N-central Help

Mobile device profile properties

Configure the mobile device properties in SolarWinds N-central to montior and connect with mobile devices.

  1. Click ConfigurationMobile DevicesProfiles.
  2. Click Add and select a profile type from the drop-down menu.
  3. When done configuring a profile, click Save.

Credentials MDM profiles

Credentials Profiles provide device authentication through two different types of certificates: Trusted Certificate or Personal Identity. The certificate type is determined by the file extension as described below. All other file types will be identified by SolarWinds N-central as Unknown and are unavailable for selection in other MDM Profiles.

  Property   Property Description Supported OS
Android iOS

Credential Name

A user-defined identifier for the credentials to be used by the Profile.

Credential Type

Identifies the type of credential used by the Profile as one of the following:

  • .cer (X.509 certificate with RSA key)
  • .crt (X.509 certificate with RSA key)
  • .der (X.509 certificate with RSA key)
  • .pfx (PKCS12 identity certificate)
  • .p12 (PKCS12 identity certificate)
n/a n/a

Certificate

The file name of the certificate.

Password

The security password required to use the certificate. Select Show Password to reveal the password as it is typed.

Email MDM profiles

Configure POP or IMAP email accounts for the user. Mobile devices support industry-standard IMAP4 and POP3 mail solutions on a range of server platforms including OS X, Windows, UNIX, and Linux.

  Property   Property Description Supported OS
Android iOS

Account Description

A user-defined description of the email account. This will be displayed in Mail and Settings applications.

Account Type

Select the type of email account.

Path Prefix

IMAP configuration used to synchronize email folders.

User Display Name

The user name for the email account.

Email Address

The full email address for the account.

Allow Move

Select to give permission for messages to be moved out of this email account to another account. This setting also prevents forwarding or replying from a different account than the account from which the message was originated.

Use S/MIME

Select if the email account supports the S/MIME (Secure/Multipurpose Internet Mail Extensions) standard for public key encryption and signing.

Configure the following settings, except where indicated, for both the Incoming Mail and Outgoing Mail server. To configure a setting for both types of mail server, select the appropriate tab.

Mail Server

The host name or IP address of the mail server.

Port

The port number for the mail server. If no port number is configured, SolarWinds N-central uses the default port value for the protocol.

User Name

The user name for the email account.

Authentication Type

Select an authentication method.

Password

The security password for the email account.

Select Show Password to reveal the password as it is typed.

Use SSL

Select to use SSL for authentication on the email server.

Outgoing Password Same As Incoming

Select to use the same security password for the email account for the outgoing and incoming mail server.

This property is only available on the Outgoing Mail tab.

Use Only in Mail

Select to enable an Exchange ActiveSync security feature. This prevents third-party applications from sending messages from this email account.

This property is only available on the Outgoing Mail tab.

Exchange MDM profiles

Configure a user's properties for Microsoft Exchange servers. You can create a profile for a specific user by configuring the user name, host name, and email address, or you can configure just the host name which will prompt users to configure the other properties when they install the profile on their mobile device.

  Property   Property Description Supported OS
Android iOS

Account Name

The identifying name of the email account.

Exchange ActiveSync Host

The host name or IP address of the Exchange ActiveSync Host.

Allow Move

Select to give permission for messages to be moved out of this email account and into another account. This property also prevents forwarding or replying from a different account than the account from which the message was originated.

Use Only in Mail

Select to enable an Exchange ActiveSync security feature which prevents third-party applications from sending messages from this email account.

Use SSL

Select to use SSL for authentication on the Exchange ActiveSync Host.

Use S/MIME

Select if the email account supports the S/MIME (Secure/Multipurpose Internet Mail Extensions) standard for public key encryption and signing.

Domain and Username

The domain name and user identification.

Email Address

The full email address for the account.

Password

The security password for the email account that will be used by the Exchange ActiveSync Host. Select Show Password to reveal the password as it is typed.

Past Days of Mail to Sync

Select the value to determine how many email messages appear in the Exchange mail account.

Identity Certificate

Select the .p12 Identity Certificate tor accounts that allow authentication using a certificate.

Make Identity Certificate Compatible with iOS 4

Select to provide compatibility for iOS 4 device certificate handling.

This feature should not be enabled for iOS 5 and higher devices.

Passcode MDM profiles

Configure device policies when Microsoft Exchange passcode policies are not being used. You can determine whether passcodes are required to use devices, and you can also configure the characteristics of passcodes and how often they must be changed. When the Passcode Profile is installed, the user is immediately required to enter a passcode that meets the configured policies. Without a valid passcode, the profile will not be installed.

  Property   Property Description Supported OS
Android iOS

Allow simple value

Select to allow simple passcodes. A simple passcode is defined as containing repeated characters or characters that increase or decrease. For example, 123 or ABC.

