BYODPortal.com Product Guide › byodapp › help › BYODPortal_guide.pdf · day action/audit log,...

1 MobileIron Confidential

BYODPortal.com Product Guide Version 2017.01.10


Contents

Overview and Features ................................................................................................................................. 4

Getting Help .................................................................................................................................................. 4

Core Server Requirements ............................................................................................................................ 4

On-Premise CORE Requirements .............................................................................................................. 4

Connected Cloud CORE Requirements ..................................................................................................... 5

End-User Requirements ............................................................................................................................ 6

Creating A New BYODPortal.com Company Account ................................................................................... 6

Configuration and End User Usage ............................................................................................................... 7

Accessing the Portal .................................................................................................................................. 7

Portal Administration – BYODPortal.com (Cloud Service) ........................................................................ 7

Logging In To the Admin Portal ............................................................................................................. 7

Logging In To the Admin Portal For The First Time ............................................................................... 7

Section: Portal Status & Reports ........................................................................................................... 8

Section: Your Account Settings ............................................................................................................. 8

Converting a Trial Portal Account to Your Subscription ....................................................................... 9

Configuring a Custom Domain Name (CNAME) .................................................................................... 9

Section: MobileIron CORE / Connected Cloud Settings ...................................................................... 10

Section: Your Portal Preferences ........................................................................................................ 11

Section: Terms of Service .................................................................................................................... 17

Further Customizations ....................................................................................................................... 19

Section: Custom Branding / CSS .......................................................................................................... 20

Section: Single Sign On Integration via SAML2 ................................................................................... 22

Section: Integrations ........................................................................................................................... 24

End User Usage – Registering a Device ................................................................................................... 25

Accessing With an Unsupported Device ............................................................................................. 25

Registration Screen ............................................................................................................................. 27

Terms of Service Acknowledgment .................................................................................................... 28

Final Registration Steps ....................................................................................................................... 29

Pending Registrations ......................................................................................................................... 32

Too Many Devices (Limiting Number of Devices per user) ................................................................. 32


Registering via a QR Code ................................................................................................................... 33

BYO.ME ............................................................................................................................................... 33

End User Usage – Managing Your Own Devices ..................................................................................... 34

Logging In To the Portal ...................................................................................................................... 34

The Device Management Screen ........................................................................................................ 34

Multi-User / Shared Device Scenarios .................................................................................................... 39

Customizing BYODPortal Workflow or Adding Your Own Logic ............................................................. 39

Embedding the BYOD Portal In Your Website ............................................................................................ 39

Running the BYOD Portal Update Set for ServiceNow................................................................................ 39

Downloading the Update Set for ServiceNow ........................................................................................ 40

For BYODPortal.com Customers: ........................................................................................................ 40

For Onpremise BYOD Portal Customers: ............................................................................................ 40

Installing the Update Set for ServiceNow ............................................................................................... 40

Configuring the Update Set for ServiceNow ........................................................................................... 42

For BYODPortal.com Customers: ........................................................................................................ 43

For Onpremise BYOD Portal Customers: ............................................................................................ 43

Configuring BYOD Portal ......................................................................................................................... 44

Using the BYOD Portal Update Set for ServiceNow ................................................................................ 44

Managing Devices ............................................................................................................................... 44

Enrolling A New Device ....................................................................................................................... 46

Running BYODPortal On-Premise ............................................................................................................... 50

System Requirements ............................................................................................................................. 50

Server OS and Software Requirements............................................................................................... 50

Server Hardware Requirements.......................................................................................................... 50

Installation .............................................................................................................................................. 50

Portal Administration (On-Premise) ....................................................................................................... 52

Setup and Preferences ........................................................................................................................ 52

Custom Workflow and Code Changes................................................................................................. 52

Upgrading The On-Premise Code ........................................................................................................ 52

Release Notes ............................................................................................................................................. 53


Overview and Features BYODPortal.com is a SAAS based solution meant to enhance and extend an organizations existing MDM

investment. With the service a user can create a custom self-service device management experience for

their end users, allowing users to easily register and manage their corporate connected devices, both

BYOD or corporate liable.

The solution works with your existing MobileIron Mobile Device Management solution (both on-premise and cloud based MobileIron deployments). There is nothing more to install to use BYODPortal.com The solution provides many key features around:

Registration Control

Self Service

Branding & Workflow

Single Sign On

Integration

Fully Customizable Open Code On premise Option (fully customizable workflow, integrations, etc.)

And more

Getting Help BYODPortal is supported by MobileIron Support. If you need product assistance, please contact

MobileIron support or your sales account manager.

Core Server Requirements BYODPortal.com supports integration with MobileIron’s CORE Platform (on-premise deployments), as

well as MobileIron’s Connected Cloud offering (SAAS Based MDM).

BYODPortal.com is currently compatible with the following MobileIron versions: Minimum 4.5.2.

On-Premise CORE Requirements The following is needed in order for BYODPortal.com to integrate with your MDM platform

properly:

Network Access to the MobileIron CORE’s My Phone@Work, Smartphone Manager, API

Connection, and iOS iReg URL portals. over port 443.

o Best practice is to create ACL’s on the MobileIron CORE that only allows access from the

BYODPortal network to the MobileIron API and Employee portal and Admin Portal.


o Here is the list of BYOD Portal IP’s:

54.164.10.146, 54.164.96.242. 54.84.11.118, 54.85.96.208, 54.88.124.155

o Also is best practice to disable self-registration rights on the MI Employee portal if you

plan to allow users to still access the default employee portal. Otherwise only allow

BYODPortal.com to access the employee portal via ACL.

o The picture below shows where in the CORE System portal to configure portal acl's.

Recommended portals to restrict are the My Phone@Work, Smartphone Manager, API

Connection, and iOS iReg URL portals.

A MobileIron account username/password that has API and FULL ADMIN rights to

MobileIron.

To be affective, your CORE must be set to PIN Only or PIN + Username/Password. Do not

use Username/Password only registration to make sure in app registration is disabled.

NOTE: PIN only based iReg/web based registration must be enabled to utilize SSO

features of BYOD Portal. Highly recommended to ensure PIN is turned on for iReg.

Connected Cloud CORE Requirements The following is needed in order for BYODPortal.com to integrate with your Connected Cloud

instance:

A MobileIron account username/password that has API and ADMIN rights to

MobileIron.

To be affective, your CORE must be set to PIN Only or PIN + Username/Password. Do not

use Username/Password only registration to make sure in app registration is disabled.


NOTE: PIN only based iReg/web based registration must be enabled to utilize SSO

features of BYOD Portal. Highly recommended to ensure PIN is turned on for iReg.

End-User Requirements Only thing an end user needs is a web browser. All major web browsers have been tested with

BYODPortal.com. To register a device, an end user needs the USER PORTAL role assigned to

him/her in MobileIron. If USER PORTAL role is not applied, user can not register, but they can

still manage existing devices.

Creating A New BYODPortal.com Company Account To use BYODPortal.com, you must first create an account for your organization. To do that, go to the

BYODPortal.com home page and select the Create An New Account link. The most important part of the

configuration is choosing your account name as it will be part of the URL that users use to register and

manage devices (i.e.: YOURCOMPANYNAME.byodportal.com).

Account names and private URL’s are served on a first come, first serve basis. Follow the instructions

from that point forward. You will be asked to verify your email address. A BYODPortal.com staff member

may contact you to verify your information before your account is activated.

Please note: If your organization has an active, licensed, subscription to byodportal.com, you are

entitled to creating as many portal accounts as you wish during your subscription. When creating an

account, be sure to enter in the Subscription Email address that was set up with your subscription.

Your subscriber email address can be different than your administrator email address. When the

account is created, the service will look to find a valid subscription under the subscriber email, and

send them a verification request.


Configuration and End User Usage

Accessing the Portal There are a few URL’s that will be used to access different parts of your portal:

Admin Site URL:

https://<YOUR_ACCOUNT_NAME>.byodportal.com/admin

This is the address you as an administrator will use to configure and manage your portal.

End User Self-Service Device Management:

https://<YOUR_ACCOUNT_NAME>.byodportal.com OR

https://<YOUR_ACCOUNT_NAME>.byodportal.com/manage

This is the address your users will use to login from their devices or desktops to manage their

devices that are currently managed by your MDM.

End User Self-Service Device Management:

https://<YOUR_ACCOUNT_NAME>.byodportal.com/reg

This is the address your users will use to register a new device. This is accessed from the device

they are trying to register.

CNAME Support: If you configured a custom domain name to use with this service (see CNAME

support), your end users will access the service at http://yourdomain for the employee self

service portal and http://yourdomain/reg for device registrations. The admin URL remains the

same as shown above.

Portal Administration – BYODPortal.com (Cloud Service)

Logging In To the Admin Portal

The admin will login to the admin URL (specified in the Accessing the Portal section of this

document). The username is the email address of the admin that was used when they created

the account as well as the password.

