Cortado AG Alt-Moabit 91 a/b 10559 Berlin Germany/Alemania Cortado, Inc. 7600 Grandview Avenue Suite 200 Denver, Colorado 80002 USA/EEUU Cortado Pty. Ltd.
Level 20, The Zenith Centre, Tower A 821 Pacific Highway Chatswood, NSW 2067 Australia E-mail: [email protected] Web: www.cortado.com Issued: April 2, 2013 (v213)
■
Version 6.1
Configuration and
Maintenance
©
Cor
© Copyright
This document is the intellectual property of Cortado AG. This document may be copied in whole or in part, provided this Copyright notice is included in every copy.
® Registered trade marks
All hardware and software names mentioned in this document are the registered trademarks of their respective companies or should be regarded as such.
Safety warning
All Cortado products are pure software solutions. Please note the safety warnings in the technical docu-mentation from your hardware vendor and from the manufacturer of each device and component. Before beginning installation, we recommend closing all windows and applications and deactivating any virus scanner.
or ta do A G 2013
Introduction ... 7
Precondition ... 7Overview management console ... 7
Preparatory work for MDM ... 9
BlackBerry ... 9
Android ... 9
Apple iOS ... 10
Requesting and installing Apple Push certificates ... 11
SCEP server installation ... 17
User
access ... 27
Via Apple iOS, Android and BlackBerry ... 27
HTML5 Client ... 27
User
Management ... 29
User Import ... 29
Defining import source ... 29
Selection of users and Import ... 32
User Configuration ... 35
Overview ... 35
Configure network drives ... 35
User settings ... 39
Mobile
printing ... 43
Assigning predefined printers ... 44
Assigning Network printer ... 46
Assigning mobile printer (Wi-Fi, Bluetooth) ... 50
Removing printers ... 53
Target folders for print jobs ... 53
©
Cor
Managing
devices ... 56
Device information (Details) ... 56
Device functions ... 57
Device protection (Lock Screen+ Wipe) ... 57
Clear Passcode - iOS only ... 59
Remove a device (Remove) ... 59
Locate a device (Locate) ... 59
Merging multiple-displayed devices (Merge) ... 61
Applications (Apps) ... 61 Policies ... 61 Certificates ... 62 Wi-Fi Profiles ... 63
Reports ... 64
Overview ... 64 Examples ... 65Managing
apps ... 67
Assigning apps stored by default ... 68
Adding new apps ... 69
Storing apps as a link (Define App) ... 70
Importing apps ... 71
Managing intranet apps ... 72
Define a link ... 73
Assigning links ... 74
Managing
certificates ... 76
Overview ... 76
Encryption between browser (end device) and server ... 76
Encryption between the Cortado app (end device) and server ... 77
Groups of certificates ... 78
or
ta
do A
G
2013
HTTPS encryption between the Cortado app and server ... 78
In detail ... 78
Setting up root and server certificates for Cortado Corporate Server ... 78
Establishing client certificates (optional) ... 81
Managing
Policies ... 85
Define a policy ... 86
Assigning policies to users or devices ... 87
Wi-Fi
Profiles ... 89
Creating a Wi-Fi profile ... 89
Assigning Wi-Fi profiles ... 90
Sending Welcome e-mail ... 90
Purpose ... 90
Procedure ... 91
Global
Settings ... 91
User Self Service Portal ... 96
First Steps Wizard ... 96
Apps ... 97
Intranet Apps ... 97
Setup ... 97
Personal
Printing ... 98
What is Personal Printing? ... 98
Opening the configuration console ... 98
Settings ... 100
ADAM Service Account ... 101
Print Job Storage ... 101
Authentication ... 103
Setting up printers ... 104
©
Cor
Setting up Personal Printers for Mac and Linux machines (optional) ... 104
Setting up target printers ... 104
Font management ... 106
Activating authentication methods ... 107
Configuring authentication devices for encryption (SSL) ... 108
Configuration for each user ... 109
Configure each user separate ... 109
Appendix ... 111
Mail directory on Apple and Android devices ... 111
Creating a .csv file for importing users ... 111
Creating files for importing apps ... 112
Intranet App: Define Cortado server as a proxy ... 114
Configure file types ... 118
Cortado server ports ... 126
Cortado app is inactive ... 126
Testing the client certificates in the DMZ ... 128
User management using PowerShell ... 130
Update to 6.1 ... 132
Uninstalling the Cortado Corporate Server ... 133
Additional sources ... 133
Customer service and technical support ... 134
or ta do A G 2013
Introduction
The consumerization of IT and the growing number of various devices used in the enterprise means that cross-platform, high-performance mobile device management (MDM) is essential. The use of mobile devices in companies can only increase pro-ductivity and add optimal capacity to perform outside of traditional office settings when access to key corporate resources and comprehensive file management func-tions are guaranteed.
The most important prerequisite for this is Cortado Corporate Server. The world's first solution to combine powerful MDM with a unique cloud-desktop approach. Whether iPad, iPhone, Android, BlackBerry devices or PCs and Macs, all devices can be seamlessly, securely and efficiently integrated into the corporate IT environment as well as be professionally managed.
Mobile Application Management (MAM) facilitates the management and adminis-tration of enterprise applications such as intranet and internet applications, as well as other apps. In addition apps can be recommended and cross-platform links to the respective app stores deployed to users. At the same time, employees benefit from mobile corporate access and thanks to full desktop capabilities, can work on the go with their mobile device just as productively as in a traditional office setting.
The solution is complemented by a comprehensive security concept, which ensures maximum security and control on the mobile device, the server and during data transfer.
Thanks to Cortado Corporate Server, Apple iOS, Android and BlackBerry users can access through their smartphones or tablets information anytime and anywhere, doc-uments can be viewed on site, copied, printed, faxed, e-mailed or shared. A further option is the secure connection to the HTML5 client which can be established from any desktop while offering all the benefits of Cortado Corporate Server. The result is a complete solution for all mobility, bring your own device (BYOD) and consumeriza-tion challenges.
Precondition
The Installation and initial setup manual shows you how to install and initially
con-figure Cortado Corporate Server. In this manual, you will learn how to configure
Cor-tado Corporate Server and adjust it to the specific needs of your company. For further
manuals see Page 133.
You have already pre-configured Cortado Corporate Server with the Configuration
Assistant (see Installation and initial setup manual, Page 133). However, before the user can use the full range of functions in Cortado Corporate Server, further steps are necessary.
