EMDMS User Manual
This user manual has been developed to guide the NIMC admin to set up their devices on the Enrolment Mobile Device Management System (EMDMS). The guide will be broken into 2 sections.
Onboarding devices on the EMDMS.
Managing devices on the EMDMS.
ONBOARDING DEVICES ON THE EMDMS
Instructions
To onboard devices on the EMDMS portal, follow these steps;
Login to the EMDMS admin portal on https://nimc-emdms.seamfix.com/smartmdm/ with these test credentials.
Fig1: Enter valid Login credentials to access the portal
Upon successful Login, the admin will be redirected to the Admin dashboard where they can see basic analytics about the happenings across the NIMC ecosystem.
2. Navigate to the EMDMS Enrolment module. The EMDMs enrolment module contains information about how to get the EMDMS app and the list of all activated devices from CBS
Fig. 2: Showing details about the EMDMS Enrolment page
2a. Upon clicking “Get EMDMS”, the admin is able to access the EMDMS APK to be installed
Fig.3: Showing details of the EMDMS apk file.
Upon clicking the “download the SmartMDM app from the servers, the EMDMS apk file will be downloaded on your computer and you can easily share this with your users.
For the “Download app using the QR code option,” see Fig 4 below for the view
Fig.4: Scan QR code view.
Points to Note:
The QR code can be downloaded and shared with authorized users via email of any other safe sharing methods.
The QR code can be printed and also shared with authorized users. However with printing, you need to ensure that the print is very clear. The edges of the code needs to be very visible. If some parts of the code are not visible. The app installation process will not be successful.
There are two ways to set up the EMDMS app on a mobile device.
The QR Code method
The apk file download method.
The QR Code Method
The QR code method only applies to either new devices or devices that have just been factory reset. This is because the user needs to scan the code with the inbuilt Android app QR scanner and this inbuilt scanner is only triggered during a new device set up.
Steps to set up the device using the QR code method;
For a new new device,
Turn on the device
On the Get started page (the page where you’d be required to set up your language preference & email), don’t click on “start” rather tap on the page about 6 times consequitively to launch the QR scanner
For a device already in use,
Factory reset the device
On the Get started page (the page where you’d be required to set up your language preference & email), don’t click on “start” rather tap on the page about 6 times consecutively to launch the QR scanner
The QR scanner displays like the device camera. so if the scanner has been successfully initiated, you will see the camera displayed on the device
3. Point the QR scanner (the camera view on the device) to the QR code shown in Fig. 4 above. If the QR code scanned is the correct one, the device will redirect you to the WiFi set-up page to enable you to set up an internet connection on the device to complete the download & installation of the EMDMS app
Fig. 5: Turn on the device's WiFi connection
4a. Complete device set up - This page displays a prompt notifying you that the admin is going to be managed henceforth by their organization
Fig. 6: Accept the permission to set up the device in management mode
4b. Complete device set up - The EMDMS app provisions the device in full management mode
Fig. 7: Provision device in full management mode
Full management mode means that the EMDMS app will have full control of all areas of the device. The user will only be able to access other apps & functionalities of the device from the SmartMDM dashboard.
4c. Upon successfully provisioning the devices as shown in Fig. 5 & 6 above, the user will be required to launch the SmartMDM app from the list of apps.
Fig. 8: Launch NIMC EMDMS from the list of apps.
The EMDMS app requires certain device permissions to be able to successfully run. Upon the first launch of the app, the app will prompt the user to grant the permissions highlighted in the images Fig.9 - Fig. 11 below.
Fig. 9: Grant usage access permission
Fig. 10: Click on the NIMC EMDMS to allow access
Fig. 11: Toggle on the icon
5. Device specification check
Upon successfully granting usage access, the user will be redirected to the app home page. An initial device specification check to validate if the device meets the minimum device specification to run the NIMC AES app will happen on the app home page shown in Fig. 12 below.
Fig. 12: App home page
6. Device specification check report
Devices that do not meet the minimum specification check will not be allowed to proceed from here. However, the NIMC admin has the privilege to approve the Enrolment request for a device that has failed the specification check so that they can proceed with the enrolment.
N.B: Devices that do not pass this point shall not be accessible on the list of enrolled devices on the portal.
Fig. 13a: Failed device specification check
As earlier stated, devices that do not meet the minimum device specification check will not be allowed to proceed from this page. However, the admin can manually approve this request on the portal for the user.
