Use the Mobile Devices page to search for and view details about the devices and Workspaces registered to a user, and to perform routine administrative tasks on managed devices (Lock, Wipe, De-register, Sync, Clear/Reset Passcode) and Workspaces (Lock, Unlock, Wipe, Reset Passcode).
The following topics are covered:
Use this section to:
Search for devices and Workspaces.
View the devices and Workspaces registered to a user.
Select a managed device or Workspace to manage.
This view is arranged in the following sections:
Search for users, then use the Status and Sort menus to further refine your search. The buttons on the action bar are described in the following table.
Element | Description |
---|---|
Search |
Type a search term and press the search button. Search results are returned as follows:
You cannot use wildcards but partial matches will return results, for example: mith will return results for "Smith." |
Status |
Choose from the following menu options:
|
Refresh |
Click Refresh to update the screen with any changes made on the (back-end) server. |
Sort |
Choose from the following menu options:
|
Table of Users, Devices, and Workspaces (Search Results)
This section of the Devices page lists users, devices, and Workspaces that meet the search criteria. Click a device or Workspace icon to view additional details and management options.
Element | Description |
---|---|
User Name (UID) |
The user name (UID) of the user to which the device and/or Workspace is registered. A user with multiple devices will have multiple records, one record per device and/or Workspace. |
|
Indicates a managed device. Click to manage the device and view additional details.
The search results table displays the name given to the device. |
|
Indicates an unmanaged device (that is, a device that belongs to the user). You cannot perform actions on unmanaged devices. |
|
Click to manage the Workspace and view additional details.
The search results table displays the Workspace's globally unique identifier (GUID). |
"Managing Devices and Workspaces" in Administering Oracle Mobile Security Suite
Use this section to:
Manage a specific managed device registered to a user. (You cannot manage an unmanaged device.)
View detailed information about a specific mobile device registered to a user.
This view is arranged in the following sections:
Use the buttons to secure data on the device.
Element | Description |
---|---|
Lock |
Locks the device. The user can unlock the device by entering their PIN or password. Mobile Security Manager cannot unlock the device remotely.
Note: The device status displays as "Registered"; it does not change to "Locked." |
Wipe | Resets the device to its original factory state by erasing all of the stored settings, data, and applications. |
De-register |
Removes the Workspace app, including certificates, restrictions, and other content that was provisioned by the Mobile Security Manager. Containerized apps no longer work, but the user must delete them manually. All pending operations are cancelled, and certificates issued to the device are revoked. Following this action the device is no longer controlled by the server. In the console the device status displays as "De-registered," unless the Device/Workspace De-registration Policy (located in Server Settings) is set to Delete, in which case the device record is deleted from the server |
Sync |
Forces the device to synchronize with the Mobile Security Manager, to update the app, certificates, restrictions, and other content that was provisioned. |
Clear Passcode / Reset Passcode |
This action is intended for use when the device user forgets their password.
|
Element | Description |
---|---|
Details |
Click to:
|
Credentials |
Click to:
|
Policies |
Click to:
|
View device properties from this tab.
Element | Description |
---|---|
Name |
Shows the model ID for iOS devices, and the model number for Android devices. |
Description |
A short description of the type of device. |
Identifier |
A unique identifier assigned to the device by the Mobile Security Manager. |
Version |
Version label of the device operating system assigned by the manufacturer. |
Platform |
Indicates the operating system software installed on the device. Either iOS or Android. |
Platform Version |
The version number of the operating system software installed on the device. |
Compliance Level |
Indicates if the device is in compliance with the effective policy.
One of the following:
|
State |
The Mobile Security Manager registration status of this device. One of the following:
|
User |
The user ID of the user who enrolled the device with the Mobile Security Manager system. |
Enrollment Time |
Timestamp that indicates when the device was enrolled with the Mobile Security Manager system. The recorded time is the time at the Mobile Security Manager server, not the time where the device is located. |
Last Sync Time |
Timestamp that indicates when the device was last synchronized with the Mobile Security Manager system. The recorded time is the time at the Mobile Security Manager server, not the time where the device is located. |
Element | Description |
---|---|
Model |
The model name of the device. |
Manufacturer |
The name of the device manufacturer. |
Manufacturer ID |
The unique identifier assigned to the device by the manufacturer. |
Serial Number |
The unique code assigned by the manufacturer to a specific unit of the device. |
MAC |
The unique MAC (Media Access Control) address of the device. |
Product Type |
The product classification. |
Storage Capacity |
The amount of data in Gigabytes (GB) that the device can store. |
Available Storage |
The amount of remaining storage in Gigabytes (GB) that the device can use to store apps, files, and other data. |
Battery Level |
The estimated amount of battery life available on the device represented as a decimal percentage where 1 means 100% (full). |
Lists additional properties captured from the device. Refer to the device manufacturer's documentation for details.