Require alphanumeric value

Select to require users to type alphabetic characters, for example, abcd. If not selected, only numeric values are acceptable as passcodes.

Minimum passcode length

Select the minimum number of characters that valid passcodes are limited.

Minimum number of complex characters

Select the minimum number of complex characters that must be used in a valid passcode. Complex characters are non-alphanumeric characters including the ampersand (&), percent (%), dollar sign ($), and number sign (#).

Maximum passcode age (in Days)

Select the maximum number of days that a passcode can remain valid without being changed. After the time limit has expired, the user will be forced to change the passcode before the mobile device can be unlocked. The maximum is 730 days.

Auto-Lock

Select the number of minutes that a mobile device can be idle, without being unlocked by the user, before it is locked. Once the time limit expires, the device is locked and the passcode must be used to unlock the device.

Passcode history

Select the minimum number of unique passcodes that can be configured before a previously-used passcode is allowed to be re-used.

Grace period for device lock

Select the maximum number of minutes a mobile device can be locked before a passcode is required to unlock the device.

Maximum number of failed attempts

Select the maximum number of failed attempts to enter the passcode that are allowed. Once this limit is exceeded, user data on the device is erased and the designated backup (located on iTunes for iOS devices) must be restored in order for the mobile device to be unlocked.

Restrictions MDM profiles

Restrictions Profiles enables you to enforce mobile device usage policies by restricting users from performing specific functions with the devices.

For more information on the specific functions of the mobile device that can be controlled using a Restrictions Profile, refer to the technical documentation for the device.

  Property   Property Description Supported OS
Android iOS
DEVICE FUNCTIONALITY - Restrictions to be placed on physical functions of the mobile device.

Allow installing apps

Restricting this feature disables the App Store and removes its icon from the Home screen. Users are unable to install or update apps using the App Store or iTunes.

Allow use of camera

Restricting this feature completely disables cameras and the Camera icon is removed from the Home screen. Users cannot take photographs or videos, or use FaceTime with iOS devices. Note that this feature is only supported on Android devices using Android 4.0.x and later.

Allow FaceTime

Restricting this feature prevents users from placing or receiving FaceTime video calls.

Allow screen capture

Restricting this feature prevents users from saving a screenshot of the display.

Allow automatic sync while roaming

Restricting this feature forces devices that are roaming to sync only when an account is accessed by the user.

Allow Siri

Restricting this feature prevents users from using Siri, voice commands, or dictation.

Allow Siri while device locked

Restricting this feature forces users to unlock the device with their passcode before using Siri.

Allow voice dialing

Restricting this feature prevents users from dialing their phone using voice commands.

Allow In-App Purchase

Restricting this feature prevents users from making purchases while using applications.

Force user to enter iTunes Store password for all purchases

Restricting this feature forces users to enter their Apple ID password before making any purchase.

Allow multiplayer gaming

Restricting this feature prevents users from playing multi-player games in the Game Center.

Allow adding Game Center friends

Restricting this feature prevents users from adding friends in the Game Center.

APPLICATIONS - Restrictions to be placed on the use of applications with the mobile device.

Allow use of YouTube

Restricting this feature disables the YouTube application and removes its icon from the Home screen. Note that the YouTube application is included with iOS 5 and earlier.

Allow use of iTunes Store

Restricting this feature disables the iTunes Store and removes its icon from the Home screen. Users cannot preview, purchase, or download content.

Allow use of Safari

Restricting this feature disables the Safari web browser and removes its icon from the Home screen. This also prevents users from opening web clips.

Enable autofill

Restricting this feature disables the capability for Safari to cache entries that users make in common web forms.

Force fraud warning

Restricting this feature disables the capability for Safari to prevent the user from visiting web sites that have been identified as being fraudulent or compromised.

Enable JavaScript

Restricting this feature prevents Safari from recognizing JavaScript on web sites.

Block pop-ups

Restricting this feature disables Safari's blocking of pop-up advertising.

Accept Cookies

You can choose to accept all cookies, accept no cookies, or reject cookies from sites that have not been directly accessed.

iCLOUD - Restrictions to be placed on iCloud functionality of the mobile device.

Allow backup

Restricting this feature disables the capability for users to back up their mobile device to iCloud.

Allow document sync

Restricting this feature disables the capability for users to store documents in iCloud.

Allow Photo Stream

Restricting this feature disables the capability to use Photo Stream. Installing a configuration profile with this restriction will erase Photo Stream photos from the user's mobile device and prevent photos from the Camera Roll from being sent to Photo Stream. If there are no other copies of these photos, the files may be lost.

SECURITY AND PRIVACY - Restrictions to be placed on security and privacy functions of the mobile device.

Allow diagnostic data to be sent to Apple

Restricting this feature disables the capability for iOS diagnostic information to be sent to Apple.

