This tour will show all the options available in your Account Settings
Account Settings is where you’ll take care of most things to do with the functionality of your account, such as APNs certification, billing, admin users and embedding the Manager SDK. This screen has four tab options that display on the left side of the screen.
1 – Payment Settings
Payment Settings displays whether your account is active and includes the phone number and email address of Moki’s billing department. When a user logs into an expired account they will be sent to this screen where they will see their account status as being expired and information on contacting us. If an account is expired information can still be viewed but not controlled. As soon as the account is activated again controls will resume. If the account has been expired past the APNs certification expiration date then all devices will need to be enrolled in Manager again.
2 – Security Settings
Security Settings has several functions for both Android and iOS platforms. This is where the APNs certification for iOS devices is created, approved OS version, IP limitations and Moki Support access. We’ll go over the features below.
- Get MDM Profile – This contains a configuration profile that is downloaded onto your computer to be imported into Apple Configurator. It contains a link back to the Manager account and is not tied to any enrollment template. The simpler approach for this function would be to download the configuration profile that is available when creating enrollment templates. See this article titled iOS MDM Account Setup with Apple Configurator – (Video) for instructions.
- Get MDM Profile – This contains a configuration profile that is downloaded onto your computer to be imported into Apple Configurator. It contains a link back to the Manager account and is not tied to any enrollment template. The simpler approach for this function would be to download the configuration profile that is available when creating enrollment templates. See this article titled iOS MDM Account Setup with Apple Configurator – (Video) for instructions.
- APNs Setup – Apple Push Notification cert (APNs) is required if using iOS devices in MDM. These three steps tell Apple servers that Manager is authorized to send commands to any devices enrolled in this account. The technical process is as follows:
- Download the Intermediate Certificate – Simply download and save this file to the computer. It contains the Manager credentials that Apple needs to verify the validity of Manager MDM platform.
- Upload the Intermediate Certificate – Goes to Apple’s Push Certification Portal where you’ll login with the Apple ID you are using for your account. It is important that this is an Apple ID that you can use for the duration of the Manager account as it cannot be changed. Typically companies will use a company wide ID or create one for this purpose, that way if an employee leaves the company they don’t take it with them. Follow the prompts to create a certificate. The final step will be to download and save the cert to your computer.
- Upload the Certificate Downloaded from Apple – Upload the cert that you just downloaded from Apple’s Push Certification Portal in the previous step.
- Current Certificate Details – After the cert has been successfully created and uploaded you will see the cert information, including the expiration date. This process will need to be repeated before the expiration date of this cert. The different is that instead of creating a new cert you’ll be renewing the one you just created.
- Approved OS Versions – Click in the text box to select iOS versions that you approve of, then hit save. These can be used to trigger alerts if any devices fall out of line with the list. Because OS’s update so frequently, if you choose to use this function you’ll want to make sure it is updated. To learn more about setting up alerts see the article Manager Tour 7 – Alerts Tab.
- APNs Setup – Apple Push Notification cert (APNs) is required if using iOS devices in MDM. These three steps tell Apple servers that Manager is authorized to send commands to any devices enrolled in this account. The technical process is as follows:
- Limit Access by IP Address – This will limit the access to Manager to the IPs listed here. As the message states, use this carefully as you can not only lock yourself out until the computer is at the listed IP but you may lock out others. There is no way for Moki to remove this restriction once it has been activated as we will be restricted as well. You’ll need to find the person who configured this settings and get your computer to that IP to change it, then you might want to consider removing the restriction at that point unless it is necessary.
- Limit Access by IP Address – This will limit the access to Manager to the IPs listed here. As the message states, use this carefully as you can not only lock yourself out until the computer is at the listed IP but you may lock out others. There is no way for Moki to remove this restriction once it has been activated as we will be restricted as well. You’ll need to find the person who configured this settings and get your computer to that IP to change it, then you might want to consider removing the restriction at that point unless it is necessary.
- Support Access – This isolates your account from any Moki personnel from accessing your account information, including troubleshooting, offering support, etc. Use this with caution or enable it just prior to submitting an issue. This does prevent us from accessing account information.
3 – Admins
Displays all those allowed to administer devices in Manager. Each user needs to be invited by an Admin. When an account is created Moki gives Admin access to our contact. After that it is up to that contact to add more admins. Once an admin has been created it will show up in this list for other Admins to edit permissions on. We’ll go through the options.
