This user manual has been developed to guide the NIMC super admin to set up their devices on the Enrolment Mobile Device Management System (EMDMS). The guide will be broken into 2 phasessections.
Onboarding devices on the EMDMS.
Enforcing compliance Managing devices on the EMDMS admin portal.
ONBOARDING DEVICES ON THE EMDMS
\uD83D\uDCD8 Instructions
To onboard devices on the EMDMS portal, follow these steps;
Login to the EMDMS admin portal on https://nimc-emdms.seamfix.com/smartmdm/ with these test credentials.
Username - haguonye@seamfix.
comPassword - Aa123456@
...
Fig1: Enter valid Login credentials to access the portal
...
The QR Code method
The apk file download method.
The QR Code Method
Panel | ||||||
---|---|---|---|---|---|---|
| ||||||
The QR code method only applies to either new devices or devices that have just been factory reset. This is because the user needs to scan the code with the inbuilt Android app QR scanner and this inbuilt scanner is only triggered during a new device set up. |
...
For a new new device,
Turn on the device
On the Get started page (the page where you’d be required to set up your language preference & email), don’t click on “start” rather tap on the page about 6 times consequitively to launch the QR scanner
For a device already in use,
Factory reset the device
On the Get started page (the page where you’d be required to set up your language preference & email), don’t click on “start” rather tap on the page about 6 times consecutively to launch the QR scanner
...
Panel | ||||||
---|---|---|---|---|---|---|
| ||||||
The EMDMS app requires certain device permissions to be able to successfully run. Upon the first launch of the app, the app will prompt the user to grant the permissions highlighted in the images Fig.9 - Fig. 11 below. |
...
Fig. 9: Grant usage access permission
...
Fig. 11: Toggle on the icon
5. Device specification check
Panel | ||||||
---|---|---|---|---|---|---|
| ||||||
Upon successfully granting usage access, the user will be redirected to the app home page. An initial device specification check to validate if the device meets the minimum device specification to run the NIMC AES app will happen on the app home page shown in Fig. |
...
Enrolled devices from CBS
...
Info |
---|
Highlight important information in a panel like this one. To edit this panel's color or style, select one of the options in the menu. |
\uD83D\uDCCB Related articles
...
12 below. |
...
Fig. 12: App home page
6. Device specification check report
Panel | ||||||
---|---|---|---|---|---|---|
| ||||||
Devices that do not meet the minimum specification check will not be allowed to proceed from here. However, the NIMC admin has the privilege to approve the Enrolment request for a device that has failed the specification check so that they can proceed with the enrolment. N.B: Devices that do not pass this point shall not be accessible on the list of enrolled devices on the portal. |
...
Fig. 13a: Failed device specification check
As earlier stated, devices that do not meet the minimum device specification check will not be allowed to proceed from this page. However, the admin can manually approve this request on the portal for the user.
...
Fig. 13b: showing the view on the portal where an admin can approve device requests
Panel | ||||||
---|---|---|---|---|---|---|
| ||||||
From the view 13b above, the admin can view the component on the device that does not meet the minimum requirement and then go ahead to approve or decline the enrolment. |
...
Fig. 13c: showing the actions - Approve & Decline
...
Fig. 13d: Showing results for declined enrolment requests
...
Fig. 13e: Showing results for approved EMDMS Enrolment request
7. Trigger the NIMC AES to start downloading on the device.
Panel | ||||||
---|---|---|---|---|---|---|
| ||||||
Upon successfully approving the request, the EMDMS app does a check to validate if there is a NIMC AES app on the device. if there isn’t, it triggers the NIMC AES to start downloading. see Fig. 14 below N.B: This may take some time depending on the internet strength on the device and also becuse the NIMC AES app is large. |
...
Fig. 14: Downloading the NIMC AES on the device
8. Upon successfully downloading the NIMC AES app, download grant usage access to the NIMC app (Fig. 15) & then fill out the device activation request form (Fig.16) to complete the EMDMS enrolment process
...
Fig. 15: Grant usage access to the NIMC AES
...