Overview management console
– From a workstation, open the following website:
https://<cortado_server_address>/fw
An HTML5-enabled browser is needed to this.
– Log in to the web-based configuration console of the Cortado server with the same user account (CortadoService account) used for the installation (Illus. 1).
©
Cor
Illus. 1
In the Cortado Console you can, amongst other things: – import users and assign them certificates and policies – assign predefined printers and drives
– enable Cortado functions
– make the Cortado app available on mobile devices – assign apps to mobile devices
– block access to mobile devices that are lost – delete company data from mobile devices – reset factory settings on devices
– locate devices.
Illus. 2
or
ta
do A
G
2013
As an example of user management, we explain the Cortado Management Console, in which the user can manage, as well as other things, the devices, printers and cer-tificates.
You reach the CONTROL PANEL by clicking on CONTROL PANEL (right arrow in Illus. 2)
and here you can select, for example, user management (USERS) (left arrow in
Illus. 2). This opens the summary page of the Cortado Management Console (Illus. 3). It is divided into two display columns and two editing columns. In the first column, the items from the selected module are displayed, for example users, devices or certificates. If you highlight at least one of these items, there appear in the corre-sponding editing column (= second column), actions that you can carry out, e.g. import, add or remove.
The data sets of those items selected in the first column are displayed in the third column, and these can, in turn, be edited in the fourth column.
Illus. 3
You can also select other aspects from the tabs in column three, e.g. NETWORK
DRIVES, PRINTERS, SETTINGS.
Preparatory work for MDM
BlackBerry
See the BlackBerry configuration manual (Page 133).
Android
In order that you are able to manage the devices of your Android users (MDM), it is necessary for them to enter the Cortado server, rather than the exchange server, as their mail server in the set up of their company e-mail accounts (Exchange Active-Sync account). Inform your users of this. They must enter the Cortado server address instead of the Exchange server address (Illus. 4). Tell the users this information. Once the Cortado server’s address is set up, the users receive the automatically created
configuration e-mail (see Page 92).
©
Cor
Illus. 4
You can use the same email account settings on the iOS devices. So if for example,
a device is lost, the email account can be blocked (see Page 40). For how to do so,
see the chapter First Steps Wizard onPage 96.
Apple iOS
For mobile device management with iOS devices you require, in addition to the already installed and configured Cortado components:
■ an Apple issued Push certificate on the Cortado server (see below)
■ an SCEP1 server to automatically issue SSL certificates
(see Illus. 5 and Page 17)
Illus. 4 Setting up the Exchange ActiveSync account (example for Android left and for iPhone right)
or ta do A G 2013 Illus. 5
Requesting and installing Apple Push certificates
To use Apple iOS mobile device management for Cortado, you must install an SSL certificate provided by Apple on your Cortado server.
This certificate enables you to communicate securely with the Apple Push Notifica-tion Service.
Before you can request an SSL certificate from Apple, you first have to run a Cer-tificate Signing Request (CSR) on the Cortado server (see below).
If your Cortado server wants to establish a connection to an iOS device, it sends a notification to the device via the Apple Push Notification Service. This notification prompts a log on to the server. So no information is transmitted. The Apple Push Noti-fication Service only wakes the device from hibernation, so that it can be logged on to the Cortado server. All configuration information, settings and requests go via an (encrypted) SSL connection directly from the Cortado server to the iOS devices (Illus. 1). In order that your users' iOS devices can communicate with the Cortado server, the devices must be registered there.
Note! Please note that your network must also be prepared for Apple iOS Mobile Device Management. Particularly Apple uses the following TCP ports:
80, 2195, 2196 and 5223. See table with Cortado ports on Page 126. More
information about Apple can be found here:
http://images.apple.com/ipad/business/docs/iOS_MDM.pdf
©
Cor
1. For CSR, select: CERTIFICATES¡ APPLE PUSH CERTIFICATE (Illus. 6 and 7) in the
Cortado Management Console.
Illus. 6
Illus. 7
2. Click on GENERATE CERTIFICATE REQUEST (arrow in Illus. 7).
Illus. 6 Control Panel: Select CERTIFICATES
or
ta
do A
G
2013
3. Fill out the form (any text), and confirm with OK (Illus. 8).
Illus. 8
4. Click on DOWNLOAD CERTIFICATE REQUEST to save the certificate request (Illus. 9
and 10).
Illus. 9
Illus. 10
Illus. 8 Fill out the request form
Illus. 9 Saving the certificate request
©
Cor
5. Send this certificate request for signing by e-mail to:
[email protected]. Your certificate request will then be signed by Cortado and sent back to you (Illus. 11).
Illus. 11
6. Then go to the Apple website (https://identity.apple.com/pushcert/) and log in
using your Apple ID. Click on CREATEA CERTIFICATE (Illus. 12), select your
signed certificate request, and upload it (Illus. 13). Shortly after, you can down-load your SSL certificate in .pem format (Illus. 14 and 15).
Illus. 12
Illus. 13
Illus. 11 Signed certificate request received
or ta do A G 2013 Illus. 14 Illus. 15
7. Using UPLOAD APPLE CERTIFICATE you can now upload your certificate onto the
Cortado server (Illus. 16 and 17).
Illus. 16
Illus. 14 Downloading the certificate
Illus. 15 Push certificate downloaded from the Apple website
©
Cor
Illus. 17
8. Save a backup of the certificate in .pfx format with EXPORT APPLE PUSH CERTIF
-ICATE (Illus. 18 and 19).
With this version of the certificate, you can avoid future need for the procedure
described above. Using IMPORT APPLE PUSH CERTIFICATE you can install it again
anytime onto the Cortado server.
Illus. 18
Illus. 19
Illus. 17 Select certificate
Illus. 18 Installed push certificate – save backup copy
or
ta
do A
G
2013
SCEP server installation
The following steps can serve for a Proof of Concept (because the installation of a Standalone CA is desribed here). For productive environments we recommend the use of descriptions from Microsoft instead (because the installation of an Enterprise CA is desribed there).
1. If possible, select a new server2 to install as SCEP server (recommended:
Win-dows Server 2008 R2 Enterprise). This server must be accessible for iOS devices and be located in the same domain as the Cortado server.
2. Set up a local user account2 (here: NDESadmin), and include it in the
Certifi-cate Service DCOM Access, Cryptographic Operators and IIS_IUSRS groups (Illus. 20).