Logging In To the Admin Portal For The First Time

Your portal will be disabled until you finish configuring it. When you login for the first time, the

portal will prompt you to finish configuring the items needed in order to enable it.


Section: Portal Status & Reports

In this section you can see the status of your portal as well as run some reports including a 30-

day action/audit log, a Registration trend report over last 12 months, a device breakdown report

from your MDM solution, and a device info CSV export.

Section: Your Account Settings

In this section, you can manage your admin contact information as well as your company display

name. All your custom URL’s will show here as well.


Converting a Trial Portal Account to Your Subscription

You may convert a trial portal to production provided you have the subscriber email address for

your organization. Enter the email address in the Subscriber Email field and a verification

request will be sent to the company subscription contact. Once they verify the request via email

by clicking a link, the portal will be associated with your company account.

Configuring a Custom Domain Name (CNAME)

You may enter a custom domain name to be used with this portal. Requires you setup a CNAME

record for that address to point to CNAME.BYODPORTAL.COM. Leave blank if no custom

domain name will be used. If configured, your end users can use your custom domain to access

the BYODPortal, and the BYODPortal.com domain will be replaced on all end user facing screens

with your custom domain (ie, "To register a new device go to http://companydomain/reg.")


Note: The address bar will redirect to a URL that still shows a byodportal.com address to avoid

SSL certificate warnings.

Section: MobileIron CORE / Connected Cloud Settings

In this section, you specify specifics for your MDM server implementation. This includes your

implementation type (onsite vs. cloud), your MDM URL and API user name and password.

Connectivity will be tested upon saving the configuration.

NOTE: The MDM Account entered MUST HAVE FULL ADMIN AND API rights to your CORE.

Multiple/Conditional VSP/Cor/ Cloud Servers

The Core server entered above is the primary Core/VSP that is used for all end user

authentication and LDAP lookups. You have the ability to configure additional Core


servers and apply logic as to how you want devices spread across the cores by either

round robin, device type (user agent), device ownership, or user LDAP group.

Distribute which Core servers you want devices to enroll to by LDAP Group Name, by

Device User Agent Identifier (ie, entering 'contains' and 'iPad' would match the iPad's

user agent string), user ownership selection, or Random selection. If you choose the

'Migrate' option, the portal will migrate users from that specified Core server by un-

enrolling all of their devices from the server specified to the proper new Core server.

Setting Type and Logic only applies to device enrollment. Self service management

portal will automatically pull all devices for a user across all portals. Rules are run and

matched in the order they are entered. If a condition is not matched, then the default

core will be used to enroll the device. Admin username and password from the default

Core server are used for all additional cores.

Section: Your Portal Preferences

In this section, you can customize your portal experience for your end users.


Enable and Disabling of Mange and Registration Portals

You have the ability to use both the self service management portal and registration portal

(default) or just one. Disabling the Manage Portal will redirect a user to the registration portal.

Disabling the Registration portal will direct the user to the manage portal. Disabling both will

show a disabled message to the end user.

Default Language and Language Detection

BYOD Portal supports 9 languages in both admin and end user portals. Languages supported are

English, Spanish, French, Italian, German, Japanese, Korean, Chinese Simplified, Chinese

Traditional. By default, BYOD Portal will attempt to detect the default language of the end user

device and display the appropriate language. Otherwise, the default Language will be chosen.

If you wish to have everyone view the same language, regardless of the device language they

are accessing from, select the DETECT USER LANGUAGE option to OFF. This will force all users to

the default language selection.

End User Helpdesk Contact Instructions

Enter in your IT helpdesk contact information so that end users can be directed what to do in

case of any issues or questions they run into. This portion supports HTML. Videos can be

embedded providing end users with video tutorials.


Max Number of Devices

Choose the maximum number of devices a user can have registered at any time. If the user is

over that amount, they will be notified during the registration process and asked which devices

they no longer want any more.

Conditional Device Limits

The limit specified above is the default device limit for users. However you can apply

conditional limits based on the LDAP Group membership of a user. If the user doesn't

match any conditions, the default will be enforced.


Set Device Ownership

You may let users choose device ownership during registration, or lock in ownership in advance

for all users registering through the portal.

Allow Users To …

Choose if you want to allow users the ability to view apps, locate their device, unlock, lock,

retire (remove from management and selectively wipe corporate data and apps from the

device) as well as wipe (erase all data and reset) their devices from the End User Device

Management portal. When an item is switched off. That option is no longer visible to the end

user.

Platforms Supported

Toggle ON or OFF what device OS’s you are enabling to enroll via BYODPortal. If you want to be

more specific for each platform, keep the platform selection off and use the WHITELIST feature

below.

Managing Your Device Whitelist

Your device whitelist allows you to control exactly what device types may be granted access to

the BYOD registration portal and ultimately register against your MDM server. You may enter

any user agent identifier to look for. The device whitelist is treated as an OR condition to the

general platforms supported setting above (for example, if you are looking to only allow a

certain Android device, turn off Android support in the feature above and enter your Android

specifics in the Whitelist). To get a device user-agent, use the web

(http://www.zytrax.com/tech/web/mobile_ids.html) or surf your device to

http://whatsmyuseragent.com/ to learn what unique elements of the agent should be used. You

can also be creative for this. For example, if you want only Android 3 devices to register, you can

enter ‘Android 3’ as the identifier. Device white lists support wild cards in definitions (*).

http://www.zytrax.com/tech/web/mobile_ids.html

http://whatsmyuseragent.com/


Show Pin

Set this to OFF if you do not want to show the end users a registration PIN during the

registration process (for customers that would rather send the PIN via email to user).

Recommended that this is kept ON. When this setting is set to OFF, the auto configure button is

not shown to the end user, instead a message telling user to check their mailbox for the PIN.


Send Registration Email

Set this to OFF if you do not want to the CORE to send its registration email to the user. This

emai template can be customized in the Event Center of the CORE. Default behavior is ON.

Clientless iOS Registration

Choose if you wish to have your iOS users register without the MDM client. PLEASE NOTE: It is

highly recommended to turn this on for devices that are running iOS7 as MobileIron can simplify

the enrollment process with iOS7 by installing and configuring the MobileIron client remotely

after initial clientless enrollment. Also, the iREG / Web based registration setting on the CORE

must be set to PIN for this feature to work properly.

QR Code Display

On by default, disabling this feature will not show end users a QR code as a means for enrolling

devices on the enrollment screens..


QR Code Login

Enable to allow end users to enroll a device via a QR code from the self service portal. If disabled

the QR code will still display but only direct the device to the reg page and prepopulate

username of user but not authenticate user.

Android Sideload Client

Enable to pull the Android client directly from the MobileIron support site. This feature is useful

when Google Play is not accessible for your end users (ie, Users in China, etc.).

Alternate MI Clients

Enable switch between different white labeled carrier solutions.

Pending Device

If disabled, portal will not check to see if a user has existing pending devices. Recommended to

keep this feature ON to keep the core clean of many pending registrations.

Check Role

By default, the portal will determine if a user has User Portal role applied to them or their AD

group before they are allow to enroll a device. If this feature is off, that check will not occur.

Save Data

Default is ON. If set to OFF, BYOD Portal will not store any user actions (registrations, wipe,

located, etc.) in its database. This will disable the action reports in the Admin portal as well as

the end user will no longer be able to see actions taken against his/her device via their device

history report.

Section: Terms of Service

Enter your company’s end user agreement or BYOD terms here. You can also create a link to

external resources. Can be opened in full screen edit mode. Currently BYOD Portal supports one

ToS per portal. If you wish to incorporate multiple languages, it is recommended to have the

ToS displayed in multiple languages (one after another) with hyperlink anchors to each

language. If you wish to have different ToS entirely, you may create multiple BYOD Portal Cloud

accounts, or you may customize the On Premise BYOD Portal app code.


Conditional Terms of Service (End User Agreement)

The Terms of Service entered above is shown by default to end users enrolling a device. If you

wish to have multiple Terms of Service displayed to users based on LDAP Groups, you can Add

Multiple Terms of Service by clicking the Add / Remove / Manage Additional Terms button.


When added the terms can be edited by clicking on the Terms rule which will expand an HTML

editor for those terms in that rule.

Terms Auto-Pop (optional):

Select this option if you would like the End User Terms of Service to automatically pop up when

the user enters the registration page.

Send Confirmation To (optional):

Enter an email address here that you would like to send End User Agreement or Term

acceptance notifications to. Some companies require a proof of acceptance be sent to an audit

or compliance email folder upon end user acceptance. When enabled the email address

specified will receive an email in the following format with the following information:

The following user has accepted device registration terms and has

attempted to enroll a new device:

Username: username

Display Name: First Last

Email: <email address of user>

Date/Time: Wed Mar 5 15:55:29 UTC 2014

IP Address: 192.168.22.103

Platform: iPad

Employee Owned: False

Further Customizations

Further customizations are available today by bringing the BYODPortal On-Premise. Many

customers have opted to use MobileIron’s Open Code version of BYOD Portal to customize the

portal to fulfill specific business needs and workflow. Visit http://www.byodportal.com for more

information.

http://www.byodportal.com/


Section: Custom Branding / CSS

In this section, you can customize the look and feel of the BYOD Portal for your end users.