Fig. 16: Fill out the device activation request form
Panel | ||||||
---|---|---|---|---|---|---|
| ||||||
When the activation request is approved on CBS, the admin will be able to view the details of the device on the EMDMS portal. |
...
Fig. 17: The list of all enrolled devices pulled from CBS
Important things to note on the device upon successfully completing the onboarding process.
The user will be able to take a tour of the app to understand the basic navigation
...
You should get a prompt on the notification tray displaying the download progress of apps that have been added by the organization.
...
On the apps menu on the app, the user will be able to view the apps on the device including those installed & those pending installation
...
MANAGING DEVICES ON THE EMDMS
The EMDMS Dashboard -
This module shows basic analytics of all the activities happening within the ecosystem. This is a dynamic module so the analytics displayed on this page is configurable. To access the dashboard, follow these steps;
Login to the EMDMS portal with valid credentials
The user will be redirected to the EMDMS dashboard
...
Fig. 20: Showing the EMDMS admin dashboard
Panel | ||||||
---|---|---|---|---|---|---|
| ||||||
From The dashboard displays an audit trail of activities including the following;
|
The EMDMS Device Locator -
The EMDMS device locator shows the distribution of devices across the different locations on a map view. To access the module;
Login with valid credentials
Navigate to the EMDMS Device Locator
On the map view, look for the location where the device is being used, Click on the location icon to view more details about the device
...
Fig. 21: Showing device location across their various locations on a map.
EMDMS Users -
The EMDMS user module enables the admin to create users on the EMDMS portal and assign them roles. There are basically two roles on the EMDMS portal. The Admin role & the agent role. Only the admin users can access the EMDMS portal and perform device management functions. The agent users on the other hand only have access to their assigned devices.
Panel | ||||||
---|---|---|---|---|---|---|
| ||||||
Only admin users can be created on the EMDMS portal. Agent users-device assignment on CBS applies to the users |
EMDMS Policies -
policies contain a set of restrictions that the IT admin can apply to devices to enforce compliance. To access policies,
Login with valid credentials
Select EMDMS policies
From the list of policies, select policies to apply to specific devices.
...
Fig. 22: Showing the list of available policies on the portal
Geofencing -
Geofences are the locations listed for a device(s) at the point of activation. These locations are not created on the EMDMS portal. Once a device is successfully onboarded on the EMDMS, the location assigned to that device will be displayed on the EMDMS “Geofences” policy. To access the listed geofences, follow these steps
Login to the EMDMS portal
Navigate to EMDMS policies
Select “Geofences” from the list of policies displayed (see Fig. 22 above). The admin will be able to view all the geofences available within the ecosystem.
...
Fig. 23: showing all geofeneces with their corresponding coordinates
It is not enough to retrieve the geofences. It needs to be enforced. Enforcing a geofence means that users within that location will not be able to perform any actions on their devices for the period of the geofence action.
The following policies must be applied to your devices before geofence can be enforced.
Enable Location Tracking
Enforce Location tracking
Enforce Geofence
Panel | ||||||
---|---|---|---|---|---|---|
| ||||||
Reasons why Enforcing Geofence may not work
|
Geofence Blacklist -
This feature enables the admin to be able to blacklist an entire geofence. To achieve this follow these steps;
Login to the portal,
Navigate to the EMDMS policies module (see Fig. 22)
Select “Geofences” from the list of policies
Select the location you intend to blacklist from the options displayed (see Fig. 23)
Click the “actions” icon by the location of your choice and select the option “blacklist (see Fig. 24 below)
...
Fig. 24a: Showing the “blacklist” geofence option
Panel | ||||||
---|---|---|---|---|---|---|
| ||||||
You can also whitelist a blacklisted geofence (you can follow the same process described above). Upon successfully triggering the “blacklist” action from the portal, all devices within that blacklisted geofence that has the “enforce geofence” policy enabled for them will be blacklisted. see fig. 24b below |
...