Illus. 20
2 If you are using two certificate servers (which is recommended in productive environments), use a domain account (domain user) instead of a local user account. Log on as a domain administra-tor once onto the SCEP server. Then open the Certificate Templates snap-in in the MMC as
©
Cor
3. Open the Server Manager, and add the role ACTIVE DIRECTORY CERTIFICATE SER
-VICES (Illus. 21). Illus. 21
4. Select CERTIFICATION AUTHORITY as role service (Illus. 22).
Illus. 22
Illus. 21 Add ACTIVE DIRECTORY CERTIFICATES SERVICES role
or
ta
do A
G
2013
5. Select the setup type STANDALONE (Illus. 23).
Illus. 23
6. Select CREATEANEWPRIVATEKEY in the SET UP PRIVATE KEY menu (Illus. 24).
Illus. 24
Illus. 23 Select setup type STANDALONE
©
Cor
7. Select MICROSOFT STRONG CRYPTOGRAPHIC PROVIDER in the CONFIGURE CRYPTO
-GRAPHYFOR CA menu (Illus. 25). Illus. 25
8. Accept the suggested default values in all the remaining windows and start the
installation by clicking on INSTALL (Illus. 26).
Illus. 26
Illus. 25 Select MICROSOFT STRONG CRYPTOGRAPHIC PROVIDER
or
ta
do A
G
2013
9. Then select NETWORK DEVICE ENROLLMENT SERVICE as an additional service of
the same role (Illus. 27).
Illus. 27
10. Assign the user account (here: NDESadmin) that you created above (Illus 20 and 28).
Illus. 28
Illus. 27 Add NETWORK DEVICE ENROLLMENT SERVICE
©
Cor
11. As before, accept the suggested default values in all the remaining windows,
and start the installation by clicking on INSTALL (Illus. 29).
Illus. 29
12. Note that the following registry key must be set to 1 (default):
hkey_local_machine\software\microsoft\cryptography\mscep\enforcepass-word\EnforcePassword (Illus. 30)
Confirm with OK.
Illus. 30
Illus. 29 Start installation of the role service NDES
or
ta
do A
G
2013
13. In the Microsoft Management Console (MMC), open the snap-in CERTIFICATION
AUTHORITY. In the properties of the CA (certificate authority), select: POLICY MOD -ULE¡ PROPERTIES¡ FOLLOWTHESETTINGSINTHECERTIFICATETEMPLATE, IFAPPLI -CABLE. OTHERWISE, AUTOMATICALLYISSUETHECERTIFICATE (Illus. 31).
Confirm with OK.
Illus. 31
©
Cor
14. Then, in the properties of the CA (snap-in CERTIFICATION AUTHORITY) select the
tab SECURITY and add the account with which you installed the Cortado
Corpo-rate Server software – i.e. the recommended CortadoService – and give it the
permission MANAGE CA (Illus. 32).
Illus. 32
[Alternatively for Enterprise CAs, set the following as the domain admin:
In the MMC, switch to the snap-in CERTIFICATE TEMPLATES, and add the account
(Illus. 20) created above to the template IPSEC (OFFLINEREQUEST), and give it
the permission ENROLL.(Illus. 33).]
or ta do A G 2013 Illus. 33
15. Restart first the certificate authority and then the IIS. 16. In the browser (IE) go to the following address:
http://<adresse_SCEP-server>/certsrv/mscep_admin
(e.g.: http://192.168.149.51/certsrv/mscep_admin)
Authenticate yourself with the login details for the CortadoService account. The thumbprint of the root certificate and a challenge password are displayed here (Illus. 34).
Illus. 34
Illus. 33 [for Enterprise CAs: Add user account NDESadmin to the certificate template IPSEC (OFFLINEREQUEST)]
©
Cor
The challenge password is generated by the server and is only valid for a limited time. The Cortado server accesses the above URL and enters the password into the MDM profile, as it delivers it to the iOS device. The user can't install the
same profile more than once. As soon as the step ENROLLING CERTIFICATE is
com-pleted on the iOS device, the password expires. The number of challenge pass-words that can be valid simultaneously, and the duration of their validity, is lim-ited by the server. To change these values, you can enter the following registry keys:
HKLM:Software\Microsoft\Cryptography\MSCEP\PasswordValidity\Password-Validity (DWORD: validity of the password in minutes)
HKLM:Software\Microsoft\Cryptography\MSCEP\PasswordMax\PasswordMax (DWORD: number of simultaneously valid passwords)
17. In the Cortado Management Console, select: CONTROL PANEL¡ GLOBAL
SETTINGS¡ CONFIGURE¡ CORTADO PUSH SERVER (Illus. 35).
• SCEP SERVER URL: Enter here the URL for MSCEP.DLL in the newly installed
SCEP server: http://address_SCEP_server/certsrv/mscep/mscep.dll
Example for Microsoft SCEP server:
http://192.168.149.51/certsrv/mscep/mscep.dll
• SCEP SERVERCHALLENGE URL: Enter here the URL, from which the challenge
password will be read:
http://<addresse_SCEP_Server>/certsrv/mscep_admin
(Example: http://192.168.149.51/certsrv/mscep_admin)
• SCEP SERVERCHALLENGEPATTERN: This is a search pattern for retrieving the
challenge passwords. Keep the default values. Confirm with OK.
or ta do A G 2013
User access
Via the Cortado app and the HTML5 client you can enable your users to access net-work drives and use various file options (printing, faxing, edit, export etc.). Learn how to assign all those options to the users after the following short survey of the user access.
Via Apple iOS, Android and BlackBerry
The Cortado app is available for Apple-iOS-, Android-OS- and BlackBerry-OS devices (Illus. 36). After installation and configuration of the App in the User Self Service Por-tal(seePage 96) all enabled options are available for the users (seePage 39).
Illus. 36
User guides for the Cortado apps on mobile devices can be found on our website
www.cortado.com under SUPPORT¡ GUIDES & MANUALS¡ CORTADO CORPORATE
SERVER¡ USERGUIDES.
HTML5 Client
With the HTML5 client, users are able to access shared corporate network drives, to
edit files and folders, from any HTML5 supporting browser3. The HTML5 client is
accessible via following link: https://cortado_server_address/cortadoexplorer (exam-Note! Please check, if the root certificate of the NDES server is located in the Trusted Root Store of the Cortado server.