Allow user to accept untrusted TLS certificates

Restricting this feature disables the capability for users to be prompted to trust certifications that cannot be verified. This setting applies to Safari and to Mail, Contacts, and Calendar accounts.

Force encrypted backups

Restricting this feature disables the capability for users to select whether device backups performed in iTunes are stored in an encrypted format on their computer. If any profile is encrypted and this feature is enabled, encryption of backups is required and enforced by iTunes.

CONTENT RATINGS - Restrictions to be placed on ratings functions of the mobile device.

Allow explicit music and podcasts

Restricting this feature disables explicit music or video content in the iTunes Store. Explicit content is flagged by content providers (for example, record labels) when it is listed on the iTunes Store.

Ratings Region

Select the region to be used for applying ratings. Content ratings systems differ between countries and regions.

Movies

Select the maximum rating to be allowed for movies viewed on the mobile device (ratings system based on the Ratings Region selected).

TV Shows

Select the maximum rating to be allowed for television programs viewed on the mobile device (ratings system based on the Ratings Region selected).

Apps

Select the maximum rating to be allowed for applications installed on the mobile device (ratings system based on the Ratings Region selected).

VPN MDM profiles

Configure virtual private network settings for connecting mobile devices to your network.

The properties configured in a VPN Profile cannot be modified by the mobile device user.

  Property   Property Description Supported OS
Android iOS

Connection Name

The identifying name of the VPN connection. This name will be displayed on the device when VPN connections are established.

Connection Type

Select the type of VPN connection.

Server

The host name or IP address of the VPN server.

Account

The name of the user account to be used for the VPN connection.

User Authentication

Select the authentication type for establishing a VPN connection.

This is not used for PPTP or IPSec VPN connections.

Shared Secret

The pre-shared key (PSK) or shared secret to be used for this VPN account.

This is only used for L2TP and IPSec (Cisco) VPN connections.

Encryption Level

Select the level of data encryption to be applied to the VPN connection.

This is only used for PPTP VPN connections.

Machine Authentication

Select the authentication type for establishing a VPN connection.

This is only used for IPSec (Cisco) VPN connections.

Group Name

The group identifier to be used for the VPN connection.

This is only used for IPSec (Cisco) VPN connections.

Use Hybrid Authentication

Select to authenticate the VPN connection using a Shared Secret, the User Name, and a server-side certificate.

This is only used for IPSec (Cisco) VPN connections.

Prompt for Password

Select to prompt the user to type a password when establishing a VPN connection.

This is only used for IPSec (Cisco) VPN connections.

Password

The security password for the account that will used to establish the VPN connection. Select Show Password to reveal the password as it is typed.

This is not used for L2TP, PPTP, and IPSec (Cisco) VPN connections.

Realm

The user realm to be used to authenticate a Juniper SSL VPN connection.

This is only used for Juniper SSL VPN connections.

Role

The user role to be used to authenticate a Juniper SSL VPN connection.

This is only used for Juniper SSL VPN connections.

Login Group or Domain

The SonicWALL Mobile Connect Login Group or Domain that will be used for the VPN connection.

This is only used for SonicWALL Mobile Connect VPN connections.

Custom Data

Click + to configure user-defined keys and values for customized SSL VPN connections.

This is only used for Custom SSL VPN connections.

Send All Traffic

Select to route all network traffic through the VPN connection.

Proxy

Select the type of proxy configuration to use for the VPN connection.

If Manual is selected, the Server host name or IP address, Port, Authentication, and Password must all be configured to allow VPN connections to be made. If Automatic is selected, the Proxy Server URL must be configured.

WiFi MDM profiles

Configure how mobile devices connect to wireless networks. For the mobile device user to initiate a WiFi connection, these configure these properties to t match the requirements of the WiFi network.

  Property   Property Description Supported OS
Android iOS

Service Set Identifier (SSID)

The public identifier of the wireless network mobile devices connect to.

Auto Join

Select to cause the mobile device to automatically connect to the target network.

Hidden Network

Select to indicate that the target network is not open or broadcasting.

Security Type

Select the type of encryption to use when connecting to the target network.

Android devices support WEP, WPA or Any encryption secured with a Password but do not support Enterprise Encryption.

see note

Enterprise Encryption

Select to enable the configuration of protocols, authentication and trust for connecting to enterprise-level Wifi networks.

Selecting this property will display the tabs:

  • Protocols - select supported security protocols,
  • Authentication - configure user names, passwords and certificates for authentication, and,
  • Trust - select trusted certificates and trusted server certificate names.

Password

The security password for the account to establish the WiFi connection. Select Show Password to reveal the password as it is typed.

Proxy

Select the type of proxy configuration to use for the WiFi connection.

If Manual is selected, the Server host name or IP address, Port, Authentication, and Password must all be configured to allow VPN connections to be made. If Automatic is selected, the Proxy Server URL must be configured.