2 Getting Started Working With Mobile Security Manager

This section contains topics that will help you start using Mobile Security Manager. It is organized into the following sections:

Administrator Roles
Working With the Mobile Security Manager Console Pages

2.1 Administrator Roles

There are two administrator groups in Mobile Security Manager: the System Administrator group, which has full administrative privileges, and the Help Desk Administrator group, which has limited privileges. System Administrators are tasked with advanced operations, such as configuring the system, defining policies, and managing mobile roles; Help Desk Administrators are tasked with routine operations, such as inviting users to enroll a device in the mobility program, resetting passwords and passcodes, and unlocking locked Workspaces. Table 2-1 lists the different privileges that are granted to System Administrators and Help Desk Administrators.

Table 2-1 Comparison of System Administrator, Help Desk Administrator, and End-User privileges in Mobile Security Manager

Privileges	System Administrator	Help Desk Administrator	End User
Device Privileges
Search for and view mobile devices	Yes	Yes	Yes (Own device only.)
Lock, Wipe, De-register, Sync, and Reset/Clear Passcode on mobile devices	Yes	Yes	Yes (Own device only.)
Workspace Privileges
Search for and view Workspaces	Yes	Yes	Yes (Own Workspace only.)
Lock, Unlock, Wipe, and Reset Passcode on Workspaces	Yes	Yes	Yes (Own Workspace only; cannot Unlock.)
Mobile Users Privileges
Search for users and view basic user information in the connected Identity Store	Yes	Yes	No
Invite mobile users to enroll a device in the mobility program	Yes	Yes	No
Mobile Roles Privileges
Search for and view roles in the connected Identity Store	Yes	Yes	No
View policies assigned to roles	Yes	Yes	No
Assign policies to (or remove policies from) roles	Yes	No	No
Invite users by role assignment to enroll a device in Oracle Mobile Security Suite	Yes	No	No
Lock, unlock, and wipe devices and Workspaces by role assignment	Yes	No	No
Mobile App Catalog Privileges
Search for and view apps in the Mobile App Catalog	Yes	Yes	No
Add, edit, or delete apps in the Mobile App Catalog	Yes	No	No
Mobile Device Configurations Privileges
Search for and view e-mail, VPN, calendar, and/or Wi-Fi device configurations	Yes	Yes	No
Add, edit, or delete e-mail, VPN, calendar, and/or Wi-Fi device configurations	Yes	No	No
Mobile Security Policies Privileges
Search for and view Mobile Security Policies	Yes	Yes	No
Create, edit, and delete Mobile Security Policies	Yes	No	No
Other Administrative Privileges
View Mobile Security Manager settings	Yes	No	No
Change Mobile Security Manager settings	Yes	No	No
Access the end-user self-service console	Yes	Yes	Yes

2.1.1 How to Add Mobile Security Manager System Administrators and Help Desk Administrators

You can configure admin groups during or after installation. To configure the System Administrator and Help Desk Administrator groups during installation, specify the LDAP groups that should map to the OMSS_IDSTORE_ROLE_SECURITY_ADMIN and OMSS_IDSTORE_ROLE_SECURITY_HELPDESK roles respectively.

To configure admin groups after installation, open the Identity Store Settings tab (to learn how, see Section 11.2.2, "How to Open the Mobile Security Settings Page") and update the LDAP group name(s) in the System Admin Groups table and the Helpdesk Groups table.

Note:

Administrator role changes might take up to 10 minutes to take effect.

2.2 Working With the Mobile Security Manager Console Pages

This section includes the following topics:

About the Mobile Security Manager Console Pages
Opening the Mobile Security Manager Console Pages
Accessing Online Help

2.2.1 About the Mobile Security Manager Console Pages

System Administrators, Help Desk Administrators, and end-users each have their own management consoles that they use to interact with Mobile Security Manager. All three consoles should be viewed in a Web browser.

Note:

When entering information into the management consoles, do not use the < (less-than sign) or > (greater-than sign) except to define content in notification templates. The < and > characters are restricted.

System Administrators log in to the Mobile Security Manager console, and Help Desk administrators log in to the Help Desk console. The Help Desk console provides a limited interface that only contains the functionality needed for the Help Desk admin role.

Note:

See "Administrator Roles" for detailed information about how the two admin roles differ.

Both the Mobile Security Manager console and the Help Desk console are deployed on the Oracle Access Management console. If Oracle Mobile Security Suite is integrated with Oracle Identity Manager, the console pages are also integrated with the Oracle Identity Manager console, and you can manage Mobile Security Manager from either console.

