This section contains topics that will help you start using Mobile Security Manager. It is organized into the following sections:
There are two administrator groups in Mobile Security Manager: the System Administrator group, which has full administrative privileges, and the Help Desk Administrator group, which has limited privileges. System Administrators are tasked with advanced operations, such as configuring the system, defining policies, and managing mobile roles; Help Desk Administrators are tasked with routine operations, such as inviting users to enroll a device in the mobility program, resetting passwords and passcodes, and unlocking locked Workspaces. Table 2-1 lists the different privileges that are granted to System Administrators and Help Desk Administrators.
Table 2-1 Comparison of System Administrator, Help Desk Administrator, and End-User privileges in Mobile Security Manager
Privileges | System Administrator | Help Desk Administrator | End User |
---|---|---|---|
Device Privileges |
|||
Search for and view mobile devices |
Yes |
Yes |
Yes (Own device only.) |
Lock, Wipe, De-register, Sync, and Reset/Clear Passcode on mobile devices |
Yes |
Yes |
Yes (Own device only.) |
Workspace Privileges |
|||
Search for and view Workspaces |
Yes |
Yes |
Yes (Own Workspace only.) |
Lock, Unlock, Wipe, and Reset Passcode on Workspaces |
Yes |
Yes |
Yes (Own Workspace only; cannot Unlock.) |
Mobile Users Privileges |
|||
Search for users and view basic user information in the connected Identity Store |
Yes |
Yes |
No |
Invite mobile users to enroll a device in the mobility program |
Yes |
Yes |
No |
Mobile Roles Privileges |
|||
Search for and view roles in the connected Identity Store |
Yes |
Yes |
No |
View policies assigned to roles |
Yes |
Yes |
No |
Assign policies to (or remove policies from) roles |
Yes |
No |
No |
Invite users by role assignment to enroll a device in Oracle Mobile Security Suite |
Yes |
No |
No |
Lock, unlock, and wipe devices and Workspaces by role assignment |
Yes |
No |
No |
Mobile App Catalog Privileges |
|||
Search for and view apps in the Mobile App Catalog |
Yes |
Yes |
No |
Add, edit, or delete apps in the Mobile App Catalog |
Yes |
No |
No |
Mobile Device Configurations Privileges |
|||
Search for and view e-mail, VPN, calendar, and/or Wi-Fi device configurations |
Yes |
Yes |
No |
Add, edit, or delete e-mail, VPN, calendar, and/or Wi-Fi device configurations |
Yes |
No |
No |
Mobile Security Policies Privileges |
|||
Search for and view Mobile Security Policies |
Yes |
Yes |
No |
Create, edit, and delete Mobile Security Policies |
Yes |
No |
No |
Other Administrative Privileges |
|||
View Mobile Security Manager settings |
Yes |
No |
No |
Change Mobile Security Manager settings |
Yes |
No |
No |
Access the end-user self-service console |
Yes |
Yes |
Yes |
You can configure admin groups during or after installation. To configure the System Administrator and Help Desk Administrator groups during installation, specify the LDAP groups that should map to the OMSS_IDSTORE_ROLE_SECURITY_ADMIN
and OMSS_IDSTORE_ROLE_SECURITY_HELPDESK
roles respectively.
To configure admin groups after installation, open the Identity Store Settings tab (to learn how, see Section 11.2.2, "How to Open the Mobile Security Settings Page") and update the LDAP group name(s) in the System Admin Groups table and the Helpdesk Groups table.
Note:
Administrator role changes might take up to 10 minutes to take effect.This section includes the following topics:
System Administrators, Help Desk Administrators, and end-users each have their own management consoles that they use to interact with Mobile Security Manager. All three consoles should be viewed in a Web browser.
Note:
When entering information into the management consoles, do not use the < (less-than sign) or > (greater-than sign) except to define content in notification templates. The < and > characters are restricted.System Administrators log in to the Mobile Security Manager console, and Help Desk administrators log in to the Help Desk console. The Help Desk console provides a limited interface that only contains the functionality needed for the Help Desk admin role.
Note:
See "Administrator Roles" for detailed information about how the two admin roles differ.Both the Mobile Security Manager console and the Help Desk console are deployed on the Oracle Access Management console. If Oracle Mobile Security Suite is integrated with Oracle Identity Manager, the console pages are also integrated with the Oracle Identity Manager console, and you can manage Mobile Security Manager from either console.
