Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This user manual has been developed to guide the NIMC super admin to set up their devices on the Enrolment Mobile Device Management System (EMDMS). The guide will be broken into 2 phasessections.

  1. Onboarding devices on the EMDMS.

  2. Enforcing compliance Managing devices on the EMDMS admin portal.

ONBOARDING DEVICES ON THE EMDMS

\uD83D\uDCD8 Instructions

To onboard devices on the EMDMS portal, follow these steps;

  1. Login to the EMDMS admin portal on https://nimc-emdms.seamfix.com/smartmdm/ with these test credentials.

    Username - haguonye@seamfix

    .

    comPassword - Aa123456@

...

Fig1: Enter valid Login credentials to access the portal

...

  1. The QR Code method

  2. The apk file download method.

The QR Code Method

Panel
panelIconIdatlassian-note
panelIcon:note:
bgColor#57D9A3

The QR code method only applies to either new devices or devices that have just been factory reset. This is because the user needs to scan the code with the inbuilt Android app QR scanner and this inbuilt scanner is only triggered during a new device set up.

...

  1. For a new new device,

    1. Turn on the device

    2. On the Get started page (the page where you’d be required to set up your language preference & email), don’t click on “start” rather tap on the page about 6 times consequitively to launch the QR scanner

  2. For a device already in use,

    1. Factory reset the device

    2. On the Get started page (the page where you’d be required to set up your language preference & email), don’t click on “start” rather tap on the page about 6 times consecutively to launch the QR scanner

...

Panel
panelIconIdatlassian-note
panelIcon:note:
bgColor#57D9A3

The EMDMS app requires certain device permissions to be able to successfully run. Upon the first launch of the app, the app will prompt the user to grant the permissions highlighted in the images Fig.9 - Fig. 11 below.

...

Fig. 9: Grant usage access permission

...

Fig. 11: Toggle on the icon

5. Device specification check

Panel
panelIconIdatlassian-note
panelIcon:note:
bgColor#57D9A3

Upon successfully granting usage access, the user will be redirected to the app home page. An initial device specification check to validate if the device meets the minimum device specification to run the NIMC AES app will happen on the app home page shown in Fig.

...

Enrolled devices from CBS

...

Info

Highlight important information in a panel like this one. To edit this panel's color or style, select one of the options in the menu.

...

12 below.

...

Fig. 12: App home page

6. Device specification check report

Panel
panelIconIdatlassian-note
panelIcon:note:
bgColor#57D9A3

Devices that do not meet the minimum specification check will not be allowed to proceed from here. However, the NIMC admin has the privilege to approve the Enrolment request for a device that has failed the specification check so that they can proceed with the enrolment.

N.B: Devices that do not pass this point shall not be accessible on the list of enrolled devices on the portal.

...

Fig. 13a: Failed device specification check

As earlier stated, devices that do not meet the minimum device specification check will not be allowed to proceed from this page. However, the admin can manually approve this request on the portal for the user.

...

Fig. 13b: showing the view on the portal where an admin can approve device requests

Panel
panelIconIdatlassian-note
panelIcon:note:
bgColor#57D9A3

From the view 13b above, the admin can view the component on the device that does not meet the minimum requirement and then go ahead to approve or decline the enrolment.

...

Fig. 13c: showing the actions - Approve & Decline

...

Fig. 13d: Showing results for declined enrolment requests

...

Fig. 13e: Showing results for approved EMDMS Enrolment request

7. Trigger the NIMC AES to start downloading on the device.

Panel
panelIconIdatlassian-note
panelIcon:note:
bgColor#57D9A3

Upon successfully approving the request, the EMDMS app does a check to validate if there is a NIMC AES app on the device. if there isn’t, it triggers the NIMC AES to start downloading. see Fig. 14 below

N.B: This may take some time depending on the internet strength on the device and also becuse the NIMC AES app is large.

...

Fig. 14: Downloading the NIMC AES on the device

8. Upon successfully downloading the NIMC AES app, download grant usage access to the NIMC app (Fig. 15) & then fill out the device activation request form (Fig.16) to complete the EMDMS enrolment process

...

Fig. 15: Grant usage access to the NIMC AES

...

Fig. 16: Fill out the device activation request form

Panel
panelIconIdatlassian-note
panelIcon:note:
bgColor#57D9A3

When the activation request is approved on CBS, the admin will be able to view the details of the device on the EMDMS portal.

...

Fig. 17: The list of all enrolled devices pulled from CBS

Important things to note on the device upon successfully completing the onboarding process.