The Mobile Security Manager Console

The Mobile Security Manager console consists of six pages:

Mobile Devices - View the devices and Workspaces registered by a user and take security actions against a device or Workspace (lock, un-lock, wipe, and so on).
Mobile App Catalog - Add and remove apps in the catalog and edit app details.
Mobile Security Policies - Create, edit, and remove mobile security policies, and associate roles with policies.
Mobile Roles - Invite users by role assignment to register a device in Oracle Mobile Security Suite; lock, unlock, and wipe devices and Workspaces by role assignment; and assign policies to a role (or remove policies from a role).
Mobile Users - View basic user information and invite a user to register a device/Workspace with Oracle Mobile Security Suite.
Mobile Device Configurations - Add a new e-mail, VPN, calendar, or Wi-Fi configuration, or edit or remove an existing configuration.

The Mobile Security Manager Settings page is located in the Configuration section of the Oracle Access Management console.

Figure 2-1 The Mobile Security Manager console shown in the Oracle Access Management console

Description of ''Figure 2-1 The Mobile Security Manager console shown in the Oracle Access Management console''

Figure 2-2 The Mobile Security Manager console pages as shown in the Oracle Identity Manager console

Description of ''Figure 2-2 The Mobile Security Manager console pages as shown in the Oracle Identity Manager console''

The Help Desk Console

The Help Desk Console is comprised of the six Mobile Security Manager console pages and a Session Management admin page for Access Manager. The Help Desk Console does not include the Mobile Security Manager Settings page.

Figure 2-3 The Help Desk console

Description of ''Figure 2-3 The Help Desk console''

The Mobile Security Manager Self-Service Console

Oracle Mobile Security Suite features a Self-Service Console that end-users can use to:

Register devices with Oracle Mobile Security Suite
View their device and workspace details
Perform self-service management operations, such as lock, wipe, de-register, reset passcode, and so on

System Administrators and Help Desk Administrators can also log in to the Self-Service Console to manage their devices, provided that they are registered with Oracle Mobile Security Suite as end-users.

Figure 2-4 The Self-Service Console page as shown in the Oracle Access Management console

Description of ''Figure 2-4 The Self-Service Console page as shown in the Oracle Access Management console''

Figure 2-5 The Self-Service console as shown in the Oracle Identity Manager console

Description of ''Figure 2-5 The Self-Service console as shown in the Oracle Identity Manager console''

2.2.2 Opening the Mobile Security Manager Console Pages

This section includes the following topics:

Opening the Mobile Security Manager Console and Help Desk Console
Opening the Mobile Security Manager Console in Oracle Identity Manager

Opening the Mobile Security Manager Console and Help Desk Console

Use these steps to open the Mobile Security Manager console pages in the Oracle Access Management console. If you are a Help Desk administrator, the Help Desk console opens instead.

In a browser window, open the Oracle Access Management console using the appropriate protocol (HTTP or HTTPS). For example:

https://hostname:policy-manager-port/access

or:

https://oam.example.com:14150/access

For details, see "Working with the Oracle Access Management Console" in Oracle Fusion Middleware Administrator's Guide for Oracle Access Management.
Log in with your user name and password.

Depending on your role either the Mobile Security Manager console or the Help Desk console opens.
Choose from the following options:
- If logged in as a Help Desk Administrator, the Help Desk console opens. Click the tiles in the Launch Pad grid to open the Mobile Security Manager pages.
- If logged in as a System Administrator, click Mobile Security.
  
  The Mobile Security Launch Pad opens.
  
  Under Mobile Security Manager, click View and choose from the Mobile Security Manager console pages in the menu.

Opening the Mobile Security Manager Console in Oracle Identity Manager

Use these steps to open the Mobile Security Manager console pages in the Oracle Identity Manager console.

Open the Oracle Identity Manager console in a browser using the appropriate protocol (HTTP or HTTPS).

https://oim-server-host:oim-server-port/identity

or:

https://oim.example.com:14000/identity
Log in with your user name and password.
Click Manage in the top right corner.

The Manage Home page opens.
The Mobile Security Manager console pages are integrated with Oracle Identity Manager as follows:
- Click Policies and choose Mobile Security Policies from the menu.
- Click Mobile Security and choose either Devices or Device Configurations from the menu.
- Click Users or Roles. Mobile Security Manager tabs are built into the Users page and Roles page.
- Click Mobile Applications on the Oracle Identity Manager console Home page.

2.2.3 Accessing Online Help

At any time while using the consoles, you can click the Help link located in the drop-down menu at the top right part of the page under the user name. The system opens a Help page that describe the console page being viewed. Mobile Security Manager field-level Help descriptions are also documented in the Help Reference for Oracle Mobile Security Suite Consoles.

For general information about using Help, see "Accessing Online Help" in the Oracle Fusion Middleware Administrator's Guide for Oracle Access Management.