Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 14 Next »

This user manual has been developed to guide the NIMC admin to set up their devices on the Enrolment Mobile Device Management System (EMDMS). The guide will be broken into 2 sections.

  1. Onboarding devices on the EMDMS.

  2. Managing devices on the EMDMS.

ONBOARDING DEVICES ON THE EMDMS

\uD83D\uDCD8 Instructions

To onboard devices on the EMDMS portal, follow these steps;

  1. Login to the EMDMS admin portal on https://nimc-emdms.seamfix.com/smartmdm/ with these test credentials.

    1. Username - haguonye@seamfix.com

    2. Password - Aa123456@

Fig1: Enter valid Login credentials to access the portal

Upon successful Login, the admin will be redirected to the Admin dashboard where they can see basic analytics about the happenings across the NIMC ecosystem.

2. Navigate to the EMDMS Enrolment module. The EMDMs enrolment module contains information about how to get the EMDMS app and the list of all activated devices from CBS

Fig. 2: Showing details about the EMDMS Enrolment page

2a. Upon clicking “Get EMDMS”, the admin is able to access the EMDMS APK to be installed

Fig.3: Showing details of the EMDMS apk file.

Upon clicking the “download the SmartMDM app from the servers, the EMDMS apk file will be downloaded on your computer and you can easily share this with your users.

For the “Download app using the QR code option,” see Fig 4 below for the view

Fig.4: Scan QR code view.

Points to Note:

  1. The QR code can be downloaded and shared with authorized users via email of any other safe sharing methods.

  2. The QR code can be printed and also shared with authorized users. However with printing, you need to ensure that the print is very clear. The edges of the code needs to be very visible. If some parts of the code are not visible. The app installation process will not be successful.

There are two ways to set up the EMDMS app on a mobile device.

  1. The QR Code method

  2. The apk file download method.

The QR Code Method

The QR code method only applies to either new devices or devices that have just been factory reset. This is because the user needs to scan the code with the inbuilt Android app QR scanner and this inbuilt scanner is only triggered during a new device set up.

Steps to set up the device using the QR code method;

  1. For a new new device,

    1. Turn on the device

    2. On the Get started page (the page where you’d be required to set up your language preference & email), don’t click on “start” rather tap on the page about 6 times consequitively to launch the QR scanner

  2. For a device already in use,

    1. Factory reset the device

    2. On the Get started page (the page where you’d be required to set up your language preference & email), don’t click on “start” rather tap on the page about 6 times consecutively to launch the QR scanner

The QR scanner displays like the device camera. so if the scanner has been successfully initiated, you will see the camera displayed on the device

3. Point the QR scanner (the camera view on the device) to the QR code shown in Fig. 4 above. If the QR code scanned is the correct one, the device will redirect you to the WiFi set-up page to enable you to set up an internet connection on the device to complete the download & installation of the EMDMS app

Fig. 5: Turn on the device's WiFi connection

4a. Complete device set up - This page displays a prompt notifying you that the admin is going to be managed henceforth by their organization

Fig. 6: Accept the permission to set up the device in management mode

4b. Complete device set up - The EMDMS app provisions the device in full management mode

Fig. 7: Provision device in full management mode

Full management mode means that the EMDMS app will have full control of all areas of the device. The user will only be able to access other apps & functionalities of the device from the SmartMDM dashboard.

4c. Upon successfully provisioning the devices as shown in Fig. 5 & 6 above, the user will be required to launch the SmartMDM app from the list of apps.

Fig. 8: Launch NIMC EMDMS from the list of apps.

The EMDMS app requires certain device permissions to be able to successfully run. Upon the first launch of the app, the app will prompt the user to grant the permissions highlighted in the images Fig.9 - Fig. 11 below.

Fig. 9: Grant usage access permission

Fig. 10: Click on the NIMC EMDMS to allow access

Fig. 11: Toggle on the icon

5. Device specification check

Upon successfully granting usage access, the user will be redirected to the app home page. An initial device specification check to validate if the device meets the minimum device specification to run the NIMC AES app will happen on the app home page shown in Fig. 12 below.

Fig. 12: App home page

6. Device specification check report

Devices that do not meet the minimum specification check will not be allowed to proceed from here. However, the NIMC admin has the privilege to approve the Enrolment request for a device that has failed the specification check so that they can proceed with the enrolment.

N.B: Devices that do not pass this point shall not be accessible on the list of enrolled devices on the portal.

Fig. 13a: Failed device specification check

As earlier stated, devices that do not meet the minimum device specification check will not be allowed to proceed from this page. However, the admin can manually approve this request on the portal for the user.

