communication.
2. The user downloads and installs the SAP Afaria client. The client is available through the
self-service portal and application stores.
3. The user enters the enrollment code into the self-service portal to complete the enrollment
process.
Android Device Enrollment
Quick Start Guide for Android Devices 9
8/11/2019 Quick Start Guide for Android Devices(1)
http://slidepdf.com/reader/full/quick-start-guide-for-android-devices1 14/22
Enrolling an Android Device
When the enrollment is complete, the device is subject to the policies in SAP Afaria. These
policies might require you to perform additional actions on the device. For example, youmight need to set a passcode for the device.
1. On a device, browse to the self-service portal. Your administrator provides the address for
the portal.
2. Enter your credentials and tap Log on.
3. Tap Enroll New Device.
Android Device Enrollment
10 Afaria
8/11/2019 Quick Start Guide for Android Devices(1)
http://slidepdf.com/reader/full/quick-start-guide-for-android-devices1 15/22
4. Tap Install to download and install the SAP Afaria client.
5. Tap Submit to submit the enrollment code to SAP Afaria.
Android Device Enrollment
Quick Start Guide for Android Devices 11
8/11/2019 Quick Start Guide for Android Devices(1)
http://slidepdf.com/reader/full/quick-start-guide-for-android-devices1 16/22
6. Tap OK.
7. Enter the required information and tap Done.
Android Device Enrollment
12 Afaria
8/11/2019 Quick Start Guide for Android Devices(1)
http://slidepdf.com/reader/full/quick-start-guide-for-android-devices1 17/22
Removing the SAP Afaria Client
You can remove an Android device from management by removing the Afaria client from the
device. To remove the client from the device, you must first remove the device administratorprivileges for the client.
1. To remove Afariadevice administrator privileges, perform these tasks:
a) On the device, tap Settings.
b) Tap Security.
c) Tap Device administrators.
Removing the SAP Afaria Client
Quick Start Guide for Android Devices 13
8/11/2019 Quick Start Guide for Android Devices(1)
http://slidepdf.com/reader/full/quick-start-guide-for-android-devices1 18/22
d) Clear the check box for the Afaria client.
e) To remove the administrative privileges, tap Deactivate.
Removing the SAP Afaria Client
14 Afaria
8/11/2019 Quick Start Guide for Android Devices(1)
http://slidepdf.com/reader/full/quick-start-guide-for-android-devices1 19/22
f) Tap OK to confirm the removal of the administrative privileges.
2. To remove the Afariaclient from the device, perform these tasks:
a) On the device, tap Settings.
b) Tap Applications.
c) Tap the client icon.
Removing the SAP Afaria Client
Quick Start Guide for Android Devices 15
8/11/2019 Quick Start Guide for Android Devices(1)
http://slidepdf.com/reader/full/quick-start-guide-for-android-devices1 20/22
d) Tap Uninstall.
e) Tap OK to confirm the removal of the client.
Removing the SAP Afaria Client
16 Afaria
8/11/2019 Quick Start Guide for Android Devices(1)
http://slidepdf.com/reader/full/quick-start-guide-for-android-devices1 21/22
IndexA
AndroidAfaria client 13
application policy 3, 4
device management 1
enrollment 10
application policy 3
C
composite group
defined 1
configuration policy 1
Android 2
D
device settings
configuring 1
dynamic group
defined 1
E
enrollment
Android 10
enrollment policy 6Android 6
G
group
composite 1
dynamic 1
static 1
user 1Group
Group page in console 1
Group page in Afaria Administration console 1
P
policy
applications for iOS and Android 3
configuration 1
enrollment 6
S
SAP Afaria client
installing 10
removing 13
static group
defined 1
U
user groupdefined 1
Index
Quick Start Guide for Android Devices 17
8/11/2019 Quick Start Guide for Android Devices(1)
http://slidepdf.com/reader/full/quick-start-guide-for-android-devices1 22/22
Index