Fig. 13b: showing the view on the portal where an admin can approve device requests
From the view 13b above, the admin can view the component on the device that does not meet the minimum requirement and then go ahead to approve or decline the enrolment.
Fig. 13c: showing the actions - Approve & Decline
Fig. 13d: Showing results for declined enrolment requests
Fig. 13e: Showing results for approved EMDMS Enrolment request
7. Trigger the NIMC AES to start downloading on the device.
Upon successfully approving the request, the EMDMS app does a check to validate if there is a NIMC AES app on the device. if there isn’t, it triggers the NIMC AES to start downloading. see Fig. 14 below
N.B: This may take some time depending on the internet strength on the device and also becuse the NIMC AES app is large.
Fig. 14: Downloading the NIMC AES on the device
8. Upon successfully downloading the NIMC AES app, download grant usage access to the NIMC app (Fig. 15) & then fill out the device activation request form (Fig.16) to complete the EMDMS enrolment process
Fig. 15: Grant usage access to the NIMC AES
Fig. 16: Fill out the device activation request form
When the activation request is approved on CBS, the admin will be able to view the details of the device on the EMDMS portal.
Fig. 17: The list of all enrolled devices pulled from CBS
Important things to note on the device upon successfully completing the onboarding process.
The user will be able to take a tour of the app to understand the basic navigation
You should get a prompt on the notification tray displaying the download progress of apps that have been added by the organization.
On the apps menu on the app, the user will be able to view the apps on the device including those installed & those pending installation
MANAGING DEVICES ON THE EMDMS
The EMDMS Dashboard -
This module shows basic analytics of all the activities happening within the ecosystem. This is a dynamic module so the analytics displayed on this page is configurable. To access the dashboard, follow these steps;
Login to the EMDMS portal with valid credentials
The user will be redirected to the EMDMS dashboard
Fig. 20: Showing the EMDMS admin dashboard
From The dashboard displays an audit trail of activities including the following;
Admins that added an app
Admins that mapped a policy
Admins that triggered a password reset etc.
The EMDMS Device Locator -
The EMDMS device locator shows the distribution of devices across the different locations on a map view. To access the module;
Login with valid credentials
Navigate to the EMDMS Device Locator
On the map view, look for the location where the device is being used, Click on the location icon to view more details about the device
Fig. 21: Showing device location across their various locations on a map.
EMDMS Users -
The EMDMS user module enables the admin to create users on the EMDMS portal and assign them roles. There are basically two roles on the EMDMS portal. The Admin role & the agent role. Only the admin users can access the EMDMS portal and perform device management functions. The agent users on the other hand only have access to their assigned devices.
Only admin users can be created on the EMDMS portal. Agent users-device assignment on CBS applies to the users
EMDMS Policies -
policies contain a set of restrictions that the IT admin can apply to devices to enforce compliance. To access policies,
Login with valid credentials
Select EMDMS policies
From the list of policies, select policies to apply to specific devices.
Fig. 22: Showing the list of available policies on the portal
Geofencing -
Geofences are the locations listed for a device(s) at the point of activation. These locations are not created on the EMDMS portal. Once a device is successfully onboarded on the EMDMS, the location assigned to that device will be displayed on the EMDMS “Geofences” policy. To access the listed geofences, follow these steps
Login to the EMDMS portal
Navigate to EMDMS policies
Select “Geofences” from the list of policies displayed (see Fig. 22 above). The admin will be able to view all the geofences available within the ecosystem.
Fig. 23: showing all geofeneces with their corresponding coordinates
It is not enough to retrieve the geofences. It needs to be enforced. Enforcing a geofence means that users within that location will not be able to perform any actions on their devices for the period of the geofence action.
The following policies must be applied to your devices before geofence can be enforced.
Enable Location Tracking
Enforce Location tracking
Enforce Geofence
Reasons why Enforcing Geofence may not work
The above policies are not applied to the device(s)
The device is unable to send location details
Geofence Blacklist -
This feature enables the admin to be able to blacklist an entire geofence. To achieve this follow these steps;
Login to the portal,
Navigate to the EMDMS policies module (see Fig. 22)
Select “Geofences” from the list of policies
Select the location you intend to blacklist from the options displayed (see Fig. 23)
Click the “actions” icon by the location of your choice and select the option “blacklist (see Fig. 24 below)
Fig. 24a: Showing the “blacklist” geofence option
You can also whitelist a blacklisted geofence (you can follow the same process described above).