View details about certificates provisioned to the device. Click a certificate record in the table to view details.
If no certificates are present, this tab is hidden.
Element | Description |
---|---|
View |
Choose from the menu to control how the search results are displayed:
|
Serial Number |
The serial number that uniquely identifies the certificate. |
Expires On |
Date and time that the certificate will stop being valid. The certificate should be renewed or replaced prior to this date. |
Created On |
Date and time that the certificate was created. |
Issued By |
The name of the certificate authority that issued the digital certificate. |
Primary |
Indicates if this certificate is the primary authentication certificate for this device used for communication with the Mobile Security Manager. |
View the applicable and effective device management policies from this tab.
The list of mobile security policies that are applicable for this device. Click an applicable policy name. The read-only policy details are shown in a pop-up.
The mobile security policy that is enforced on the device. Specifically, the Effective Policy is the merge of elements across all applicable mobile security policies that apply to the device.
Restrictions Device restrictions as established by the Effective Policy. A check mark shows functionality that is disabled on the device due to policy restrictions.
Element | Description |
---|---|
General |
A check mark disables options in this category. This applies to all platforms (both iOS and Android devices). |
Camera |
Prevents use of the camera. |
iOS |
A check mark disables options in this category. |
App Installation |
Removes the App Store icon and prevents users from installing or updating apps using the Apple App Store. |
Assistant |
Disables Siri. |
Assistance while device locked |
Disables Siri when the device is locked. This restriction is ignored if the device does not have a passcode set. (iOS 5.1 and later) |
Cloud Backup |
Prevents backing up the device to iCloud. (iOS 5.0 and later) |
Cloud Document Sync |
Prevents document syncing to iCloud. (iOS 5.0 and later) |
Cloud Keychain Sync |
Prevents iCloud Keychain synchronization. (iOS 7.0 and later) |
Diagnostic Submission |
Prevent diagnostic data from being reported to Apple. (iOS 6.0 and later) |
Explicit Content |
Block explicit music or video content purchased from the iTunes Store. |
Fingerprint for Unlock |
Disables the TouchID feature, which unlocks the device using fingerprints. (iOS 7.0 and later) |
Lock Screen Control Center |
Prevents the Control Center (accessed by swiping up from the bottom of the screen) from appearing on the lock screen. (iOS 7.0 and later) |
Lock Screen Notifications View |
Blocks the Notification Center from showing on the lock screen. (iOS 7.0 and later) |
Lock Screen Today View |
Blocks the Today View from showing on the lock screen. (iOS 7.0 and later) |
Ad Tracking |
Limits ad tracking. |
iTunes |
Removes the iTunes icon and prevents access to the iTunes music store. |
iTunes Store Password Entry |
Requires the user to enter a valid iTunes password before every transaction. |
Untrusted TLS Prompt |
Automatically rejects untrusted HTTPS certificates without prompting the user. (iOS 5.0 and later) |
Shared Stream |
Blocks the shared albums or shared Photo Stream feature. (iOS 6.0 and later) |
Screenshot |
Prevents users from saving a screen capture of the display. |
Safari |
Removes the Safari icon and prevents the use of the Safari Web browser. This also prevents users from opening Web clips. |
Photo Stream |
Disables the Photo Stream feature. (iOS 5.0 and later) |
Passbook While Locked |
Prevents the Passbook notifications from being shown on the lock screen. (iOS 6.0 and later) |
Over-the-air PKI Updates |
Prevents over-the-air PKI updates. This restriction does not disable CRL and OCSP checks. (iOS 7.0 and later) |
Authentication Authentication settings applicable to the device as established by the Effective Policy.
Element | Description |
---|---|
Password Required | A check mark indicates that password authentication is required. |
Password Minimum Length |
The least number of characters that the system will accept when the user creates a password. A value of 0 means there is no minimum length. |
Password History |
The number of passwords that the system will retain to prevent a user from reusing the same passwords. A value of 0 means the system will not prevent a user from reusing the same password. |
Maximum Idle Timeout for Auto Lock |
The number of minutes before an inactive device is locked. A value of 0 means the Auto Lock feature is disabled. |
Maximum Failed Attempts Before Device Wipe |
Indicates the number of failed authentication attempts allowed before the system deletes the device and the user data that it contains. A value of 0 means that this feature is disabled. |
Password Expiry |
Indicates if the user credential should expire after a set number of days.
|
Password Expiry Duration |
The number of days that the user credential will remain valid, after which the user must choose a new password. |
Password Complexity |
|
Apps Apps provisioned to the device by the Effective Policy.