- Invite Admin Button – Pops-up the invitation box with the following options
- First name of the invitee
- Last name of the invitee
- Email address of the invitee
- Role – There are three roles, Admin, User and Viewer. See the chart below for specific permissions. But basically Admins can do everything, including editing and removing other admins, Users can add things but not delete and Viewers can see most everything in the account
- Add Tags – Limit the devices a user can see to the devices containing these tags. This is helpful when there are several sales people or account managers with access to Manager. These tags limit them to only see their specified devices and not anyone else’s.
- Invite – Sends the invitation to their email. They will need to login with an email tied to a Google account. Refer to the article titled Accepting an Admin Invitation to know more.
- Admin List – Displays the emails that were used to login with. All of these emails are tied to the Google account that was used when they accepted the invitation. You’ll see their name, email address and an editable admin level. If you hover over the name you’ll see that two fields are displayed, and Edit button and a Remove Admin button. Only Admins have access to this section of Manager and can change or edit another users access, including other Admins.
4 – Developer Tools
This is where information relating to the Manager SDK is found. If you have not advised Moki that you would like to use our SDK then this feature will not be enabled. Advise your TAM, support agent or sales executive of your desire to use our SDK and we’ll enable this feature. You will need to provide the app name exactly as it will be in the finished app. Once this has been enabled you’ll find the following options
- MokiManage SDK Documentation – This button will take you to the SDK Documentation for using the SDK on Android and iOS. The documentation has a link to download the actual SDK so just read the docs. Documentation can be found on GitHub.
- MokiManage SDK Documentation – This button will take you to the SDK Documentation for using the SDK on Android and iOS. The documentation has a link to download the actual SDK so just read the docs. Documentation can be found on GitHub.
- Tenant ID – This is the ID to your Manager tenant. This is used to automatically enroll the app in Manager. This enrollment is necessary in order to see any device information as it builds a bridge between Manager and the app. The SDK documentation explains exactly where to place this ID in your app.
- Tenant ID – This is the ID to your Manager tenant. This is used to automatically enroll the app in Manager. This enrollment is necessary in order to see any device information as it builds a bridge between Manager and the app. The SDK documentation explains exactly where to place this ID in your app.
- App Information – Show the following information
- App Key – The documentation explains where the App Key is used in the app
- App ID – The ID of the app
- Security App – If you choose to enable the Compliance section of the Manager SDK let Moki know so we can enable additional remote management features. Click the Manage Rules button to see your options.
- Settings
- Thresholds – Drag the white bars to determine what warrants a green, yellow or red alert
- Reset Default – Restores the Thresholds to their default settings
- Display Preferences – Turn On or Off OS vulnerabilities
- App Version – Set the version of the app that is allowed. A device with a different app version will be given a higher app score
- iOS – All options are on by default. The PCI compliance score is listed to the side. Any checked items that a device fails to comply with will cause the associated score to be added to the overall risk. Here are the options.
- iOS Authenticity – Is the device Jailbroken or not
- Verification Process – The app was reviewed by Apple upon submission to the store
- Background Tasks – The app cannot run background tasks without the users permission
- Data Encryption – Is data being encrypted
- iOS Version – Is the latest iOS version installed
- App Version – Does the version of the app on the device match the version of the app in the Settings (details above)
- App Sandbox – The app is run in a sandbox by the Operating System
- Peripherals – Are there any peripherals attached
- Android – All options are on by default. The PCI compliance score is listed to the side. Any checked items that a device fails to comply with will cause the associated score to be added to the overall risk. Here are the options.
- USB Debugging – Is USB debugging allowed
- App Version – Does the version of the app on the device match the version of the app in the Settings (details above)
- WiFi Security – Is the WiFi network secure
- Peripherals – Are there any peripherals attached
- Disk Encryption – Is the data stored on the disks encrypted
- Non-market App Installation – Is non-market app installation allowed
- Near Field Communication – Is near field communication available
- Password Policy – The device requires a passcode (Pattern, PIN, password, etc.) to be unlocked
- OS Integrity – Is the latest Android version installed
- App Information – Show the following information
App Certs
- – All iOS apps need an APNs cert, whether the app is being developed for the store or as an enterprise app. A cert is created through the app developer’s Developer Account. For help setting these up refer to the APNs Setup Guide section of our
- . Click the button of the cert you wish to upload and select the .pem file.
- Store APNs Cert – For apps distributed through the App Store
- Enterprise APNs Cert – For apps distributed with an Enterprise license
- Developer APNs Cert – For use in the developer testing stages