Custom Background Color

You may further customer the look of your portal by choosing a custom background color for

the scheme you have selected. You must click the ENABLE check box to have the new color

background take effect.


Custom Icon

You may upload your own logo file up to 400 px wide by 250 px high. The UI will automatically

resize to a 50x50 image to use on all your portal pages to brand in addition to your company

name. If you upload a logo bigger than 50x50 it is recommended that you customize the CSS of

the pages so that it displays correctly. Only JPEG, JPG, PNG, and GIF file types are supported. To

reset to the default BYODPortal icon, click the reset icon link.

Default Icon:

Custom CSS

You may alter the CSS of the Manage and Reg portals any way you like to customize the look and

feel to match other corporate assets more closely. Recommended to test CSS customizations

with browser developer tools (IE, Google Chrome Inspect Element option brings up the CSS

validator/tester in the Google Chrome browsers). Below is an example of a portal customized

via CSS:


Section: Single Sign On Integration via SAML2

You may integrate BYOD Portal with your organization’s preferred authentication source via

SAML2. BYOD Portal has been tested with popular SSO technologies from OKTA, OneLogin,

Ping, SecureAuth, Symplified, MS ADFS, and more. BYOD Portal supports Service Provider

initiated based authentication to your organization’s IDP.

SAML2 integration provides the following benefits:

No username/passwords entered in BYOD Portal systems for enrolling and

managing devices.

Allows seamless integration between your organization’s enterprise apps.

Allows for integrating BYOD Portal easily into your corporate employee portals.

By integrating with leading SSO technologies, BYOD Portal device enrollment

and management can be setup for 2 factor authentication.


When you enable the SAML SSO integration, the manage and reg byod portals will not be

accessible if you have misconfigured any of the settings. The admin interface will always remain

accessible.

BYODPortal.com accounts will have a custom Consumer/Target URL supplied in their SAML

form. This is unique to each customer. This does not apply to the onpremise BYOD Portal open

code product.

To configure SSO SAML integration, you will need to obtain your IDP login URL, SSO logout URL,

IDP x.509 certificate (in text format, with BEGIN/END CERTIFICATE TAGS, and publically signed),

as well as obtain which attribute will contain the username of the user to login to BYOD Portal

with (typically usernames are past in the NameID of the assertion).


You will need to provide to your security administrators the BYOD Portal Application Name, the

Consumer/App Url, and in some cases, alert them that BYOD Portal is requesting an “unspecified

NameID format” in its configuration.

If an error occurs, the integration will show the text of the assertion for troubleshooting

purposes. A common error is an invalid timestamp error. There is a Time Offset setting where

you can alter the BYOD Portal clock to match that of your IDP to avoid this error.

Please note: Each BYODPortal.com account has a unique Consumer URL and in many cases the

URL contains trailing characters (IE: ..). Be sure to utilize the whole URL including trailing

characters.

Section: Integrations

In this section, you can enable the packaged third party application integrations that BYOD

Portal Supports.

ServiceNOW Integration

BYODPortal can integrate with your company's ServiceNOW Service Catalog allowing your end

users to manage and enroll their devices (with manager authorization)directly from ServicNOW.

This feature requires that the MobileIron/BYODPortal Update Set be purchased and applied to

your ServiceNOW Cloud instance. The update set can be purchased from your authorized

MobileIron sales representative.


To enable the integration once its purchased, select ON and set your ServiceNOW Secret word.

This secret is used in ServiceNOW to authenticate between the portals via SSO.

Please note: The manage and registration portals will still be accessible via BYOD Portal by

default. To only allow access via ServiceNow, you must disable the portal in the portal

preferences section (See disabling Manage and Registration portals).

See ServcieNow Integration section below for information on how to install and configure the

Update Set as well as more information on how to use the integration.

Blackberry Migration Integration (Beta)

If enabled, this workflow will do the following:

Contact your BES Server to verify if a user does or does not have existing Blackberry

devices connected to a BES Server.

In the case the user does, the user is prompted that if they continue registering their iOS

or Android device that their Blackberry will be deactivated automatically.

When the user continues, the workflow removes the user accounts from the BES,

deactivating and selectively wiping the Blackberry device.

Please Note: This migration workflow is for Blackberry 5.04 only at this time. If using the

migration tool on premise you will need to make sure that the PHP-SOAP php library is installed

on your server.

End User Usage – Registering a Device The registration portal is designed to be accessed by the device that intends to be registered. User

should access via the original default browser on the device. Each page has a timeout of 2 minutes for

security reasons.

Accessing With an Unsupported Device

When your device hits the portal, and if the whitelist option is enabled, a device check takes

place and will either show you the login screen or an unsupported device error screen. Below is

the error screen.


Clicking on the Supported Devices button will show the user what devices are currently

supported by the portal. See following screenshot.


Registration Screen

With a valid device, you will be greeted by the Registration screen customized depending on

what device type you have (iPhone, iPad, Android, etc.). User enters their enterprise

username/password for LDAP authentication. Currently the portal is configured for single

domain registration, but can be customized to allow multiple domain logins. The screen also

contains language around accepting the company’s terms of service with links to the terms. This

screen can also be accessed via the Add A Device tab in the manage portal. If accessed from the

manage portal, the user will automatically be authenticated into the reg portal.


Terms of Service Acknowledgment

The Terms of Service displays via pop-up on the device


Final Registration Steps

The final registration page shows the user the Passcode they need to finish the registration

through the MobileIron client app. The passcode is also emailed to the user. The user then

clicks the link to launch the respective app store to install the MobileIron client.


User will then be greeted with the Congratulations page in the browser after installing the MI

client or immediately in the case of a clientless iOS registration (in which the device will be

prompted to install an MDM profile on the Apple device).

On Android devices, starting with the MobileIron 5.9 Mobile@Work client, Android users have

the ability to auto-configure the MobileIron client. Pin and Core address are displayed when

show Pin is enabled.



Pending Registrations

If a user has Registrations Pending the portal will not allow them to register a new device until

the previous registrations are complete, or the user retires/purges the pending registrations.

Too Many Devices (Limiting Number of Devices per user)

If a user has exceeded the max number of devices they may have actively registered, the

following error message will show telling the user how many too many they have and what the

limit is. If enabled in the config, a user can then retire devices until they are under the max

device threshold.


Registering via a QR Code

BYOD Portal allows user to begin the registration process by scanning a QR Code on the Add A

Device page in the self service portal. The QR code can either just direct the device to the

registration page, or automatically authenticate the user/device through into the registration

portal with no password prompt. This is optional but defaulted to enabled.

View a demo of QR enrollment at

http://www.youtube.com/watch?v=XD7c7qZjQP4&feature=share&list=UUwoBm2D8daoHrFpnI

0rUcEQ

BYO.ME

BYOD Portal provides a quick URL for users trying to quickly install and locate the MobileIron

MyPhone@Work client rather than typing in any complex URL’s or searching by name on the

app store. Users can point their device to http://byo.me to quickly get pointed to the MI client

on the appropriate app store. Desktop users can be linked to the web based app stores by going

to http://byo.me/i for iOS and http://byo.me/a for android. The URL’s can replace the long

URL’s used in the email templates on the MobileIron core server.

http://www.youtube.com/watch?v=XD7c7qZjQP4&feature=share&list=UUwoBm2D8daoHrFpnI0rUcEQ

http://www.youtube.com/watch?v=XD7c7qZjQP4&feature=share&list=UUwoBm2D8daoHrFpnI0rUcEQ

http://byo.me/

http://byo.me/i

http://byo.me/a


End User Usage – Managing Your Own Devices

Logging In To the Portal

User your enterprise or MI server credentials to log into the portal to view your managed

devices. Format will automatically adjust depending if you are accessing from a desktop, tablet,

or phone.

The Device Management Screen

The device management screen displays all devices registered with the Mobile Device

Management service and shows device type, status, and functions such as locate, lock, wake,

unlock, wipe, and remove from management (retire/corporate data wipe).


Understanding Status

If your device is in compliance, it will show a checkmark. Otherwise an alert icon will display.

Hovering over the icon will display the reason the device is out of compliance.

Device Details

The device details pop up will show information such as the wireless carrier, MAC, serial number

and much more.


Viewing Your Apps and Finding Out of Compliance Apps

Clicking the Apps button will display all apps on the user device and highlights app out of

compliance.

Locating A Device

Click the locate icon to popup a map and pin of the last known location of your device. Please

note that at this time BYODPortal.com customers uses Google mapping technology while BYOD

Portal Onpremise uses Mapquest for licensing reasons. Time is displayed in UTC.