Fig. 13b: showing the view on the portal where an admin can approve device requests

From the view 13b above, the admin can view the component on the device that does not meet the minimum requirement and then go ahead to approve or decline the enrolment.

Fig. 13c: showing the actions - Approve & Decline

Fig. 13d: Showing results for declined enrolment requests

Fig. 13e: Showing results for approved EMDMS Enrolment request

7. Trigger the NIMC AES to start downloading on the device.

Upon successfully approving the request, the EMDMS app does a check to validate if there is a NIMC AES app on the device. if there isn’t, it triggers the NIMC AES to start downloading. see Fig. 14 below

N.B: This may take some time depending on the internet strength on the device and also becuse the NIMC AES app is large.

Fig. 14: Downloading the NIMC AES on the device

8. Upon successfully downloading the NIMC AES app, download grant usage access to the NIMC app (Fig. 15) & then fill out the device activation request form (Fig.16) to complete the EMDMS enrolment process

Fig. 15: Grant usage access to the NIMC AES

Fig. 16: Fill out the device activation request form

When the activation request is approved on CBS, the admin will be able to view the details of the device on the EMDMS portal.

Fig. 17: The list of all enrolled devices pulled from CBS

Important things to note on the device upon successfully completing the onboarding process.

  • The user will be able to take a tour of the app to understand the basic navigation

  • You should get a prompt on the notification tray displaying the download progress of apps that have been added by the organization.

  • On the apps menu on the app, the user will be able to view the apps on the device including those installed & those pending installation

MANAGING DEVICES ON THE EMDMS

The EMDMS Dashboard -

This module shows basic analytics of all the activities happening within the ecosystem. This is a dynamic module so the analytics displayed on this page is configurable. To access the dashboard, follow these steps;

  1. Login to the EMDMS portal with valid credentials

  2. The user will be redirected to the EMDMS dashboard

Fig. 20: Showing the EMDMS admin dashboard

From The dashboard displays an audit trail of activities including the following;

  • Admins that added an app

  • Admins that mapped a policy

  • Admins that triggered a password reset etc.

The EMDMS Device Locator -

The EMDMS device locator shows the distribution of devices across the different locations on a map view. To access the module;

  1. Login with valid credentials

  2. Navigate to the EMDMS Device Locator

  3. On the map view, look for the location where the device is being used, Click on the location icon to view more details about the device

Fig. 21: Showing device location across their various locations on a map.

EMDMS Users -

The EMDMS user module enables the admin to create users on the EMDMS portal and assign them roles. There are basically two roles on the EMDMS portal. The Admin role & the agent role. Only the admin users can access the EMDMS portal and perform device management functions. The agent users on the other hand only have access to their assigned devices.

Only admin users can be created on the EMDMS portal. Agent users-device assignment on CBS applies to the users

EMDMS Policies -

policies contain a set of restrictions that the IT admin can apply to devices to enforce compliance. To access policies,

  1. Login with valid credentials

  2. Select EMDMS policies

  3. From the list of policies, select policies to apply to specific devices.

Fig. 22: Showing the list of available policies on the portal

Geofencing -

Geofences are the locations listed for a device(s) at the point of activation. These locations are not created on the EMDMS portal. Once a device is successfully onboarded on the EMDMS, the location assigned to that device will be displayed on the EMDMS “Geofences” policy. To access the listed geofences, follow these steps

  1. Login to the EMDMS portal

  2. Navigate to EMDMS policies

  3. Select “Geofences” from the list of policies displayed (see Fig. 22 above). The admin will be able to view all the geofences available within the ecosystem.

Fig. 23: showing all geofeneces with their corresponding coordinates

It is not enough to retrieve the geofences. It needs to be enforced. Enforcing a geofence means that users within that location will not be able to perform any actions on their devices for the period of the geofence action.

The following policies must be applied to your devices before geofence can be enforced.

  1. Enable Location Tracking

  2. Enforce Location tracking

  3. Enforce Geofence

Reasons why Enforcing Geofence may not work

  1. The above policies are not applied to the device(s)

  2. The device is unable to send location details

Geofence Blacklist -

This feature enables the admin to be able to blacklist an entire geofence. To achieve this follow these steps;

  1. Login to the portal,

  2. Navigate to the EMDMS policies module (see Fig. 22)

  3. Select “Geofences” from the list of policies

  4. Select the location you intend to blacklist from the options displayed (see Fig. 23)

  5. Click the “actions” icon by the location of your choice and select the option “blacklist (see Fig. 24 below)

Fig. 24a: Showing the “blacklist” geofence option

You can also whitelist a blacklisted geofence (you can follow the same process described above).