Illus. 36 Cortado app: start page on different mobile devices: (from left to right: Apple iPhone, Android, BlackBerry)
©
Cor
ple: https://cortadoserver/cortadoexplorer). This link is part of the
welcome e-mail (Page 92).
Users may utilize all options you assigned for them via the HTML5 client (Page 39).
A user guide for the HTML5 client can be found on our website www.cortado.com
under SUPPORT¡ GUIDES & MANUALS¡ CORTADO CORPORATE SERVER¡ USERGUIDES.
Illus. 37
Note! If your Cortado server uses a self-signed certificate (created from Cor-tado during installation) or an existing, but self-created certificate, The users will see a warning message in the browser when following this link for the first
time. They can ignore this message by cIicking on CONTINUETOTHISWEBSITE.
Alternatively use a certificate from a Certification Authority.
or ta do A G 2013
User Management
User Import
– To enable users for Cortado, open CONTROL PANEL¡ USERS the following
win-dow will open (Illus. 38):
Illus. 38
– To import the users, click on the plus sign (arrow in Illus. 38), the IMPORT WIZ
-ARD will start (Illus. 39).
Defining import source
Here you will chose the source from which the users should be imported4:
Illus. 39
■ ACTIVE DIRECTORY
We recommend this type of data import for environments in which Apple or Android devices are in use or in environments in which BlackBerry devices
com-municate via BIS (when no BES server is available). For more, see Import from
Active Directory, Page 30).
Illus. 38 Starting the import wizard
©
Cor
■ COMMASEPARATEDVALUE (CSV) FILE
The users to be imported can be read from a .csv file you have created. This type of data import can be used as an alternative to Active Directory import.
Under Import from .csv file (Page 31) you will learn which additional settings
to make for the data import. Information on creating a .csv file can be found in
the appendix (Creating a .csv file for importing users, Page 111).
■ BLACKBERRY CONFIGURATION DATABASE
You can select this option in either a pure BES environment or one for your BlackBerry users. Here the BlackBerry users are selected from the BES
data-base. Read more on this in the BlackBerry configuration manual, Page 133.
In the Licensing documentation, you will find details about license activation and
update subscription (Page 133).
Import from Active Directory
– If you have selected ACTIVE DIRECTORY as the import source (Illus. 39), another
window opens, in which you can select a domain where the desired users will be found. Click to mark the desired domain (Illus. 40).
– If you enable the checkbox in front of the domain name (left arrow in Illus. 40)
and then click on NEXT all existing users will be displayed in the next window.
– Alternatively, if you click on the small arrow on the right (right arrow in Illus. 40) you will go to any existing subfolders.
Illus. 40
Note! Importing user data uses one Cortado Corporate Server user license per user. Installing the Cortado Corporate Server automatically installs five demo licenses. The licenses are for user and devices, so every access to the Cortado server by either a device or the HTML5 client, uses up one license.
or
ta
do A
G
2013
– Now the users selected to be imported are displayed (Illus. 41).
Illus. 41
– Proceed as described in Selection of users and Import on Page 32.
Import from .csv file
If you have selected COMMASEPARATEDVALUE (CSV) FILE as the import source, the
window in Illus. 42 opens.
Illus. 42
– For how to create a .csv file, refer to the appendix on Page 111.
Illus. 41 Users that can be imported from the AD
©
Cor
– Via SELECTFILE (left arrow in Illus. 42) you specify the path and file name of the
previously created .csv file (Illus. 43).
Illus. 43
– Then click OPEN (arrow in Illus. 43).
– Afterwards click LOADFILE (right arrow in Illus. 42).
– Now the users selected to be imported are displayed (Illus. 44).
Illus. 44
Selection of users and Import
– In Illus. 41 and Illus. 44 the selected users from the AD, or else the .csv file are displayed.
– Decide whether all or only certain users are to be imported. To do so, place a checkmark by the corresponding users, or select all users (left arrow in
Illus. 43 Select .csv file
or ta do A G 2013 Illus. 45
– Then click IMPORT (right arrow in Illus. 45).
Illus. 46
If a user has been successfully imported, a green dot appears in the status column. (upper arrow in Illus. 46). In addition, the information bar at the bottom of the
win-dow (lower arrow inIllus. 46) displays the number of imported users.
If the user could not be imported because, for example, no licenses are available, a red dot is displayed. If you roll over it with the mouse, the corresponding error mes-sage will be displayed. (Illus. 47).
Illus. 45 Selecting users
©
Cor
Illus. 47
When you close the Import Wizard, the successfully imported users will be listed in
user management (USERS)(Illus. 48).They are now enabled for use by Cortado
Cor-porate.
Illus. 48
When there are a large number of users, it is recommended to use PowerShell for the
import (see Page 130).
■ How to assign users with various drives is explained underConfigure network
drives (Page 35).
■ In chapter User settings you will find information on special changes in the user
management (Page 39).
■ How to make additional printers available to the users is explained under
Mobile printing (Page 43).
■ How you can manage your users' devices, read under Managing devices
(Page 56).
■ Read how to manage your users' certificates under Managing certificates
(Page 76).
■ How you use Cortado Corporate together with Personal Printing Essentials, read
under Personal Printing (Page 98).
Illus. 47 Users not imported (red dot)
or ta do A G 2013
User Configuration
Overview
– Now under CONTROL PANEL¡ USERS, you can further configure and manage
set-tings of the successfully imported users.
Illus. 49
The following options are available if you have marked at least one user (Illus. 49): ■ REMOVE: Here you can remove selected user from Cortado user management.
In doing so, the user will not be deleted from AD.The license previously used
by this user is then immediately free and can be made available for another user.
■ GET SETTINGS: With this action, you can assign to a user, another user’s settings
(network drives, printers, settings, max device count, apps, intranet apps and policies).
■ SEND E-MAIL: With this action, users will be sent a welcome e-mail. It contains
important informations for the users. There is more on this in the chapter
Send-ing Welcome e-mail (Page 90).
■ SET MAX DEVICE COUNT: By default, one device per user is designated. You can
increase that number here. If a user logs in with another device, he will be denied access to the Cortado app.
Configure network drives
The users can directly access shared folders on the company network using their
Cor-tado app. The user’s access rights are completely carried over from the AD.