Sending an SMS and/or Push Notification Message To A Device

Clicking the Message Device icon will show an input screen where end user may send a message

to their device. This is helpful in finding a device in close quarters, or in case of lost device,

sending a message to someone that may have picked up the device.

Locking and Unlocking a Device

Locking a device will send the device to a lock state where user will have to enter in PIN to gain

access to the device again (if PIN/Password is set on device). When unlocking a device

behaviors are different in each platform. In case of iOS, the password/pin will be cleared and the

user will be prompted to enter in a new one. In case of Android, depending on device, the

device may simply unlock or a temporary password maybe set. The temporary password is

shown on the BYOD Portal screen for the user to reference.


Retiring/Removing a Device

When the Remove button is selected, the device is retired from the MobileIron Core. All

corporate apps, configs, and data are removed from device. Personal data is left behind.

Wiping a Device

Resets device and removes all user data from device, including personal data.

Checking In a Device

A device may be forced to check to report location, new status, details and compliance data as

well as pull new policies and configurations from the MobileIron Core. It may take up to 5

minutes for a device to check in.

Audit Log

A user can view actions taken against his/her device in the last 30 days.


Multi-User / Shared Device Scenarios There are use cases where your users share a device and a device has multiple users logging in and out t

throughout the day (tablets in retail settings or healthcare settings). MobileIron’s CORE now supports

this use case directly. The BYODPortal.com Login&Out App is no longer supported.

Customizing BYODPortal Workflow or Adding Your Own Logic If you require the ability to further customize BYODPortal or would like to use BYODPortal as the

basis/platform on which to build your own in-house mobile device self-service portal, please visit

http://www.byodportal.com for more information on installing the BYODPortal web app on-premise.

Installation and customization services are also available.

Embedding the BYOD Portal In Your Website BYOD Portal can be integrated into your existing company portal via an iframe or frame with basic

unbranded styling optimized for anchoring into another existing portal. All that is needed is to include

the service_view=embed query string at the end of your portal URL. It is recommended to use this

integration in conjunction with a Single Sign On technology.

For example: http://byodportal.com/manage/a=youraccount&service_view=embed

Running the BYOD Portal Update Set for ServiceNow BYOD Portal cloud (Byodportal.com) or On-Premise can integrate with ServiceNow’s Service Catalog via

MobileIron’s BYOD Portal Update Set for ServiceNow. For more information, contact your MobileIron

http://www.byodportal.com/


sales representative. Please see installation instructions that come with the Update Set download for

install help. The solution is certified on ServiceNow versions Berlin to Dublin.

Downloading the Update Set for ServiceNow

For BYODPortal.com Customers:

Your portal should have the ServiceNow Integration section enabled in the Integrations section of

the admin portal. Here you can download the update set.

For Onpremise BYOD Portal Customers:

Your organization should have received an email with download credentials. The download site is

located at https://www.byodportal.com/download.

Installing the Update Set for ServiceNow

As with any customization you install on your system, you’ll want to thoroughly test the MobileIron

BYOD update set in your development environment before committing it to your production

environment.

Please Note: The Update Set will create the proper Service Catalog categories, but will not display

them in your service catalog by default. You must add the newly created items to your catalog page.

Extract the downloaded update set.

https://www.byodportal.com/download


Log in to the ServiceNow instance where you plan on installing the update set. Make sure that

you log in as a user with admin rights.

Navigate to ‘System Update Sets -> Retrieved Update Sets’ in your Service-now instance and

click the ‘Import Update Set from XML’ link at the bottom of the list

Browse to the update set XML file that you extracted in step 1 and click the ‘Upload’ button. The

upload must be an XML file.

Once the update set has been uploaded, open the ‘Retrieved Update Set’ record and click the

‘Preview Update Set’ button. Let the preview finish and then review the information or return to

the update set.

Once the update set has been previewed go back to the update set record (System Update Sets -

> Retrieved Update Sets’) open it and click the ‘Commit Update Set’ button. This process may


take a while depending on the size of the update set you are committing. Once the process is

finished, you will see a confirmation message as shown below.

Your update set is ready to use! You may need to refresh your browser to see the new

Integration – BYODPortal application. Please Note: The Update Set will create the proper

Service Catalog categories, but will not display them in your service catalog by default. You

must add the newly created items to your catalog page.

Configuring the Update Set for ServiceNow

Access the BYOD Portal Update Set Properties in the Update Set Integration menu. Only enable Debug

Logging for troubleshooting.


For BYODPortal.com Customers:

Properties: Only fields that need to be configured are the byod portal account name (where account

name would mycompany if your byodportal address is mycompany.byodportal.com) and the shared

secret. The URL to the API does not need to be edited. By default the integration uses the

user_name field from the ServiceNow user table to interact with the MobileIron CORE. If another

field is needed, you may change to the necessary field name here.

Scheduled Import: It is recommended that have the scheduled import run atleast every 24 hours.

Edit the scheduled import to your preference. During the import, data such as Terms of Service,

Device Whitelist, Ownership preferences are imported into ServiceNow. The import will also be

used in the near future to populate ServiceNow Assets and CI’s.

For Onpremise BYOD Portal Customers:

Properties: Fields to be configured are the URL to BYOD Portal (set this to your BYOD Portal site

address appended by /api) and the shared secret. The account name needs to be set as

“userportal”. By default the integration uses the user_name field from the ServiceNow user table to

interact with the MobileIron CORE. If another field is needed, you may change to the necessary field

name here.

Scheduled Import: You must change It is recommended that have the scheduled import run atleast

every 24 hours. Edit the scheduled import to your preference. During the import, data such as

Terms of Service, Device Whitelist, Ownership preferences are imported into ServiceNow. The

import will also be used in the near future to populate ServiceNow Assets and CI’s.


REST Messages: You must edit the EnrollDevice and Getlist Rest endpoints to point to your BYOD

Portal server address, appended with ‘/api.’ Example: https://mybyodportal/api

Configuring BYOD Portal In the ServiceNow Integrations section of the admin portal (or setup.php for Onpremise deployments)

you must first enable SeviceNow integration by setting the config to ON. Next enter a secret in the

ServiceNow secret input box. Please make sure that the secret is the same in both the Update Set

properties in ServiceNow and in BYOD Portal.

Once configured and functioning, you may wish to only allow end users the ability to enroll and manage

devices through ServiceNow. To do this, you may disable access to the Manage and Registration portals

by disabling those portals in your BYOD Portal configuration.

Using the BYOD Portal Update Set for ServiceNow The BYOD Portal Integration can be accessed by end users through the ServiceNow Service Catalog.

Managing Devices

User launches into their own device management screen from the Service Catalog under BYOD

Services.

https://mybyodportal/api


User can view details of all enrolled devices including, compliance status, location, battery, apps,

and much more. Users also have ability to perform basic management functions such as locating a

device, locking/unlocking a device, and fully wiping (factory reset) or selectively wiping (removing

device from management and removing corporate data/apps/access from device).


Enrolling A New Device

Users login and then begin to enroll their mobile devices via the company’s ServiceNow Service

Catalog.


User views and accepts terms of service pop-up then chooses from list of approved devices (both

terms and devices pulled from BYODPortal)


If the enrolling user has a manager, the manager approves or denies the request via ServiceNow

approval workflow.


MobileIron/BYODPortal validates that user meets enrollment requirements (ie, user limited to X

number devices, has no other pending enrollments, etc.)

User presented and emailed a URL and one time use pin to finish the enrollment process.

Corporate configs, email, apps, etc. are deployed to the device.


Running BYODPortal On-Premise BYODPortal can be installed as an on-premise web application. If you would like more information,

please contact your MobileIron Sales Representative.

This solution runs on top of any Apache/PHP server. If you are unfamiliar with setting up a server to run

Apache/PHP, a detailed deployment guide for this solution is available at https://mobileiron-

support.force.com/customer/articles/MI_Article/BYOD-Portal-Deployment-

Guide?startURL=/articles/MI_Article/BYOD-Portal-Deployment-Guide

System Requirements To install BYOD Portal On-Premise, you need a physical or virtual server to satisfy the following

requirements:

Server OS and Software Requirements

Developed on Centos 6 Linux (recommended), but will run on any Linux server that satisfies

the below requirements.

Apache 2

PHP 5.3 – 5.4 (Note: PHP 5.5 Is NOT supported at this time.)

o php5-mcrypt

o php5-curl

o php-xml

sendmail or postfix

MYSQL Server

Server Hardware Requirements

1 x 2Ghz CPU

4GB RAM

4GB Hard Disk

Installation 1) First unzip the contents of the distribution by placing the ZIP in your target directory and

running the "unzip <filename>" command. BYODPortal can be run in the root web directory or a

subdirectory on your server. If run in a subdirectory, be sure to have the Apache configuration

point to the correct subdirectory.