  • The user will be able to take a tour of the app to understand the basic navigation

...

  • You should get a prompt on the notification tray displaying the download progress of apps that have been added by the organization.

...

  • On the apps menu on the app, the user will be able to view the apps on the device including those installed & those pending installation

...

MANAGING DEVICES ON THE EMDMS

The EMDMS Dashboard -

This module shows basic analytics of all the activities happening within the ecosystem. This is a dynamic module so the analytics displayed on this page is configurable. To access the dashboard, follow these steps;

  1. Login to the EMDMS portal with valid credentials

  2. The user will be redirected to the EMDMS dashboard

...

Fig. 20: Showing the EMDMS admin dashboard

Panel
panelIconIdatlassian-note
panelIcon:note:
bgColor#57D9A3

From The dashboard displays an audit trail of activities including the following;

  • Admins that added an app

  • Admins that mapped a policy

  • Admins that triggered a password reset etc.

The EMDMS Device Locator -

The EMDMS device locator shows the distribution of devices across the different locations on a map view. To access the module;

  1. Login with valid credentials

  2. Navigate to the EMDMS Device Locator

  3. On the map view, look for the location where the device is being used, Click on the location icon to view more details about the device

...

Fig. 21: Showing device location across their various locations on a map.

EMDMS Users -

The EMDMS user module enables the admin to create users on the EMDMS portal and assign them roles. There are basically two roles on the EMDMS portal. The Admin role & the agent role. Only the admin users can access the EMDMS portal and perform device management functions. The agent users on the other hand only have access to their assigned devices.

Panel
panelIconIdatlassian-note
panelIcon:note:
bgColor#57D9A3

Only admin users can be created on the EMDMS portal. Agent users-device assignment on CBS applies to the users

EMDMS Policies -

policies contain a set of restrictions that the IT admin can apply to devices to enforce compliance. To access policies,

  1. Login with valid credentials

  2. Select EMDMS policies

  3. From the list of policies, select policies to apply to specific devices.

...

Fig. 22: Showing the list of available policies on the portal

Geofencing -

Geofences are the locations listed for a device(s) at the point of activation. These locations are not created on the EMDMS portal. Once a device is successfully onboarded on the EMDMS, the location assigned to that device will be displayed on the EMDMS “Geofences” policy. To access the listed geofences, follow these steps

  1. Login to the EMDMS portal

  2. Navigate to EMDMS policies

  3. Select “Geofences” from the list of policies displayed (see Fig. 22 above). The admin will be able to view all the geofences available within the ecosystem.

...

Fig. 23: showing all geofeneces with their corresponding coordinates

It is not enough to retrieve the geofences. It needs to be enforced. Enforcing a geofence means that users within that location will not be able to perform any actions on their devices for the period of the geofence action.

The following policies must be applied to your devices before geofence can be enforced.

  1. Enable Location Tracking

  2. Enforce Location tracking

  3. Enforce Geofence

Panel
panelIconIdatlassian-note
panelIcon:note:
bgColor#57D9A3

Reasons why Enforcing Geofence may not work

  1. The above policies are not applied to the device(s)

  2. The device is unable to send location details

Geofence Blacklist -

This feature enables the admin to be able to blacklist an entire geofence. To achieve this follow these steps;

  1. Login to the portal,

  2. Navigate to the EMDMS policies module (see Fig. 22)

  3. Select “Geofences” from the list of policies

  4. Select the location you intend to blacklist from the options displayed (see Fig. 23)

  5. Click the “actions” icon by the location of your choice and select the option “blacklist (see Fig. 24 below)

...

Fig. 24a: Showing the “blacklist” geofence option

Panel
panelIconIdatlassian-note
panelIcon:note:
bgColor#57D9A3

You can also whitelist a blacklisted geofence (you can follow the same process described above).

Upon successfully triggering the “blacklist” action from the portal, all devices within that blacklisted geofence that has the “enforce geofence” policy enabled for them will be blacklisted. see fig. 24b below

...

Fig. 24b: Device locked due to blacklisted geofence

Geofence Waiver

Geofence waiver can be used when an admin decides that despite the initial geofence assigned to a device, they want the user to be able to use the device in a new location which is not the user’s original geofence for a while. To apply the waiver policy, follow these steps;

  1. Login to the portal

  2. Navigate to Policies

  3. Select the “Geofence Waiver” policy from the list of policies displayed (see fig. 22 above). If you have created waiver locations, the list of locations that you have created will be displayed on the geofence waiver page. Otherwise, you will be required to create a new location.