So that the user can see a shared drive in their Cortado app, create an AD group for
Cortado users (type: global, example: CORTADO USERS) an. Share the drive for this
group (see PROPERTIES¡ SHARING) and grant FULL CONTROL (see Illus. 50, left). Add
the same group also to PROPERTIES¡ SECURITY. Grant at least reading rights (see
Illus. 50, right).
Illus. 49 User management with various actions (example: user1)
Note! We recommend that the number of devices per user (MAX DEVICE
COUNT) should always be set a bit higher than the number of devices available.
This is because devices are occasionally listed twice, for instance if a user started the configuration twice. You can consolidate the duplicate devices later (seePage 61).
©
Cor
Illus. 50
The shared network drives will be shown to the users on their mobile devices (or in
HTML5 client) under HOME DRIVE (Illus. 55).
– To give users access to network drives, mark one or more users in User
Man-agement (USERS) (arrow in Illus. 49).
– Then select under NETWORK DRIVES¡ ADD in the context menu (arrow in
Illus. 51).
Illus. 51
Assign drives – Enter the drive name under LABEL (freely selectable, see Illus. 52, right) and
under PATH specify the path to the desired share. Alternatively you can enter a
drive letter. Note the following notation style: S_ (see arrow in Illus. 52, right).
Illus. 50 Minimum share rights of a drive for user access
Caution! With drive-access users can access your company data with their mobile devices. Please calculate a potential security risk.
or ta do A G 2013 Illus. 52
– Repeat the procedure for all desired network drives.
– If the users have a Home Folder (Home Directory) in the AD, it can also be made available. For this purpose, enter one of the following variables under PATH: %HOMEDIR% (for home folder in Active Directory), %USERUPN% (for
UPN) or %USERNAME% (for Sam-Account-Name) (Illus. 53).
Illus. 53
– These network drives are now displayed with network path and the
correspond-ing drive label under USERS¡ NETWORK DRIVES (Illus. 54).
Illus. 54
Illus. 52 Add network drive (example - left: drive name, right: drive letter)
Illus. 53 Add Home Folder (Example)
©
Cor
– The users now have the configured drives available in the Cortado app on their mobile devices (Illus. 55).
Illus. 55
Editing shared drives
– EDIT: If you want to make changes to a shared drive, highlight it and click EDIT
(Illus. 56).
– REMOVE: If you want to delete a shared drive, highlight it and click REMOVE
(Illus. 56).
Illus. 56
User Storage Directories created in this way can now be found again in the root directory of the Cortado Corporate Server (here: C:\User Storage, see Illus. 57).
Illus. 57
Illus. 55 Network drives under HOME DRIVE
on iPhone (example)
Illus. 56 Created network shares displayed
or
ta
do A
G
2013
In the Cortado Corporate Server’s USER STORAGE, one folder per user is created with
the shared AD network drives.
Furthermore, a personal folder (MY DOCUMENTS) is provided for each user on his
mobile device (see Illus. 55). The files which were stored there will also be stored in
the respective user folders in USER STORAGE on the Cortado server (Illus. 57 and
Illus. 87).
User settings
– To configure the users' access rights of the users, highlight one or more users in
the user management (CONTROL PANEL¡ USERS, left arrow in Illus. 58).
– Then select SETTINGS¡ EDIT in the context menu (right arrow inIllus. 58).
Illus. 58
Note! If you later change the path to the user storage (for example, while run-ning the Configuration Assistant again), the network drives defined here will be lost.
©
Cor
– Now you can make changes to the default rights settings for the selected users.
– By default all the settings are checked, except for REPORT GPS DATA, FORCE
OFFLINEPASSWORD and FORCEDOWNLOADAS PDF (Illus. 59). Illus. 59
General Account enabled. By removing this checkmark, you deny the users access to the company drives via the Cortado app. (see Illus. 60).
Illus. 60
Microsoft Exchange. By removing this checkmark, you deny the users the use of Microsoft Exchange, provided that in the configuration of the Exchange account on the mobile device, the name of the Cortado server, rather than the Exchange server
Illus. 59 Default user settings
Illus. 60 Access denied to HOME DRIVE(S)
or
ta
do A
G
2013
Report GPS data. With a checkmark placed here, the GPS data can be used to help
locate a mobile device (see the selection Locate a device (Locate) on Page 59).
Password You can choose here from two options:
Force offline password5. –If this option is enabled, the user may not save the pass-word for the Cortado app (see Illus. 61, left). Additionally, he must, even in offline mode, enter the password to gain access to the Local and the Secure
drive6 of the cortado app.
Allow local password storage . –If this option is enabled, the user may save the pass-word for the Cortado app. (see Illus. 61, right).
Illus. 61
Allowed features Display network drives. By removing this checkmark, you deny the users access to
the company's shared network drives (see the chapter Network drives onPage 36).
Furthermore, you can withdraw other rights from users to use and edit files located there:
5 When reconfiguring the Cortado app on an iOS device (such as when passing the device on to another user), local files are only deleted when this option is enabled.
Caution! Storing passwords holds a security risk. If a mobile device gets lost unauthorized persons can access company data.
Illus. 61 Left: Password entry necessary at each opening of the Cortado app; right: Option REMEMBER PASSWORD activated (iPhone)
©
Cor
– Send files by e-mail: Allows the sending of files by e-mail (see Illus. 62, left). – Delete files: Allows deleting of files (see Illus. 62, left).
– Upload files to Cortado server: Allows the uploading of files to the Cortado server. Please note, that if you eliminate this option for users, they can no longer save e-mails or e-mail attachments on the company server. Furthermore, the users can neither print nor fax files stored only on the mobile device. The file will first need to be uploaded onto the server.
– Download files from Cortado server: Allows the downloading of files from the Cortado server.
– Force download as PDF: If this option is enabled, downloaded files will only be displayed in PDF format. Files such as .txt or .zip files, won't be downloaded. – Preview: Allows a preview of a file to be created. (see Illus. 62, left, icon: eye). – Export files: Allows exporting files in ZIP or in PDF format. (see Illus. 62, left). – Auto Up-/Download7: By removing this checkmark, you prevent the users from
receiving automatic folder and file updates (see Illus. 62, right).
Fax. By removing this checkmark, you prevent the users from sending files via fax.
(see Illus. 62, left). (You'll find more information on faxing in the manual Installation
and initial configuration, seePage 133).
Printing. By removing this checkmark, you prevent the users from printing files (see Illus. 62, left, icon: printer).
– Wi-Fi printing: By removing this checkmark, you prevent the users from search-ing for printers via Wi-Fi.