2) Change permissions to the common/config.php file to writable. (i.e. CHMOD 666

common/config.php) If the file is not writeable, then the rest of the setup will fail. Also make

sure the /imagesdirectory directory is writable as well.

https://mobileiron-support.force.com/customer/articles/MI_Article/BYOD-Portal-Deployment-Guide?startUrl=/articles/MI_Article/BYOD-Portal-Deployment-Guide




3) Open install/index.php web page in your browser to launch the setup wizard. The wizard will

check that the system satisfies all requirements to run the portal

4) The wizard will walk through populating your MYSQL database with necessary tables and create

an administrator account for the portal as well. NOTE: You must have the empty MYSQL

database created before running the wizard. You will be asked for the DB name on the server as

well as the DB username and password during the setup.

5) Once created, access the admin portal to configure your portal at https://<server>/admin

6) Verify you have a CORE account with Admin and API roles.

7) To scale across multiple servers behind a load balancer, it is recommended to run the MYSQL

server on a dedicated server, and then clone multiple portal front end servers.

8) For best performance, we recommend that a PHP accelerator such as PHP Express or Zend

optimizer be run for high scale environments. (optional)

9) Product help is available by contacting MobileIron technical support.

10) It’s recommended that the app be run as an HTTPS based web application to protect user data.

11) ServiceNOW integration requires that the BYOD Portal Update Set for ServiceNow be installed in

your ServiceNow instance. Integration will not work if your byod portal server is not setup with a

valid SSL certificate.


Portal Administration (On-Premise)

Setup and Preferences

The BYOD Portal On-Premise Application (non cloud) provides the same exact admin portal as

the cloud service. The only difference is that there are no CNAME configuration settings.

Custom Workflow and Code Changes

BYOD Portal On-Premise is offered as an open code application, meaning you can alter the code

as you see fit. It is recommended to keep track of any code changes as this will affect how you

will handle future upgrades.

Upgrading The On-Premise Code

Customers will receive a notice when a new version is available. The updated version can be

downloaded directly from BYODPortal.com with the credentials provided to you at time of

purchase.


Release Notes

2017.01.10 Service Update

Fixes Description

Fix PHP Mailer Library Update

Updated third party component in BYOD Portal to address security issues found in older PHP Mailer versions.

Fix Registration Problems After Upgrading To Core 9.2

LDAP based configurations not working after upgrading to Core 9.2.

Fix Conditional Limits Not Working

In certain circumstances, conditional limits are not being enforced.

Fix Windows 10 Anniversary Edition Fix

Windows Mobile 10 Anniversary Edition registration instructions were incorrect.

Fix Security Updates

Various security updates to application and infrastructure.

2016.07.28 Service Update

Fixes Description


Various security updates to application and infrastructure.

Fix On-Premise Installer Update

Updated and consolidated SQL in On-Premise Installer

Fix Windows 10 Devices Not Enrolling Successfully

Some Windows 10 devices were not enrolling successfully in BYOD Portal.


Fix Windows 10 Devices Not Showing In Manage Portal

Win10 devices were not displaying in the self service portal.

Fix Windows 10 Functions Removed

Self service functions not available to Windows 10 devices were removed from display in self service portal for Windows 10 devices.

Fix Apps Not Displaying In Self Service Portal

Device applications were not displayed when viewing a device application inventory.

Fix Android Client Auto configuration Not Working

Updates made to Android Mobile@Work client and to BYODPortal to accommodate the auto configuration feature.

Fix iReg Error Explanation

iReg Error now displays the following error: " Core not configured correctly. Pease contact your administrator and ask them to set iOS Web Based Registration Requirement to Registration PIN under the Device Registration System Settings."

2016.03.09 Fix Notes

Fixes Description

Fix Windows 10 Support

Portal now accurately detects Windows 10 Mobile and PC devices.

Fix Windows Enrollment Messaging

On device enrollment messages now matche exact messages used on Core with explicit

instructions on enrolling Windows 10 vs 8.1 vs 8 vs 7 devices.

Fix ServiceNOW Support for Windows Phone devices

The correct URL is now shown through ServiceNOW for Windows enrollments. Messages now

match exact messages used in Core instructions.

Fix Core 9.x Support


Updated to support upcoming MI Core releases.

Fix Whitelist False Positives

Fixed an issue where in some cases devices were getting by the Whitelist control.

Fix Android Client MIRP URL

Updated MIRP URL used in Android registrations for launching the MI Client from BYOD Portal

during enrollment.


Code updates to address and potential security concerns.

Fix Conditional Limits via LDAP

Fixed issue that only allowed users to enroll one less device than specified when restriction set

by LDAP rule.

Fix Updated Documentation

Documentation Updated.

Fix On-prem Installer Update

Installer updated to support latest DB requirements of BYOD Portal.

Feature Disable Auditing

Administrator can now disable auditing so that there is absolutely no data saved on BYOD

Portal. This includes user actions and registrations. If disabled users cannot see their own

actions in the last 30 days.

2015.05.28 Fix Notes

Fixes Description

Fix Persisted Ownership on Terms Display

Ownership selection persists when terms of service is conditional shown to end user after

login.


Feature Core Selection By Ownership

Registration core can be chosen by end user ownership selection.

Fix Core 8.x Support

Updated to support latest MI Core release.

Fix Clientless Enrollment Fails on Core 8.x When Terms of Service Enabled in Core

Clientless enrollment now works in all Core 8.x configurations.

Fix Uploading Log Fails In On premise Install

Logo was not saving to correct directly in on premise installation.

Fix Background Color not setting when Register Globals is configured OFF in PHP

Register globals is no longer a configuration needed on PHP server to set background color.

Fix Certain Windows Phones detecting as Android

Fixed detection scheme used to determine if a device is a Windows Phone device.

Fix Wrong URL Showing for Windows Phone Enrollments via Service Now

Correct instructions and URL now show properly.

Fix Fixed Issue With Choosing Core By LDAP Group

Fixed issue that affected the ability to choose a core by user LDAP membership.

Fix Conditional Terms of Service Always Converts to Lowercase on Save

Case is properly preserved after Conditional Terms of Service are saved..

Fix Changed Message Clarifying Why Pin Based Registration is Needed for Web Based

Registration

Only we based registration in the core needs to be set to PIN in order to use BYOD Portal. IN-

App registration does not need to be.


12/22/2014C Fix Notes

Fixes Description

Fix QR Code Scanning Showing Portal Disabled

When a user scans a QR code to enroll a device, the resulting page shows that the registration

portal is disabled.

Fix On-Prem Installer Not Supporting ‘$’ in DB Password

When a ‘$’ character is used in the DB password field, the portal will not function appropriately.

12/22/2014B Fix Notes

Fixes Description

Fix Device Details and Status Popups Only Working For First Device On Screen

When a user has multiple devices displayed on the self service portal, only the 1st device details

and status popups function.

12/22/2014 Maintenance Release

Fixes Description

Fix Number of Devices Enrolled Not Accurate

In certain situations, the portal was informing users that they were over their device limit when

they were not.

Fix ServiceNow Enrollment URL Shows Incorrect When ServiceNow Is Configured to Send HTML

Email

Pin was becoming attached to enrollment URL giving users a 404 when they attempted to put

enrollment URL into their phone.


Fix Autodetect of Windows 8 vs 8.1 via ServiceNow Enrollment

Both instructions shown to end user, causing confusion. Portal now auto-detects Windows

Phone version and provides correct instructions to end user.

Fix QR Code Failure Via ServiceNow

In certain situations the QR code was not rendering with the correct URL via ServiceNow

enrollments.

Fix Mixed Case Admin Email Address Would Result In Admin Login Failure

Portal does not allow admin to login when they use mixed case email addresses.

Fix Security Fixes

Multiple security vulnerabilities have been fixed in this release, please see the following

KB article for more details: https://help.mobileiron.com/customer/articles/MI_Article/BYOD-

Portal-Security-Update-December-2014

Known Issues

Occasionally in Chrome there will be JavaScript popups that occur when moving from one Admin Portal tab to another. The fix is to clear browser history/cache and access admin portal again.

Its is not recommended to run SAML support on the VSP/Core admin interface as many features such as looking up a user's ldap group, or displaying of an end user's installed apps will not display when the VSP is setup to use SAML for VSP Admin site authentication.

Password and Android App Admin rights compliance status are not displaying properly in the Manage portal

There is no way to detect if the device is using an in app browser or not on Android when using a QR scanner. (byodportal.com and onpremise)

Onpremise version of BYOD Portal Does not support PHP 5.5 and above. BYOD Portal host server must be configured with PHP 5.3-5.4.

October Fix Release (10/14/2014)

https://help.mobileiron.com/customer/articles/MI_Article/BYOD-Portal-Security-Update-December-2014

https://help.mobileiron.com/customer/articles/MI_Article/BYOD-Portal-Security-Update-December-2014


Fixes Description

Fix Password Reset Function Not Sending Emails or Resetting Password

Admins can now reset password.