    1. Enter the correct Latitude & the Longitude coordinates location & click save geofence (see fig. 25)

    2. The new location will be displayed on the table as a list of geofence locations

  4. To apply the location to a device,

    1. Navigate to actions,

    2. select the “apply to devices” option (see fig. 26)

    3. select how long you want this device to be usable in this new location (see fig. 27)

...

Fig. 25: Enter coordinates (lat & long)

...

Fig. 26: Geofence waiver locations

...

Fig. 27: Select the duration of the waiver

Panel
panelIconIdatlassian-note
panelIcon:note:
bgColor#57D9A3

Upon successfully apply the geofence waiver to a device, the device shall become accessible to the user for the period of the geofence. as soon as the time elapses, the device will become locked again except;

  1. The user returns back to their initial geofence or

  2. Their geofence is whitelisted

  3. The “enforce geofence” policy is removed from the device. (in this case, whether the user is within or out of their geofence, the geofenec restrictions will not apply to them)

Applications Management

The applications management module enables the admin to be able to manage applications usage & transfer within the NIMC ecosystem. amongst other things, you’d be able to

  • Blacklist an unauthorized app

  • Uninstall an unauthorized app

  • Add a new app version and push the upgrade via OTA (Over-the-air) app upgrade

  • Monitor the app usage including - total data consumed, screentime spent on an app.

Add a new app

To add a new app, follow these steps;

  1. Navigate to the Applications Management module

  2. Click on the “Add new app” button

...

Fig. 28: Add a new app

3. Fill out the form with the correct details

Panel
panelIconIdatlassian-note
panelIcon:note:
bgColor#57D9A3

Points to Note:

  1. The App ID is the unique identifier of the app. (If this is a private app not on he playstore, reach out to the app publisher to share the app ID with you)

  2. Ensure that you enter the correct app version

  3. Click on the upload app file option (tagged 1 on the screenshot fig.29 below) to upload the apk file of the app

  4. To automate OTA, you are required to select the group of devices you want this app to be mapped to. By default, when this group is selected, any app added that belonged to the group selected here will automatically get this app downloaded on them.

...

Fig. 29. Add details of the new app

Add a new app version

This can be used to update an app version. To add a new version, follow the steps below;

  1. Navigate to the applications management module

  2. From the list of apps, select the app version to update

    1. Select action > add a new app version (see fig. 30) below

...

Fig. 30: Add a new app version

3. fill out the new app version page

Panel
panelIconIdatlassian-note
panelIcon:note:
bgColor#57D9A3

Notice that the form fields are different from that of “add a new app version”. To add a new app version, the app version is an uneditable field. Also, you’re not required to select the groups whee you want this new app version to apply. The app roll out for new versions are handled manually to manage operational issues properly.

...

Fig. 31: Fill out the form to add a new app version

Where an app has more than one version, it will be listed on the app versions page. see fig.32 below

...

Fig. 32: List of all available app versions

App rollout via OTA

To roll out a new app version to the field, follow these steps;

  1. Select the app name on the Apps bank page (fig. 28)

  2. Click on actions (fig.30) and select edit app details

  3. From the available app versions, select the app version to roll out (see fig.33)

...

Fig. 33: Roll out the new version by selecting “map to devices”

4. select a list of devices or a device group to map the app to

...

Fig. 34: select the devices to map the app version to

Blacklist an unauthorized app

To backlist an unauthorized app follow these steps;

  1. Select the app name on the Apps bank page (fig. 28)

  2. Click on actions (fig.30) and select the “blacklist app” option

  3. select the device(s) or the group of devices that the app should be blacklisted on see fig.35

...

Fig. 35: select the devices to blacklist the app on

Device Monitoring

The EMDMS portal provides the capability for the admin to manage the heartbeat details on the device. Find below the details of the hearbeat page.

...

Fig 36: device heartbeat page

...

Fig. 37: device heartbeat page

Panel
panelIconIdatlassian-note
panelIcon:note:
bgColor#57D9A3

From the tabs listed in fig. 38 below the admin is able to navigate to view more details about the device.

...

P.S:

  1. By default, Android devices are set to use the same password for work & personal profiles

    1. Users have the opportunity to set a new password in the work profile. This will override the password set in the personal profile.

  2. If the password set for the personal profile does not meet the minimum password requirement set by the admin for the work profile, the user will not be able to access the work profile

  3. Users cannot use screen lock or pattern. They must use a password.

  4. The EMDMS app needs to finish downloading before the user can navigate away from the page that shows apps mapped by the admin

  5. The user will be notified that the work profile setup is in progress.