Illus. 62 Note!
For Android users to be able to use the Auto Up/Download feature, password saving must be allowed.
Illus. 62 Left: various file options, right: Auto Download folder (Cortado-App on Android device)
or
ta
do A
G
2013
Secure browser. By removing this checkmark, you prevent the users from making use of SECURE BROWSERS (see Illus. 63, left). This browser is for intranet apps (see
Page 72).
Embedded browser8. By removing this checkmark, you prevent the users from mak-ing use of the internet browser integrated into the Cortado app. (see Illus. 63, right).
Illus. 63
Account directory So long as only one user is selected (Illus. 58, left arrow) you also have the option,
under ACCOUNTDIRECTORY (Illus. 59) to change the path to the user directory (User
Storage) of that user. If more than one user is selected, this path can only be changed
by running the Configuration Assistant again (see the chapter User Storage on
Page 38).
Mobile printing
Without any further setup on the server, smartphone users have access to direct printing, within the company and also when outside. With the Cortado app on the mobile device, printers can be searched for locally, i.e. printers that can be found in
the same network (Wi-Fi). These can then be printed to via Wi-Fi (see Illus. 64).
Fur-thermore a connection to a Bluetooth9 printer can be established via the Cortado
app.
8 This feature is available for iOS users only.
Illus. 63 SECURE BROWSER (left) and integrated default browser (right) in the Cortado app on an iPhone
©
Cor
Illus. 64
Universal drivers are installed on the server with the Cortado installation, allowing problem free printing to most printers. A precondition is that during installation, the
checkmark has not been removed from the checkbox DOWNLOADDEFAULTPRINTER
DRIVERS (see Installation and initial setup manual).
If a special driver or a particular printing function is required, install the necessary original drivers as well on the Cortado server. Without these drivers, the universal driver will always be used, even when mobile users select the original driver from the list. If you install original drivers for certain printers, they will be used instead of the universal drivers.
User guides for the Cortado app on mobile devices can be found on our website
www.cortado.com under SUPPORT¡ GUIDES & MANUALS¡ CORTADO CORPORATE
SERVER¡ USERGUIDES.
Assigning predefined printers
In addition to the option described above, you can relieve the users from printer searching. Specific users can be allocated printers, which will display immediately on the mobile (Illus. 65). The advantages:
■ printer searching on the mobile is no longer required
■ network and AD printers can be predefined
■ it can store printer templates with specific settings and drivers that facilitate
Bluetooth or Wi-Fi printing
Illus. 64 Via Wi-Fi or Bluetooth detected printer (example for Android device)
or ta do A G 2013 Illus. 65
How to print? The Cortado server prints directly onto the network printers. The mobile device only initiates the print job; the rendering is done on the Cortado server or a print server.
Using printers outside the company network (via Wi-Fi or Bluetooth), the print data that was rendered on the Cortado server is forwarded to the printer via the mobile device. This ensures that the print data is always rendered with the preferred
driver and prints in original format. See also the scenarios on pages 50 to 51.
You can search here for the following printers:
■ printers listed in the AD:
Active Directory, Page 47
■ printers shared on a print server:
Single print server, Page 48
■ printers shared on a print server:
Single printer, Page 48
■ (network) printers installed on Cortado server:
Server-attached printer, Page 49
■ Printer templates created on the Cortado server:
Mobile printer, Page 50
Pre-setting printers on the server
1. In CONTROL PANEL¡ USERS, select the tab PRINTERS (Illus. 66, top arrow) and
select the users for whom you want to set printers.
2. SelectPRINTERS¡ ADD on the right (Illus. 66, bottom arrow).
Illus. 66
Illus. 65 Preset printers
(example for Android device)
©
Cor
3. The following dialog opens (Illus. 67).
Illus. 67
Assigning Network printer
If you click NETWORKPRINTER (Illus. 67), you can select following shared printers
(Illus. 68):
Illus. 68
Shared printer Under SHAREDPRINTER you will find the following printer(Illus. 69): Illus. 67 ADD PRINTER dialog
or ta do A G 2013 Illus. 69
Active Directory printer. If you select ACTIVE DIRECTORY in Illus. 69 you will find the
printers listed in the AD. Their print jobs are sent from the print server to the network printer (Illus. 70).
Illus. 70
The AD printers appear when NETWORKPRINTER¡ SHAREDPRINTER¡ ACTIVE DIREC
-TORY is selected (see Illus. 71). Enable the checkbox of your preferred printers and
confirm with ADD and CLOSE.
Illus. 71
Illus. 69 SHAREDPRINTER dialog
Illus. 70 Shared Printer:
Print jobs are rendered on the print server, where the drivers are installed and sent to the network printer (blue arrow)
©
Cor
The AD printers selected here will be assigned to the selected users as their preferred printers (see Illus. 72).
Requirement: The option LIST IN DIRECTORY has already been enabled on the print
server for each printer share.
Illus. 72
Single print server. If you select SINGLEPRINTSERVER (Illus. 69 on Page 47) you can
allocate the shared printers of a print server to users, even if the printers aren't listed in the AD. The print server prints also to the network printer (see Illus. 70).
After selectingNETWORKPRINTER¡ SHARED PRINTER¡ SINGLEPRINTSERVER, you
can enter the name of the print server directly (Illus. 73).
Illus. 73
All the shared printers appear. Select the preferred printer shares and confirm with
NEXT, ADD and CLOSE (Illus. 74).
Illus. 74
Illus. 72 AD printers on the mobile device (example for Android)
Illus. 73 Searching for shared printers: enter the print server name
or
ta
do A
G
2013
The shared printers selected here will be assigned to the selected users as their pre-ferred network printers (see Illus. 75):
Illus. 75
Single printer. Under Single printer (Illus. 69 on Page 47) you can allocate the shared printers of a print server to users, even if the printers aren't listed in the AD. Here, printing will also go from the print server to the network printer (see Illus. 70).
Unlike with the option SINGLEPRINTSERVER, here you can enter a direct path to the
printer share.
If you select NETWORKPRINTER¡ SHARED PRINTER¡ SINGLEPRINTER, you can enter
the path to the printer share (Illus. 76).
Illus. 76
Confirm your entry with ADD. Close the confirmation message with CLOSE. This
assigns the printer share to the selected users as preferred network printer (see
Illus. 75 on Page 49).