Fix Conditional Limits Not Being Enforced

Limits were being set to default value rather than conditional.

Fix Some Windows Phone Devices Recognized As Android

Some WP8.1 devices were being detected as Android devices. This has been resolved.

Fix ServiceNOW Update Set Unable to Pull Terms of Service from BYOD Portal

Fix Onpremise Installation Requred Register Globals ON In PHP

Register Globals no longer needed.

Fix Conditional Limit Error Check

Admin portal verifies that conditional limit entered is a number.

Fix Error Messages Corrected in Admin Portal

Error messages showing incorrectly for Conditional Terms and Limits functions.

Fix ServiceNOW Terms of Service Showing Error when TOS had HTML elements that contained an ampersand

2014.08.29

Feature Description Product

Feature Unified Code Base

Both BYODPortal.com and Onpremise versions now use the same unified code base providing feature parity between the two.

Cloud and Onprem

Feature MYSQL Requirement

BYOD Portal Onpremise now requires a MYSQL Database Server

Onprem



Feature New Installer

BYOD Portal Onpremise now features a full installer that tests server for necessary requirements as well as builds database and creates admin account.

Onprem

Feature New Admin Interface

Onpremise install now uses the same Admin portal interface as the BYOD Portal cloud product.

Onprem

Feature Multiple/Conditional Core Support

Portal now supports multiple VSP/Cores/Connected Cloud servers. Manage portal will pull from all specified servers while during registration, servers can be chosen via user LDAP group, device type, or at random.

Cloud and Onprem

Feature Multiple/Conditional Terms of Service

Portal now supports multiple Terms of Service. Terms of Service can be conditionally shown to users based on their LDAP Group memberships.

Cloud and Onprem

Feature Conditional Device Limit

Number of devices can be limited based on user’s LDAP Group membership.

Cloud and Onprem

Feature Disable Terms of Service

Ability to not display a terms of service during enrollment is now supported.

Cloud and Onprem

Feature Embedded Portal / iFrame Support

BYOD Portal can now be embedded with no styling in a company portal via iFrame by adding the embed keyword in the URL. Admin portal shows the embed code for the BYOD Portal instance in the integrations section.

Cloud and Onprem

Feature New functions added to Onpremise Code

Functions to lookup a user's LDAP group, choose a user's core server, and more have been added to the open code of BYOD Portal.

Onprem



Feature Migration from One VSP/Core to another

Portal now supports workflow of helping to migrate users from one core/connected cloud server to another core server or connected cloud server by specifying core servers that users will be migrating from. Workflow then assists user in retiring devices from old servers and enrolling into new servers.

Cloud and Onprem

Feature Implemented New Device Detection Library

New Library helps detect device OS, Type (Tablet vs Phone vs Computer), and Makes and Models of devices.

Cloud and Onprem

Feature Disable Send Message To Device

Admins can now disable the end user's ability to send Push Notifications or SMS messages to their devices.

Cloud and Onprem

Feature Windows Phone 8.1 End User Features Added

Locate, Lock and Checkin options added to WP8.1 Self Service Support.

Cloud and Onprem

Fixes Description Product

Fix VSP Sends Registration Email via ServiceNOW when Send Email Option is Off

ServiceNow Integration now obeys the Send Email option.

Cloud and Onprem

Fix Last Connected Shows Previous Phones Data

This occurred when no last connected data was available for a device.

Cloud and Onprem

Fix Add Device button disabled when Reg portal is disabled

The add device button is removed from view when admin disables the enrollment portal.

Cloud and Onprem

Fix Removal of Location and Export admin reports/buttons

The Location Report and Device CSV export has been removed as that data should be reported on from the VSP/Core itself.

Cloud and Onprem

Fix Show PIN not enforced with WinPhone enrollments Cloud and Onprem



When Show Pin was set to OFF, PIN was still displayed to users enrolling WP8 devices.

Fix PIN Showing as Part of registration URL in ServiceNOW

PIN was truncated into the URL which was causing email clients to add PIN to the end of the enrollment URL.

Cloud and Onprem

Fix Core URL Not Showing in Android Enrollments via ServiceNOW

BYOD.ME url was being shown but the CORE URL was not to end users.

Cloud and Onprem

Fix ServiceNOW Secret Now Hidden From View

Previously was in plain text in a form field. Now it resides in a password field.

Cloud and Onprem

Fix Self Service Portal Limited to 6 Devices

Now all of a user's devices (unlimited) are shown on screen.

Cloud and Onprem

Fix Style updated in Manage and Reg portals

One single Style now in use that is completely responsive depending on device type.

Cloud and Onprem

Known Issues Product

Occasionally in Chrome there will be JavaScript popups that occur when moving from one Admin Portal tab to another. The fix is to clear browser history/cache and access admin portal again.

Cloud

Its is not recommended to run SAML support on the VSP/Core admin interface as many features such as looking up a user's ldap group, or displaying of an end user's installed apps will not display when the VSP is setup to use SAML for VSP Admin site authentication.

Cloud and Onprem


Cloud and Onprem


Cloud and Onprem



Admin portal page wraps when display is less than 1000 pixels wide. Cloud and Onprem

When uploading a new custom logo it can take up to 15 minutes for the logo to be visible by everyone via the Internet.

Cloud

ServiceNow enrollment does not currently support side loading of Android client. Enrollment must be done via Google Play.

Cloud and Onprem

ServiceNow QR Support does not verify if the QR reader is using Safari or an inapp browser during clientless enrollment on iOS devices. iOS clientless enrollment will only work with QR readers that use the native safari browser, not an inapp browser.

Cloud and Onprem

2014.07.18


Feature New Self Service Interface

New self service interface to align with other MobileIron interfaces.

Cloud and Onprem

Feature ServiceNow Dublin Certification

Product now certified on latest ServiceNOW release.

Cloud and Onprem

Feature Unlimited Device Setting

Ability to not limit user device count.

Cloud and Onprem

Feature Session Remains Intact After Clearing Pending Registrations

Users no longer have to re-login after clearing pending registrations.

Cloud and Onprem

Feature Disable/Enable Pending Device Check

If disabled, users will be able to enroll new devices, regardless if they have existing pending registrations or not.

Cloud and Onprem



Feature Windows 8.1 Device Pin Support

Workflow now supports Windows 8.1 Devices

Cloud and Onprem

Feature Disable QR Code

Ability to stop QR code from showing on enrollment screens.

Cloud and Onprem

Feature Disable Android Auto Configure Button

When show pin setting is set to OFF, the auto-configure button will now not show.

Cloud and Onprem

Feature Support of QR Codes in ServiceNow Cloud and Onprem

Feature ServiceNOW support for clientless iOS enrollment Cloud and Onprem

Feature Use of much smallerURL when enrolling via ServiceNOW Cloud and Onprem

Feature http://BYO.ME url for installing client BYOD Portal provides a quick URL for users trying to quickly install and locate the MobileIron MyPhone@Work client rather than typing in any complex URL’s or searching by name on the app store. Users can point their device to http://byo.me to quickly get pointed to the MI client on the appropriate app store. Desktop users can be linked to the web based app stores by going to http://byo.me/i for iOS and http://byo.me/a for android.

Cloud and Onprem

Feature Autosize of Logo Upload

Currently logo must be 50x50 in size. This feature will autosize the logo to fit by CSS but allow for the uploading or larger resolution logo files up to 400x250. Onpremise version has the stylesheet update only.

Cloud and Onprem

Feature Variable Domain Names for Byodportal.com

For carrier partners who need to run the portal under a different URL.

Cloud Only

Feature Push Notification to Device Cloud and Onprem

http://byo.me/

http://byo.me/i

http://byo.me/a



Allow user to send a device a custom push notification message.

Feature Whitelist support for Wildcards

Admin may enter a white list entry such as iPad*3 which would white list all iPad's running ios3 for example.

Cloud and Onprem

Fixes Description Product

Fix Invalid State Error showing when users logging in with Email address

State corrupted when a user logs in with an email address and the LDAP username is not the email address.

Cloud and Onprem

Fix Role Check Failing on CORE 6.x

In some cases Role checks were failing on CORE 6.x. Using new role check api call and workflow to validate role check finding is accurate.

Cloud and Onprem

Fix UI Not Loading when SAML enabled and CSS is customized

Not being redirected to IDP when CSS is customized and SAML enabled.

Cloud and Onprem

Fix Battery Showing 0% for iOS Cloud and Onprem

Fix Fix supported devices popup.

Fixed spelling and format of supported devices screen.

Cloud and Onprem

Fix Self Service Refresh Button redirecting to BYODPortal.com home page if session is timed out.

Cloud and Onprem

Fix Number of devices in manage portal limited to 5

Limit on screen is now 10 devices. Will paginate in future release.

Cloud and Onprem



Occasionally in Chrome there will be javascript popups that occur when moving from one Admin Portal tab to another. The fix is to clear browser history/cache and access admin portal again.