Element | Description |
---|---|
App Name |
The name of the app, Web app, or shared folder app. |
Description |
A short description of the app set by the individual that added the app to the Mobile Security Manager. |
Containerized |
Yes indicates that the app has been secured using the Oracle Mobile Security Suite App Containerization Tool. Containerization adds enterprise security services to apps including advanced features such as multi-factor authentication and Integrated Windows Authentication (Kerberos or NTLM). |
Virtual App Type |
Either a Web App that displays in a web browser or a Shared Folder App that connects to a network file share. |
Platform |
Either Apple iOS, Google Android, or both. |
Install on Homepage |
If selected, makes virtual apps appear on the user's main screen or homepage. |
Upgrade Alert |
If selected, the user is alerted when launching an app if an upgrade is available. If the option is not selected, a badge on the catalog app indicates that an update is available, but the system does not alert the user otherwise. |
Device Configurations The pre-configured E-mail, VPN, calendar, and/or Wi-Fi settings provisioned to the device by the Effective Policy.
Element | Description |
---|---|
Type |
One of the following device setting types:
For more information, see Chapter 6, "Device Configurations Help." |
Configuration Name |
The name of the device configuration applicable for this device setting type on this device. |
Configuration Description |
A short description of the device configuration applicable for this device setting type on this device. |
"Managing Devices and Workspaces" in Administering Oracle Mobile Security Suite
Click a Workspace icon to open Workspace management controls and view additional details. This section provides details about Workspace management controls.
Use this view to:
Manage a specific Workspace on a specific device
View detailed information about a specific Workspace
This view is arranged in the following sections:
Use the buttons to secure data in the Workspace.
Element | Description |
---|---|
Lock (Unlock) |
Locks or unlocks the Workspace. An administrator can unlock the account using the Mobile Security Manager console. (The end-user cannot unlock a locked Workspace account using the Self-Service console.) To lock the Workspace remotely when it is unlocked, click Lock. To unlock the Workspace remotely when it is locked, click Unlock. Once the Workspace is unlocked, the user has to log in. |
Wipe | Resets the Workspace to its original system state by erasing all of the stored data. This action does not remove the Workspace app. The user can log in to the Workspace again by providing their credentials, but all previously stored data will be lost. |
Reset Passcode |
Resets the passcode to a new randomly generated passcode that is displayed on the screen. The user must enter the new passcode the next time they open the Workspace.
Note: The Reset Passcode button is only available if the Workspace is enrolled using certificate-based (PKINIT) authentication. This button will be available if a certificate is present, even though a PIN may not be required. |
Element | Description |
---|---|
Details |
Click to:
|
Apps |
Click to:
|
Activity |
Click to:
|
Credentials |
Click to:
|
Policies |
Click to:
|
View device and Workspace properties from this tab.
Element | Description |
---|---|
Name | The package name of the Secure Workspace app. |
Description |
A short description of the type of device. |
Identifier |
A unique identifier assigned to the Workspace by the Mobile Security Manager. |
Version |
The version of the Workspace app. |
Platform |
Indicates the operating system software installed on the device. Either iOS or Android. |
Platform Version |
The version number of the operating system software installed on the device. |
Compliance Level |
One of the following:
|
State |
The Mobile Security Manager registration status of this Workspace. One of the following:
|
User |
The user ID of the user who enrolled the device with the Mobile Security Manager system. |
Enrollment Time |
Timestamp that indicates when the Workspace was enrolled with the Mobile Security Manager system. The recorded time is the time at the Mobile Security Manager server, not the time where the device is located. |
Last Sync Time |
Timestamp that indicates when the Workspace was last synchronized with the Mobile Security Manager system. The recorded time is the time at the Mobile Security Manager server, not the time where the device is located. |
Element | Description |
---|---|
Manufacturer Device ID |
The unique identifier assigned to a device by the manufacturer. |
Gateway URL |
The configuration URL for the Workspace app hosted by the Mobile Security Access Server. |
Model |
The model name of the device that the Workspace is installed on, for example: iPhone 3S, SM-N900, or Nexus 5. |
Workspace Name |
The package name of the Secure Workspace app. |
Workspace Version |
The version of the Workspace app. |
View apps deployed in the Workspace from this tab.