Fig. 24b: Device locked due to blacklisted geofence
Geofence Waiver
Geofence waiver can be used when an admin decides that despite the initial geofence assigned to a device, they want the user to be able to use the device in a new location which is not the user’s original geofence for a while. To apply the waiver policy, follow these steps;
Login to the portal
Navigate to Policies
Select the “Geofence Waiver” policy from the list of policies displayed (see fig. 22 above). If you have created waiver locations, the list of locations that you have created will be displayed on the geofence waiver page. Otherwise, you will be required to create a new location.
Enter the correct Latitude & the Longitude coordinates location & click save geofence (see fig. 25)
The new location will be displayed on the table as a list of geofence locations
To apply the location to a device,
Navigate to actions,
select the “apply to devices” option (see fig. 26)
select how long you want this device to be usable in this new location (see fig. 27)
...
Fig. 25: Enter coordinates (lat & long)
...
Fig. 26: Geofence waiver locations
...
Fig. 27: Select the duration of the waiver
Panel | ||||||
---|---|---|---|---|---|---|
| ||||||
Upon successfully apply the geofence waiver to a device, the device shall become accessible to the user for the period of the geofence. as soon as the time elapses, the device will become locked again except;
|
Applications Management
The applications management module enables the admin to be able to manage applications usage & transfer within the NIMC ecosystem. amongst other things, you’d be able to
Blacklist an unauthorized app
Uninstall an unauthorized app
Add a new app version and push the upgrade via OTA (Over-the-air) app upgrade
Monitor the app usage including - total data consumed, screentime spent on an app.
Add a new app
To add a new app, follow these steps;
Navigate to the Applications Management module
Click on the “Add new app” button
...
Fig. 28: Add a new app
3. Fill out the form with the correct details
Panel | ||||||
---|---|---|---|---|---|---|
| ||||||
Points to Note:
|
...
Fig. 29. Add details of the new app
Add a new app version
This can be used to update an app version. To add a new version, follow the steps below;
Navigate to the applications management module
From the list of apps, select the app version to update
Select action > add a new app version (see fig. 30) below
...
Fig. 30: Add a new app version
3. fill out the new app version page
Panel | ||||||
---|---|---|---|---|---|---|
| ||||||
Notice that the form fields are different from that of “add a new app version”. To add a new app version, the app version is an uneditable field. Also, you’re not required to select the groups whee you want this new app version to apply. The app roll out for new versions are handled manually to manage operational issues properly. |
...
Fig. 31: Fill out the form to add a new app version
Where an app has more than one version, it will be listed on the app versions page. see fig.32 below
...
Fig. 32: List of all available app versions
App rollout via OTA
To roll out a new app version to the field, follow these steps;
Select the app name on the Apps bank page (fig. 28)
Click on actions (fig.30) and select edit app details
From the available app versions, select the app version to roll out (see fig.33)
...
Fig. 33: Roll out the new version by selecting “map to devices”
4. select a list of devices or a device group to map the app to
...
Fig. 34: select the devices to map the app version to
Blacklist an unauthorized app
To backlist an unauthorized app follow these steps;
Select the app name on the Apps bank page (fig. 28)
Click on actions (fig.30) and select the “blacklist app” option
select the device(s) or the group of devices that the app should be blacklisted on see fig.35
...
Fig. 35: select the devices to blacklist the app on
Device Monitoring
The EMDMS portal provides the capability for the admin to manage the heartbeat details on the device. Find below the details of the hearbeat page.
...
Fig 36: device heartbeat page
...
Fig. 37: device heartbeat page
Panel | ||||||
---|---|---|---|---|---|---|
| ||||||
From the tabs listed in fig. 38 below the admin is able to navigate to view more details about the device. |
...
P.S:
By default, Android devices are set to use the same password for work & personal profiles
Users have the opportunity to set a new password in the work profile. This will override the password set in the personal profile.
If the password set for the personal profile does not meet the minimum password requirement set by the admin for the work profile, the user will not be able to access the work profile
Users cannot use screen lock or pattern. They must use a password.
The EMDMS app needs to finish downloading before the user can navigate away from the page that shows apps mapped by the admin
The user will be notified that the work profile setup is in progress.