Cloud

Some features such as displaying of an end user's installed apps will not display when the CORE is setup to use SAML for CORE Admin site authentication.

Cloud and Onprem


Cloud and Onprem


Cloud and Onprem

Admin portal page wraps when display is less than 1000 pixels wide. Cloud

Previous onpremise versions will not work with CORE 6.x and above when registering new devices using Onpremise version 2014.04.29 and prior. There is a fix available but it is recommended to update the onpremise code to the latest release to account for the updates and new features in the latest CORE versions.

Onprem

When uploading a new custom logo it can take up to 15 minutes for the logo to be visible by everyone via the Internet.

Cloud

ServiceNow enrollment does not currently support side loading of Android client.

Enrollment must be done via Google Play.

Cloud and Onprem

2014.06.06

Feature/Fix Description Product Status

Feature CORE Version Detection

Portal will detect version of CORE to determine API call

compatibility. New function created.

Cloud and

Onprem

Complete



Feature More Information In User Terms Acceptance

Acknowledgement

Added device information and owner information in the

acknowledgement.

Cloud and

Onprem

Complete

Fix ServiceNow format is lost after a retire/wipe via

ServiceNow

After screen refresh in ServiceNow, CSS is lost and shows

default portal interface, including the Add A Device tab.

Cloud and

Onprem

Complete

Feature Client selection support for Vodafone and DT

Added ability to choose between default MobileIron

branded client or Vodafone or DT branded clients. (For

Vodafone and DT customers only)

Cloud and

Onprem

Complete

Feature Add Device Name for iOS To Device Tab

This will help distinguish between WIFI only devices. iOS

devices only as Android does not offer device names.

Cloud and

Onprem

Complete

Feature Add Carrier Information To Device Details

Show carrier Information in device details pop up in

management portal.

Cloud and

Onprem

Complete

Fix Prepopulate SSO Fields In Onprem Setup Utility

Pre-populating with example data to help aide in

configuration.

Onprem Complete

Feature Blackberry Migration Workflow

New workflow option to query BES to learn if user has

BES attached devices and prompt user to delete those

Cloud and

Onprem

Complete



devices via the portal before they are allowed to enroll

new device.

Fix Show Accurate Roaming Status In Manage Portal

Show accurate international roamin status in portal for

devices w/ home carriers outside the USA.

Cloud and

Onprem

Complete

Feature Updated Onprem Setup Utility UI

UI updated for easier navigation through the setup

utility.

Onprem Complete

Fix Terms warning not showing in Setup Utility

Warning showing admin that they must enter in terms of

service is not detecting correct.y.

Onprem Complete

Fix Errors Not Showing In Admin UI

Some errors such as if a CNAME setup is not done

correctly are not showing in the admin UI.

Cloud Complete

Fix API Call Reduction

Clean up number of calls made to CORE API during the

enrollment process.

Cloud and

Onprem

Complete

Feature Timing Offset for SAML Assertion

Ability to offset the timestamps with the SAML IDP and

BYOD Portal (useful when getting invalid timestamp error

messages)

Cloud and

Onprem

Complete

Fix Failed registrations with CORE 6.x Cloud and

Onprem

Complete



In many cases the changes in CORE 6.x was causing

registration failures/errors due to changes in CORE API.

Fix Registration URL and QR Code Shouldn't Show When

Over Limit

Portal now just shows end user error letting them know

they are over device limit.

Cloud and

Onprem

Complete

Fix Account Status Undetermined in Admin portal

Admin portal now shows correct account status for all

account types.

Cloud Complete

Fix HTML Editor Not Working in IE10+

HTML Editor has been updated to latest code base

compatible with all major browser versions.

Cloud Complete

Fix DNS Lookup of CNAMES Failing

In certain cases when DNS return mixed case CNAME

results, the validation was failing. This was fixed as well

as a backup DNS lookup as a secondary check before

showing an error. Additionally DNS lookup is only run

once during initial save.

Cloud Complete

Fix Session Errors Not Showing for Certain Manage Functions

When session is invalid certain functions were not

showing an error rather redirecting user to portal home

page with no message. This has been fixed.

Cloud and

Onprem

Complete




Occasionally in Chrome there will be javascript popups that occur when moving

from one Admin Portal tab to another. The fix is to clear browser history/cache

and access admin portal again.

Cloud

Some features such as displaying of an end user's installed apps will not display

when the CORE is setup to use SAML for CORE Admin site authentication.

Cloud and

Onprem

Password and Android App Admin rights compliance status are not displaying

properly in the Manage portal

Cloud and

Onprem

There is no way to detect if the device is using an in app browser or not on

Android when using a QR scanner. (byodportal.com and onpremise)

Cloud and

Onprem

Admin portal page wraps when display is less than 1000 pixels wide. Cloud

Previous onpremise versions will not work with CORE 6.x and above when

registering new devices using Onpremise version 2014.04.29 and prior. There is a

fix available but it is recommended to update the onpremise code to the latest

release to account for the updates and new features in the latest CORE versions.

Onprem

2014.02.28 Updates

Terms of Service Acceptance Email now contains end user full display name, email, and platform or device enrolled

and has been reformatted. (byodportal.com and onpremise)

Fixed issue where the Reg Link was not working from the Add Device screen in manage portal in some instances

(onpremise)

Fixed time format compatibility issue with ServiceNow Update Set (byodportal.com and onpremise)

Fixed issue where the Logout URL was not working and/or not logging user out of BYOD Portal when SSO was enabled

(byodportal.com and onpremise)


Added ability for admins to associated existing portal accounts with a company subscription (byodportal.com)

Admin Portal Website has been updated to new UI. (byodportal.com)

Fixed multiple issues with Admin Portal and IE8. (byodportal.com)

Fixed issues with Manage Portal and IE8 and IE9 browsers.(byodportal.com)

ServiceNow documentation moved to user guilde. (byodportal.com and onpremise)

Account Sign Up Process and UI has been updated (byodportal.com)

Admin can now choose to have Android client sideloaded instead of installed from Google Play (Byodportal.com and

onpremise).

Fixed issue with SAML integration where the assertions were not being parsed properly, especially when integrating

with MS ADFS (byodportal.com)

Added auto configuration button for Android client for all android registration types.

Fixed issue where autopop of terms was not occurring (onpremise only)

Fixed issue where CSV whitelist was not restricting device properly. (onpremise only)

Fixed issue where supported devices button was showing devices on the whitelist.csv when whitelist feature was

disable (onpremise only)

Known Issue: When Android client is sideloaded user must first allow for installation of unsigned apps in device

settings.

Known Issue: Password and Android App Admin rights are not displaying properly in the Manage portal

(BYODPortal.com and onpremise).’

Known Issue: There is no way to detect if the device is using an in app browser or not on Android when using a QR

scanner. (byodportal.com and onpremise)

Known Issue: Admin portal page wraps when display is less than 1000 pixels wide. Will be addressed in next release.

2014.01.24 Updates

Fixed issue where when the last tabbed device is retired in the manage portal, screen reloads showing no tab.


Fixed possible security vulnerabilities uncovered during security scan including setting cookies to be forced to use

HTTPS as well as a XSS concern with a form variable on the registration portal. (byodportal.com and onpremise)

Site copyright notice, terms of use, and privacy notice updated on byodportal.com.

Fixed issue where Chinese language detection was only detection traditional and not simplified. (byodportal.com and

onpremise)

Added feature that allows an administrator to disable either the Manage or Registration portals while keeping the

other active. (byodportal.com and onpremise)

Terms of service now has a CLOSE button on the button of the modal popup. (byodportal.com and onpremise)

When a user tries using and invalid or expired QR code, a descriptive error now displays. Previously user was just

redirected to portal home page. (byodportal.com and onpremise)

Fixed issue with modal/pop-ups in Manage portal on IE8 and IE9 browsers. (byodportal.com and onpremise)

Fixed issue with default background showing as WHITE on IE8 and IE9 browsers. (byodportal.com and onpremise)

QR Scanning enrollment now detects if a device is trying to enroll with an In Application browser on iOS devices and

displays error if it is. Users are recommended to use a QR scanner that opens URL’s in the default safari browser.


QR Scanning enrollment on Android shows the end user a warning telling user to make sure the QR scanner can open

links in the default web browser. KNOWN ISSUE: There is no way to detect if the device is using an in app browser or

not. (byodportal.com and onpremise)

Fixed issue where error was showing when a Company name , help desk contact information, and ServiceNow secret

contained an apostrophe. (byodportal.com and onpremise)

Fixed issue where the register button was overflowing on Safari browsers below the intended surround.


Fixed some data handling issues on the Onpremise setup utility script. (onpremise only)


ServiceNow Integration supports ability to disable the registration portal on BYOD Portal to force users to use the

SNOW Service Catalog only. (byodportal.com and onpremise)

Locate maps is now using Google maps API for cloud service. Onpremise still uses Mapquest due to licensing reasons.

(byodportal.com only).