Server-attached printer (TCP/IP, USB)
These printers appear when NETWORKPRINTER (Illus. 67) ¡ SERVER-ATTACHED
PRINTER is selected. Furthermore, you can assign users with printers that were
cre-ated on the Cortado server and which print via Windows provided printing ports, such
as Standard TCP/IP port – including the Personal Printer (see the chapter Personal
Printing, Page 98). Here, Cortado server prints directly to the printer (Illus. 77). Note! All printer drivers of network printers that should be used by users on their end devices must be installed on the Cortado Corporate Server. It is enough to manually connect as an administrator from the Cortado server with the relevant network printer (\\servername\sharename). This installs the driver automatically or you will be prompted to select the appropriate driver.
Illus. 75 Shared printer on mobile device (example for Android)
©
Cor
Illus. 77
– All printers created locally on the Cortado server that are not connected to a CORTADO PRINT PORT are now displayed (Illus. 78). Select the relevant printer
and click ADD to confirm.
Illus. 78
These printers appear on the mobile device as NETWORKPRINTERS (see Illus. 79).
Illus. 79
Assigning mobile printer (Wi-Fi, Bluetooth)
10M is particularly suitable for printers outside the company, and with
Illus. 77 Server-attached printer:
Printing with printers created on Cortado server, directly to the printer (blue arrow)
Illus. 78 Server-attached printer: Select printers on the Cortado server
Illus. 79 Server-attached printer on mobile device
or
ta
do A
G
2013
on Page 46) are printers that can be accessed by the mobile device via Bluetooth or WiFi, and for which preferences can be set on the server, using printer templates.
You can then print from the Cortado server via the mobile device (Illus. 80, blue arrows).
Illus. 80
For printing via Bluetooth and Wi-Fi universal drivers were installed during the instal-lation routine. If you use printers which need special drivers or on which you wish to make settings (color, duplex...), these still have to be set up on the Cortado server.
– First create the desired printer in the Cortado server’s Printers folder and attach
it to a CORTADO PRINT PORT (example in Illus. 81).
Illus. 81
11 For unknown printers, we recommend instead, the printer search integrated into the app on the Illus. 80 Mobile Printer: Printing from Cortado server
via the mobile device with Wi-Fi or Bluetooth
©
Cor
If you assign specific properties to the newly created printer objects (for example duplex printing) these will then be transferred. The user that selects thus printer object on his/her mobile device will then also be able to print in duplex format.
– Enable the function ENABLEPRINTERPOOLING and confirm with APPLY (arrow in
Illus. 82). So you can attach a printer to more than one CORTADO PRINT PORT
and thus it’s not necessary to create an own printer port for each printer.
Illus. 82
The printer objects set up (in) this way will be displayed in MOBILEPRINTER (WI-FI,
BLUETOOTH) (see Illus. 67 on Page 46) and can be assigned to the users. Illus. 83
ILLUS. 82 ENABLEPRINTERPOOLING
or
ta
do A
G
2013
Users select on the Android or BlackBerry device this printers in PRESET PRINTERS
(Illus. 84 left).
Illus. 84
Removing printers
For each user, the assigned printers will be displayed in the light gray field. To delete a printer (or rather, its assignment to a user), select the user first, and then the printer
or printers (check box). Then click on REMOVE on the right (arrow in Illus. 85).
Illus. 85
Target folders for print jobs
Some printers of ThinPrint Server Engine and Personal Printing store their jobs auto-matically to the Cortado server’s User Storage. So, the users can view or print the respective files with their mobile devices (see also Illus. 86):
• Personal Printer (from Personal Printing, see Page 111)
• Print-to-Cloud (from Personal Printing or ThinPrint Server Engine,
see the ThinPrint Server Engine manual, Page 133)
• Print-to-ePaper (from Personal Printing or ThinPrint Server Engine
Illus. 84 Shared printers on the mobile device (example for Android)
©
Cor
Illus. 86
The jobs of the following printers are sent directly to the user’s subfolders .print and .printVP (cp. Illus. 87):
Further subfolders are:
• .mail (mail attachments and bodies, Page 111)
• .proxy (Intranet apps, Page 72)
• .tpm (configuration files for Cortado Explorer,
see User Self Service Portal manual, Page 133)
Illus. 87
Printer Subfolder in the user’s directory Displayed in the Cortado app
Personal Printer .print —
Print-to-Cloud .print Print Jobs
Print-to-ePaper .printVP ePaper
or
ta
do A
G
2013
You can create printer objects of the type Print-to-Cloud and Print-to-ePaper either
on a print server (see the manual ThinPrint Server Engine, Page 133) or directly on
the Cortado server. On the Cortado server add an Output Gateway printer manually in the printers folder, name it Print-to-Cloud or Print-to-ePaper and connect it to a new Print-to-Cloud port, which is configured for Print-to-Cloud or Print-to-ePaper respectively (see Illus. 88).
Illus. 88
Policies
Under CONTROL PANEL¡ POLICIES you can create policies for individual users, e.g.
allocating devices (see chapter Managing Policies on Page 85).
Under CONTROL PANEL¡ USERS¡ POLICIES you can get an overview of which
pol-icies are assigned to which users (Illus. 89). You also have the option here to assign policies to more users.
Illus. 89
Illus. 88 Print-to-Storage Port with Print-to-Cloud printer on the Cortado server
©
Cor
– For this, you select the desired user (left arrow in Illus. 90) and click on ASSIGN
POLICY (right arrow in Illus. 90). Now all available policies are displayed.
– Select one or more and confirm with OK.
Illus. 90
Managing devices
Device information (Details)
In device management you can manage the devices of Cortado users (Illus. 91).
Select CONTROL PANEL¡ DEVICES. All the devices which have been imported via user
management (see menu USERS, Page 29) will be displayed.
For BlackBerry users, these appear immediately after the user was imported from BES. For Android and Apple devices, interaction on the mobile device is first required: For Android, the e-mail account has to be switched over to Cortado and for Apple the
MDM profile must be downloaded.12 Then the devices appear here automatically, in
the device manager (on the left in Illus. 91).
Illus. 90 Unter CONTROL PANEL¡ POLICIES assigning an established policy to more users
or ta do A G 2013 Illus. 91
Device functions
Device protection (Lock Screen+ Wipe)
If a device has been lost or stolen, you have the options to (Illus. 92):
Illus. 92
Illus. 91 DEVICES¡ DETAILS: Android device information, including user
Note! The options LOCK SCREEN, CLEAR PASSCODE and LOCATE are only
avail-able on iOS devices if you are using Apple Mobile Device Management (see
Page 10).