The Mobile Security Manager Console
The Mobile Security Manager console consists of six pages:
Mobile Devices - View the devices and Workspaces registered by a user and take security actions against a device or Workspace (lock, un-lock, wipe, and so on).
Mobile App Catalog - Add and remove apps in the catalog and edit app details.
Mobile Security Policies - Create, edit, and remove mobile security policies, and associate roles with policies.
Mobile Roles - Invite users by role assignment to register a device in Oracle Mobile Security Suite; lock, unlock, and wipe devices and Workspaces by role assignment; and assign policies to a role (or remove policies from a role).
Mobile Users - View basic user information and invite a user to register a device/Workspace with Oracle Mobile Security Suite.
Mobile Device Configurations - Add a new e-mail, VPN, calendar, or Wi-Fi configuration, or edit or remove an existing configuration.
The Mobile Security Manager Settings page is located in the Configuration section of the Oracle Access Management console.
Figure 2-1 The Mobile Security Manager console shown in the Oracle Access Management console
Figure 2-2 The Mobile Security Manager console pages as shown in the Oracle Identity Manager console
The Help Desk Console is comprised of the six Mobile Security Manager console pages and a Session Management admin page for Access Manager. The Help Desk Console does not include the Mobile Security Manager Settings page.
The Mobile Security Manager Self-Service Console
Oracle Mobile Security Suite features a Self-Service Console that end-users can use to:
Register devices with Oracle Mobile Security Suite
View their device and workspace details
Perform self-service management operations, such as lock, wipe, de-register, reset passcode, and so on
System Administrators and Help Desk Administrators can also log in to the Self-Service Console to manage their devices, provided that they are registered with Oracle Mobile Security Suite as end-users.
Figure 2-4 The Self-Service Console page as shown in the Oracle Access Management console
Figure 2-5 The Self-Service console as shown in the Oracle Identity Manager console
This section includes the following topics:
Opening the Mobile Security Manager Console and Help Desk Console
Opening the Mobile Security Manager Console in Oracle Identity Manager
Opening the Mobile Security Manager Console and Help Desk Console
Use these steps to open the Mobile Security Manager console pages in the Oracle Access Management console. If you are a Help Desk administrator, the Help Desk console opens instead.
In a browser window, open the Oracle Access Management console using the appropriate protocol (HTTP or HTTPS). For example:
https://
hostname
:
policy-manager-port
/access
or:
https://oam.example.com:14150/access
For details, see "Working with the Oracle Access Management Console" in Oracle Fusion Middleware Administrator's Guide for Oracle Access Management.
Log in with your user name and password.
Depending on your role either the Mobile Security Manager console or the Help Desk console opens.
Choose from the following options:
If logged in as a Help Desk Administrator, the Help Desk console opens. Click the tiles in the Launch Pad grid to open the Mobile Security Manager pages.
If logged in as a System Administrator, click Mobile Security.
The Mobile Security Launch Pad opens.
Under Mobile Security Manager, click View and choose from the Mobile Security Manager console pages in the menu.
Opening the Mobile Security Manager Console in Oracle Identity Manager
Use these steps to open the Mobile Security Manager console pages in the Oracle Identity Manager console.
Open the Oracle Identity Manager console in a browser using the appropriate protocol (HTTP or HTTPS).
https://
oim-server-host
:
oim-server-port
/identity
or:
https://oim.example.com:14000/identity
Log in with your user name and password.
Click Manage in the top right corner.
The Manage Home page opens.
The Mobile Security Manager console pages are integrated with Oracle Identity Manager as follows:
Click Policies and choose Mobile Security Policies from the menu.
Click Mobile Security and choose either Devices or Device Configurations from the menu.
Click Users or Roles. Mobile Security Manager tabs are built into the Users page and Roles page.
Click Mobile Applications on the Oracle Identity Manager console Home page.
At any time while using the consoles, you can click the Help link located in the drop-down menu at the top right part of the page under the user name. The system opens a Help page that describe the console page being viewed. Mobile Security Manager field-level Help descriptions are also documented in the Help Reference for Oracle Mobile Security Suite Consoles.
For general information about using Help, see "Accessing Online Help" in the Oracle Fusion Middleware Administrator's Guide for Oracle Access Management.