Upon successfully triggering the “blacklist” action from the portal, all devices within that blacklisted geofence that has the “enforce geofence” policy enabled for them will be blacklisted. see fig. 24b below
Fig. 24b: Device locked due to blacklisted geofence
Geofence Waiver
Geofence waiver can be used when an admin decides that despite the initial geofence assigned to a device, they want the user to be able to use the device in a new location which is not the user’s original geofence for a while. To apply the waiver policy, follow these steps;
Login to the portal
Navigate to Policies
Select the “Geofence Waiver” policy from the list of policies displayed (see fig. 22 above). If you have created waiver locations, the list of locations that you have created will be displayed on the geofence waiver page. Otherwise, you will be required to create a new location.
Enter the correct Latitude & the Longitude coordinates location & click save geofence (see fig. 25)
The new location will be displayed on the table as a list of geofence locations
To apply the location to a device,
Navigate to actions,
select the “apply to devices” option (see fig. 26)
select how long you want this device to be usable in this new location (see fig. 27)
Fig. 25: Enter coordinates (lat & long)
Fig. 26: Geofence waiver locations
Fig. 27: Select the duration of the waiver
Upon successfully apply the geofence waiver to a device, the device shall become accessible to the user for the period of the geofence. as soon as the time elapses, the device will become locked again except;
The user returns back to their initial geofence or
Their geofence is whitelisted
The “enforce geofence” policy is removed from the device. (in this case, whether the user is within or out of their geofence, the geofenec restrictions will not apply to them)
Applications Management
The applications management module enables the admin to be able to manage applications usage & transfer within the NIMC ecosystem. amongst other things, you’d be able to
Blacklist an unauthorized app
Uninstall an unauthorized app
Add a new app version and push the upgrade via OTA (Over-the-air) app upgrade
Monitor the app usage including - total data consumed, screentime spent on an app.
Add a new app
To add a new app, follow these steps;
Navigate to the Applications Management module
Click on the “Add new app” button
Fig. 28: Add a new app
3. Fill out the form with the correct details
Points to Note:
The App ID is the unique identifier of the app. (If this is a private app not on he playstore, reach out to the app publisher to share the app ID with you)
Ensure that you enter the correct app version
Click on the upload app file option (tagged 1 on the screenshot fig.29 below) to upload the apk file of the app
To automate OTA, you are required to select the group of devices you want this app to be mapped to. By default, when this group is selected, any app added that belonged to the group selected here will automatically get this app downloaded on them.
Fig. 29. Add details of the new app
Add a new app version
This can be used to update an app version. To add a new version, follow the steps below;
Navigate to the applications management module
From the list of apps, select the app version to update
Select action > add a new app version (see fig. 30) below
Fig. 30: Add a new app version
3. fill out the new app version page
Notice that the form fields are different from that of “add a new app version”. To add a new app version, the app version is an uneditable field. Also, you’re not required to select the groups whee you want this new app version to apply. The app roll out for new versions are handled manually to manage operational issues properly.
Fig. 31: Fill out the form to add a new app version
Where an app has more than one version, it will be listed on the app versions page. see fig.32 below
Fig. 32: List of all available app versions
App rollout via OTA
To roll out a new app version to the field, follow these steps;
Select the app name on the Apps bank page (fig. 28)
Click on actions (fig.30) and select edit app details
From the available app versions, select the app version to roll out (see fig.33)
Fig. 33: Roll out the new version by selecting “map to devices”
4. select a list of devices or a device group to map the app to
Fig. 34: select the devices to map the app version to
Blacklist an unauthorized app
To backlist an unauthorized app follow these steps;
Select the app name on the Apps bank page (fig. 28)
Click on actions (fig.30) and select the “blacklist app” option
select the device(s) or the group of devices that the app should be blacklisted on see fig.35
Fig. 35: select the devices to blacklist the app on
Device Monitoring
The EMDMS portal provides the capability for the admin to manage the heartbeat details on the device. Find below the details of the hearbeat page.
Fig 36: device heartbeat page
Fig. 37: device heartbeat page
From the tabs listed in fig. 38 below the admin is able to navigate to view more details about the device.
P.S:
By default, Android devices are set to use the same password for work & personal profiles
Users have the opportunity to set a new password in the work profile. This will override the password set in the personal profile.
If the password set for the personal profile does not meet the minimum password requirement set by the admin for the work profile, the user will not be able to access the work profile
Users cannot use screen lock or pattern. They must use a password.
The EMDMS app needs to finish downloading before the user can navigate away from the page that shows apps mapped by the admin
The user will be notified that the work profile setup is in progress.