Click the app name to view the app details in a pop-up.
Element | Description |
---|---|
Search |
Search for an app by name or leave the search box empty to display all apps installed in the Workspace. |
App Icon Grid (Search Results section) |
Displays applications installed in the Workspace that meet the search criteria. |
Search a log of Workspace activity from this tab.
Search Section and Page Controls
Element | Description |
---|---|
Search |
Search for an event by typing an event key word. Search looks across fields for matching strings. |
View |
Choose from the menu to control how the search results are displayed:
|
Sort |
Choose from the following:
|
Events (Search Results) Section
Element | Description |
---|---|
Event |
The name of the logged event. |
Event Source |
Indicates if the event was initiated by the Device, or if it was initiated by a command sent from the Mobile Security Manager. |
Initiated By |
Indicates the user or system that initiated the operation, for example the SecureWorskpace, or a specific user, such as the end user or an Admin user. |
Location |
The latitude and longitude coordinates where the event took place. If latitude and longitude are not available then this field will be empty. The coordinates will not be available if the user chooses to not allow location services for the Secure Workspace app. |
Date/Time |
The timestamp when the even occurred. |
View details about certificates provisioned to the Workspace.
If no certificates are present, this tab is hidden.
This tab is only shown when a Workspace is configured to authenticate using a certificate (PKINIT-based authentication).
Element | Description |
---|---|
View |
Choose from the menu to control how the search results are displayed:
|
Serial Number |
The serial number that uniquely identifies the certificate. |
Expires On |
Date and time that the certificate will stop being valid. The certificate should be renewed or replaced prior to this date. |
Created On |
Date and time that the certificate was created. |
Issued By |
The name of the certificate authority that issued the digital certificate. |
Primary |
Indicates if this certificate is the primary authentication certificate for this Workspace used for communication with the Mobile Security Manager. |
View the Effective Policy for the Workspace from this tab.
The list of mobile security policies that are applicable for this Workspace. Click an applicable policy name. The read-only policy details are shown in a pop-up.
The mobile security policy that is enforced on the Workspace. Specifically, the Effective Policy is the merge of elements across all applicable mobile security policies. Device policy attributes (that is, MDM policy attributes) do not apply to Workspace policies.
Authentication The authentication settings applicable to the Workspace as established by the Effective Policy.
Element | Description |
---|---|
Authentication Only |
If selected, hides the Workspace home from the user if the Workspace container is being used purely as an authentication client and not for any app UI. |
Authentication Frequency |
Specifies how often the user sees the login screen:
|
Idle Timeout Period |
If Authentication Frequency is set to Idle Timeout, the length of time without user activity before the system requires the user to authenticate. |
Account Lockout Threshold |
The number of failed authentication attempts allowed before the Account Lockout Action is triggered. |
Account Lockout Action |
The action to take when the Account Lockout Threshold has been exceeded:
|
PIN History |
The number of previously used user credentials (PINs) that the system will retain so as to prevent a user from reusing the same PIN. For example, if PIN History is set to 3 and a user changes an initial PIN of demo1 to demo2 and wants to change it back, they cannot do so until they have changed the PIN to a different value a total of 3 times.
PIN options only apply if your environment uses certificate-based authentication. |
PIN Minimum Length |
The minimum number of characters that the user must enter when creating a user credential (PIN). Set this value anywhere between 4 to 14 characters. |
Shared Workspace Mode |
Configures how the Secure Workspace functions on a device that is shared by multiple users. Choose from the following:
|
PIN Expiry |
Choose Set Days to force the user to choose a new user credential on a regular basis. |
PIN Expiry Duration |
The number of days that the user credential will remain valid, after which the user must choose a new PIN. If the user does not change the PIN, the device is marked as non-compliant. |
PIN Complexity |
Indicates if minimum requirements are enforced when users create user credential (PIN) values. |
PIN Complexity Min Checks |
A number between 1 and 4 that indicates how many of the following Pin must contain... requirements must be satisfied.