Upon successfully triggering the “blacklist” action from the portal, all devices within that blacklisted geofence that has the “enforce geofence” policy enabled for them will be blacklisted. see fig. 24b below

Fig. 24b: Device locked due to blacklisted geofence

Geofence Waiver

Geofence waiver can be used when an admin decides that despite the initial geofence assigned to a device, they want the user to be able to use the device in a new location which is not the user’s original geofence for a while. To apply the waiver policy, follow these steps;

  1. Login to the portal

  2. Navigate to Policies

  3. Select the “Geofence Waiver” policy from the list of policies displayed (see fig. 22 above). If you have created waiver locations, the list of locations that you have created will be displayed on the geofence waiver page. Otherwise, you will be required to create a new location.

    1. Enter the correct Latitude & the Longitude coordinates location & click save geofence (see fig. 25)

    2. The new location will be displayed on the table as a list of geofence locations

  4. To apply the location to a device,

    1. Navigate to actions,

    2. select the “apply to devices” option (see fig. 26)

    3. select how long you want this device to be usable in this new location (see fig. 27)

Fig. 25: Enter coordinates (lat & long)

Fig. 26: Geofence waiver locations

Fig. 27: Select the duration of the waiver

Upon successfully apply the geofence waiver to a device, the device shall become accessible to the user for the period of the geofence. as soon as the time elapses, the device will become locked again except;

  1. The user returns back to their initial geofence or

  2. Their geofence is whitelisted

  3. The “enforce geofence” policy is removed from the device. (in this case, whether the user is within or out of their geofence, the geofenec restrictions will not apply to them)

Applications Management

The applications management module enables the admin to be able to manage applications usage & transfer within the NIMC ecosystem. amongst other things, you’d be able to

  • Blacklist an unauthorized app

  • Uninstall an unauthorized app

  • Add a new app version and push the upgrade via OTA (Over-the-air) app upgrade

  • Monitor the app usage including - total data consumed, screentime spent on an app.

Add a new app

To add a new app, follow these steps;

  1. Navigate to the Applications Management module

  2. Click on the “Add new app” button

Fig. 28: Add a new app

3. Fill out the form with the correct details

Points to Note:

  1. The App ID is the unique identifier of the app. (If this is a private app not on he playstore, reach out to the app publisher to share the app ID with you)

  2. Ensure that you enter the correct app version

  3. Click on the upload app file option (tagged 1 on the screenshot fig.29 below) to upload the apk file of the app

  4. To automate OTA, you are required to select the group of devices you want this app to be mapped to. By default, when this group is selected, any app added that belonged to the group selected here will automatically get this app downloaded on them.

Fig. 29. Add details of the new app

Add a new app version

This can be used to update an app version. To add a new version, follow the steps below;

  1. Navigate to the applications management module

  2. From the list of apps, select the app version to update

    1. Select action > add a new app version (see fig. 30) below

Fig. 30: Add a new app version

3. fill out the new app version page

Notice that the form fields are different from that of “add a new app version”. To add a new app version, the app version is an uneditable field. Also, you’re not required to select the groups whee you want this new app version to apply. The app roll out for new versions are handled manually to manage operational issues properly.

Fig. 31: Fill out the form to add a new app version

Where an app has more than one version, it will be listed on the app versions page. see fig.32 below

Fig. 32: List of all available app versions

App rollout via OTA

To roll out a new app version to the field, follow these steps;

  1. Select the app name on the Apps bank page (fig. 28)

  2. Click on actions (fig.30) and select edit app details

  3. From the available app versions, select the app version to roll out (see fig.33)

Fig. 33: Roll out the new version by selecting “map to devices”

4. select a list of devices or a device group to map the app to

Fig. 34: select the devices to map the app version to

Blacklist an unauthorized app

To backlist an unauthorized app follow these steps;

  1. Select the app name on the Apps bank page (fig. 28)

  2. Click on actions (fig.30) and select the “blacklist app” option

  3. select the device(s) or the group of devices that the app should be blacklisted on see fig.35

Fig. 35: select the devices to blacklist the app on

Device Monitoring

The EMDMS portal provides the capability for the admin to manage the heartbeat details on the device. Find below the details of the hearbeat page.

Fig 36: device heartbeat page

Fig. 37: device heartbeat page

From the tabs listed in fig. 38 below the admin is able to navigate to view more details about the device.

  • No labels

0 Comments

You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account.