Fixed display issues in the Italian and French language files. (byodportal.com and onpremise)

2013.12.11 Updates

Fixed issue where users logging in by email address were not seeing their devices show in the manage portal. Email is

converted to principal name of user. (onpremise and byodportal.com)

Fixed issue where SAML Logout config was not working when specified in configuration (onpremise only).

Updated SAML Support to fully support SecureAuth and Symplyfied SSO. (onpremise and byodportal.com)

All of UI elements now moved to new Bootstrap version 3 UI framework. (onpremise and byodportal.com)

Add A Device tab in Manage portal now pops open as a model to better display registration instructions. (onpremise

and byodportal.com)

Add A Device tab in Manage portal now displays a QR code for registering a new device. Configuration option allows

for user to get authenticated via QR code or just taken to registration page. (onpremise and byodportal.com)

Responsive UI enhancements to provide a uniform display across all device types. (onpremise and byodportal.com)

Style sheet updates to accommodate for new UI capabilities in Bootstrap 3. (byodportal.com and onpremise)

Fixed issue where manage URL was not showing after an enrollment was completed (onpremise only)

Fixed an issue with detecting Chinese language preference in some browsers (onpremise and byodportal.com)

2013.11.19 Updates

Fixed issue where registration instructions not showing in manage portal when a user has 0 devices registered

(onpremise and byodportal.com)

Fixed issue where CSV whitelist was not functioning correctly when enabled (onpremise only)

Optimized the parsing of the XML returned from the CORE API when displaying devices (onpremise and

byodportal.com)

2013.11.14 Updates

Fixed issue where Send Registration Email setting was not functioning correctly (onpremise only)

Fixed XSS Vulnerability when an unsupported device accesses the portal and is displayed their useragent


Fixed issue where alert icon was showing broken for compromised Android devices. (byodportal.com and onpremise)

Fixed sample code that shows to display a custom screen and set an appropriate label based on response. Label was

not setting correctly previously. (onpremise only)

Modified look and style of registration page (byodportal.com and onpremise)

Fixed issue where user’s with a space in their username or are using email address as their username were not having

their devices displayed (byodportal.com and onpremise)

Removed the Dark Template option from product. (byodportal.com and onpremise)

Consolidated mobile and desktop CSS files into common/portal.css. (byodportal.com and onpremise)

Fixed issues with SAML integration. Known issue exists with SecureAuth and Symplified SSO. (byodportal.com and

onpremise)

Changed pop up dialogs to use Bootstrap UI elements (change in popup behavior) (byodportal.com and onpremise)

Manage portal now displays to user the maximum number of devices they are allowed to register. (byodportal.com

and onpremise)


2013.10.21 Updates

Fixed issue related to clientless ios registration with users with apostrophe’s in their usernames (byodportal.com and

onprem)

Fixed issue where roles check was not performing correctly for certain LDAP users in CORE 5.7.x and 5.8. Reverted to

old method of checking roles and populating roles data until the CORE API is fixed. (byodportal.com and onprem)

Increased height of registration screen in desktop*.css stylesheets. (byodportal.com and onprem)

2013.10.09 Updates

Fixed issue related to MacOS not being able to register when iOS Clientless is turn on (byodportal.com and onprem)

Fixed issue where the wrong device ownership is applied when registering via reg portal (onprem only)

Fixed issue where number of devices or pending device block was not being enforced if the username was being returned from AD in mixed case (byodportal.com and onprem)

SAML2 Interface in the admin panel (byodportal.com)

Fixed issue where the status was not showing in manage portal for devices (onprem only)

New Tab View of devices in Manage portal (byodportal.com and onprem)

Single Sign On support between Manage and Reg portals(byodportal.com and onprem)

When a user is over the device limit and tries to register, the user is now directed back to the manage portal to remove the devices they no longer want. (byodportal.com and onprem)

When using SAML, and clientless iOS registration, admins must set the CORE to PIN web based registration (ireg) in the CORE admin portal settings. A new error message will dispay to user if this is not set and registration will stay in a pending state. (byodportal.com and onprem)

Displayed new Help icon and help desk contact information in the manage portal (byodportal.com and onprem)

Code Cleanup where all functions moved to functions library in the onpremise open code (onprem)

Fixed issue preventing ServiceNOW integration form not displaying and registering correctly for some portals

(byodportal.com and onprem)

Altered Italian Language file (byodportal.com and onprem)

Added error capture for when a clientless iOS registration takes place and the ireg portal is not set to pin based reg.


Added loading spinner to forms to avoid a user clicking the submit button twice. (byodportal.com and onprem)

Added delay in clientless registration congrats page so that users do not get confused if followed by an error.


Added new items to the language files. (byodportal.com and onprem)

Fixed an issue with the digest system in the ServiceNow integration where digests with a + sign were causing failures.


Added the EnrollmentServer/Discovery.svc target URL to the confirmation page of Windows 8 devices when

registering against connected cloud CORE’s. See Windows Phone 8 FAQ on MI Support Site for more

information. (byodportal.com and onprem)

Fixed an issue with ServiceNOW integration where only a CORE that is ldap connected will register new devices. Fix

now allows for integration with CORE’s using local users.

2013.09.15 Updates

Updated and fixed the onpremise setup utility to detect if PHP server is configured correctly.

Switched location mapping technology to Mapquest for BYODPortal.com and Onprem code.

Fixed an issue with Winphone devices registering to a Connected Cloud CORE (byodportal and onprem)

Fixed issue where new custom icons where not saving correctly for accounts that already set a custom icon.

Changed terms pop up to not have any opacity mask as it was causing issues in some mobile browsers.


Removed Devices and ActiveSync reports from admin console. Customers should view these reports in their CORE or

Atlas interfaces as those reports are better optimized from those interfaces. (byodportal.com)

Added ability to download audit log in CSV format from admin console (byodportal.com)

Added an actions report that shows trend of end user actions on the portal (byodportal.com)

Updated graphing libraries for admin console for extended browser compatibility including IE8 (IE8 with compatibility

mode enabled is still not supported). Some reports are not visible for IE8 and are hidden from view.

Removed checkin icon for WinPhone devices as that function is not supported on the Core

Changed default behavior of ios registration to clientless to accommodate for auto population of MI client (new

accounts only, will not affect existing accounts)

Fixed issue that added whitespace to custom CSS entries on save from admin panel (byodportal.com)

2013.09.01 Updates

Added SAML 2 libraries for SSO

Fixed Issue with users with apostrophes in their username

Fixed an issue where sometimes the the screen was showing no text when the portal had trouble detecting the

browser language

Fixed an issue where the ServiceNow registration integration was sending Android instructions for iOS devices

Fixed an issue where the ServiceNow registration screen was not showing all registration device options

Fixed an issue in ServiceNow integration where Multi-byte characters were not working correctly via API

Updated input variables in global API

Fixed issues where content not showing in IE7 browsers correctly

Fixed Issue where confirmation text was not showing on certain functions w/ onpremise code.

Fixed issue where registration time/date was not displaying correctly w/ onpremise code

2013.08.18 Updates

Fixed issue where devices not showing for users that entered username with mixed case on login.

Fixed issue where some Android devices were showing as not supported.

Fixed issue where the ownership of a device was improperly changing to corporate if a user was retiring a single

device during the retirement workflow.

Removed Blackberry 10 reference from admin portal

Fixed issue when account is pending activation and no text is being displayed.

2013.08.08 Updates

CSS Customization support. Admins can alter the CSS of the manage and reg portals to change the appearance of BYOD Portal

Localization – support for 9 languages in the admin and end user portals including English, French, Italian, German, Spanish, Chinese Simplified and Traditional, Japanese, Korean.

Language auto detect – portal detects and displays appropriate language for user based on language of device/browser. Detection can be shut off so users are forced to view a default language as well. The default behavior for existing accounts is set to OFF not to change any workflow/appearance that existing customers have in place.

Mac OSX Registration and Self Service Support

Users now have ability to clear existing pending registrations during registration process

Clientless iOS registration fix for CORE’s using a Self Signed Certificate

Ability to disable CORE from sending registration email to end user when they register via BYOD Portal

Sorting of device white list in admin portal by Manufacturer, then Model for easier management of lists

Fix of issue where all devices not correctly showing for complex usernames

Change max number of devices to 10


Adjustment of CSS files to accommodate for language support - users may have to clear browser cache to properly see the new styles correctly.

Changed reference to MI client to Mobile@Work

Fixed issue with WinPhone 8 devices registering with Connected Cloud CORE’s

Autodetect and block non-safari browsers on iOS and Mac OSX devices when registering

Various image and presentation changes.

Display registered on date and formatted text for last checkin

Tested with latest CORE 5.7.x

Date post:	24-Jun-2020
Category:	Documents
Upload:	others
View:	1 times
Download:	0 times

BYODPortal.com Product Guide › byodapp › help › BYODPortal_guide.pdf · day action/audit log,...

Documents