If the number of options selected below is greater than the PIN Complexity Min Checks value, users may set their PIN with any combination of options that meets the requirements. For example, if PIN Complexity Min Checks is 2 and all four complexity types are selected, a PIN with any combination of two or more of the requirements is acceptable. |
PIN must contain lowercase |
A check mark indicates that the PIN must include at least one lowercase letter. |
PIN must contain uppercase |
A check mark indicates that the PIN must include at least one uppercase letter. |
PIN must contain special character |
A check mark indicates that the PIN must include at least one non-alphanumeric character. |
PIN must contain numeric |
A check mark indicates that the PIN must include at least one numeric character. |
Workspace/ Apps The allowed Workspace settings as established by the Effective Policy. Except for File Sharing and Copy/Paste, allowed items have a check mark.
Element | Description |
---|---|
Location Settings |
Allows device location coordinates to be collected from the device if the user has allowed location services during installation. If disabled, the user is not asked to accept location services during installation and user location is not tracked. |
Offline Access |
Allows the user to access the information already in the container when the user is offline. If disabled, users cannot access the Secure Workspace unless they are online and logged in. |
|
Allows the user to send e-mail messages from the native OS e-mail client. |
Instant Messaging |
Allows the user to send instant messages from the Secure Workspace. |
Video Chat |
Allows the user to access video chat functionality such as FaceTime. |
Social Share |
Allows the user to access social sharing through integrated services such as Facebook or Twitter. |
|
Allows Workspace apps to print to a printer. |
Redirects to Workspace |
Allows apps outside the Secure Workspace to redirect a URL into the Workspace. |
Save to Media Gallery |
Allows photos, images, and videos to be saved to the local media store on the device. |
Save to Local Contacts |
Allows user contacts to be saved to the contacts manager on the device. |
Redirects From Workspace |
Allows the Secure Workspace to redirect to an app outside the Workspace with a custom URL scheme. |
(Restrict) File Sharing |
If checked, restricts the ability of the user to share files outside the Secure Workspace. |
(Restrict) Copy/Paste |
If checked, copy and paste is only allowed inside the Secure Container, containerized apps, or between containerized apps, but not to apps outside the Secure Workspace. |
Application Settings The Workspace Apps settings as established by the Effective Policy.
Element | Description |
---|---|
Browser |
Indicates browser settings as follows:
|
Doc Editing |
Indicates doc editing settings as follows:
|
File Manager |
Indicates file manager settings as follows:
|
File Manager Server Based URL |
If the File Manager function is enabled, this is the URL of the File Manager service that provides access to network file shares. |
PIM |
Oracle Secure Mobile Mail Manager (the personal information manager app) covers e-mail, calendar, contacts, and notes. Indicates settings as follows:
|
E-mail Server URL |
The URL of the e-mail server that the personal information manager app will connect to. |
Basic ActiveSync Authentication |
Indicates if Basic authentication is enabled. |
Configuration Type |
One of the following:
|
Time Access / Geo Access These Effective Policy settings restrict access to the Workspace by time and/or location. When these policies are violated the Workspace automatically locks, and when they are back in compliance the Workspace automatically unlocks.
Element | Description |
---|---|
Time-fence |
Shows up to five access windows between 12:00 midnight and 11:59 pm that can be set to restrict user access to the Workspace. The time in the From column specifies the time that restricted access should start, and the time in the To column specifies the time that restricted access should end. |
Geo-fence |
Shows the cities, states, or countries where access to the Worksapce is allowed. If no Geo-Fence is defined the policy defaults to no geo-location restrictions. |
Apps Apps provisioned to the Workspace by the Effective Policy. Only the apps listed can be installed in the Workspace. These apps show up in the user's App Catalog inside their Workspace, if enabled.
Element | Description |
---|---|
App Name |
The name of any apps, Web apps, or shared folder apps that are assigned to this Workspace policy. |
Description |
A brief note regarding the app created by a Mobile Security Manager administrator. |
Containerized |
Indicates if the iOS or Android app is containerized. Containerization adds enterprise security services to apps including advanced features such as multi-factor authentication and Integrated Windows Authentication (Kerberos or NTLM). |
Virtual App Type |
Indicates if the app is a Web App that runs on a remote server and displays in a Web browser, or a Shared Folder App that users can mount on the Workspace. |
Platform |
Either iOS or Android or both. This field applies to Apps, but not Virtual Apps. |
Install on Homepage |
If selected, makes virtual apps appear on the Secure Workspace's home screen. |
Upgrade Alert |
If selected, the user is alerted when launching an app if an upgrade is available. If the option is not selected, a badge on the catalog app indicates that an update is available, but the system does not alert the user otherwise. |
"Managing Devices and Workspaces" in Administering Oracle Mobile Security Suite