Illus. 92 Device functions (iOS): REMOVE, LOCK SCREEN, CLEAR PASSCODE, WIPE and
©
Cor
■ LOCK SCREEN (iOS only)
Screen will be locked (see Illus. 93, left), and can only be unlocked again with a Passcode (see Illus. 93, right), provided that the device is protected with a password.
■ WIPE FULL
Delete all data from the device (= restored to factory settings) ■ WIPE PARTIAL (Cortado app only, iOS and Android only)
Deny access to company drives (HOME DRIVE(S), see Illus. 94). Delete data in
LOCAL DRIVE (iOS) and SECURE DRIVE (Android). All other data stored locally on
the device (or on SD cards) will be retained.
Illus. 93
Illus. 94
Note! On Android devices, no data will be deleted from the LOCAL DRIVE. So
make sure that sensitive data is always stored on SECURE DRIVE.
Illus. 93 LOCK SCREEN: Screen is locked (left), to unlock a passcode must be
or
ta
do A
G
2013
Clear Passcode - iOS only
If the user forgets the passcode for his iOS device, you can remove it with a click on CLEAR PASSCODE (Illus. 92). After that the device can be used without a passcode.
Remove a device (Remove)
With REMOVE (top arrow in Illus. 92) the device is deleted from the database. It
makes sense to clean up the Cortado database if devices are located there, that no longer exist, or that have a new user.
If a device is deleted with REMOVE but still has, or establishes, an active connection
with the Cortado server, it will be added to the list again after a few minutes. If you
want to delete data from the device, use WIPE instead (see above).
Illus. 95
Locate a device (Locate)
If a mobile device has been lost or stolen, you can discover its current location via LOCATE (bottom arrow in Illus. 92). This is providing that the option REPORT GPS DATA
has been enabled for the selected device in CONTROL PANEL¡ USERS¡ SETTINGS
(Page 39).
Note! A device must removed here if an iOS user has removed the MDM pro-file from her/his device. In this case, remove the device here and ask the user
for rerunning the First Steps Wizard (Page 96).
Illus. 95 Deactivated Cortado app on the iPhone
©
Cor
Illus. 96
– Select a device on the left. The LOCATE button (Illus. 92) only appears if the
device is turned on as well as GPS and – with Android – Google’s Location
Ser-vice is enabled on the deSer-vice. For iOS deSer-vices it is important to note that at SET
-TINGS¡ PRIVACY¡ LOCATION SERVICE¡ CORTADO, the location service is
enabled (arrow in Illus. 97). Additionally, the Cortado app must be restarted, after enabling the location service on the iOS device.
– The Cortado ball icon is displayed on the map, at the location where the mobile device is currently located (Illus. 96).
Illus. 97
Illus. 96 Device located at Cortado AG by the river Spree
Illus. 97 Activated location service of the Cortado app on an iPhone
or
ta
do A
G
2013
Merging multiple-displayed devices (Merge)
If a device shows two listings, for example if a user has run the configuration twice,
you can checkmark both devices (Illus. 98 left arrow) and merge them with MERGE
(right arrow), so the device is again displayed only once in the list.
Illus. 98
Applications (Apps)
In the APPS tab, you can see the apps that are installed on the selected devices
(Illus. 99). For how to add more apps to devices, read Adding new apps (Page 69).
Illus. 99
Policies
Under CONTROL PANEL¡ POLICIES you can create policies and allocate to individual
users or devices (see chapter Managing Policies on Page 85).
Caution! If your Cortado server requires a client certificate for the https
com-munication to the end devices (Illus. 135) and for this purpose you distributed
a global certificate to all devices (Page 83), after merging devices you must
reimport the client certificate (Illus. 138) and the users must rerun the First
Steps Wizard (Page 96).
Illus. 98 Merge twice-listed devices merged
©
Cor
Under CONTROL PANEL¡ DEVICES¡ POLICIES you can get an overview of which
pol-icies are assigned to which devices (Illus. 100). You also have the option here to assign policies to more devices.
Illus. 100
– For this, you select the desired device (left arrow in Illus. 101) and click on ASSIGNPOLICY (right arrow in Illus. 101). Now all available policies are
dis-played.
– Select one or more and confirm with OK.
Illus. 101
Certificates
The client certificates that were generated with the function CONTROL PANEL¡ CER
-TIFICATES¡ CHANGE CERTIFICATE MODE and were automatically assigned (Page 82) Illus. 100DEVICES¡ POLICIES: policy assigned to an iOS device
Illus. 101Under CONTROL PANEL¡ POLICIES assigning an established policy to another device
or ta do A G 2013 Illus. 102
Wi-Fi Profiles
– Select an iOS device on the left and click on ASSIGN WI-FI PROFILES (right in
Illus. 103). You can assign profiles created under WI-FI PROFILES13 (Page 89)
to individual devices.
To do this, Wi-Fi must be enabled on the device. You can determine this by the green dot in the Wi-Fi indicator (Illus. 91). This indicator displays as follows:
■ green dot: Wi-Fi is performing normally and is enabled on the device
■ gray dot: Wi-Fi is performing normally but is disabled on the device
■ gray checkmark: Wi-Fi is performing normally, but the state of the device is
unknown
Note! If a new certificate is generated, the relevant user must select his device
in the USER SELF SERVICE PORTAL at SETUP¡ DEVICE MANAGEMENT and rerun
the CLIENT CONFIGURATION to upload the new certificate with the automatically
modified configuration file to his device.
©
Cor
Illus. 103
Reports
Overview
With CONTROL PANEL¡ REPORTS you will find clearly displayed data of all mobile
devices in use in your environment. The overview in detail:
■ Device platforms such as BlackBerry, Android and iOS (Illus. 104)
■ Device models such as iPhone and HTC (Illus. 105)
■ Apps installed on the devices – with iOS only apps which were downloaded
from the Apple App Store (Illus. 106)
■ Device’s hardware equipment, e.g., Bluetooth, Wi-Fi or front camera
(Illus. 107)
■ ROAMING Devices with SIM cards which are currently in their registered country
have the status NOTROAMING. Devices with SIM cards which are currently
abroad have the status ROAMING (ILLUS. 108).
■ Device’s memory usage (STORAGE) – broken down by memory types (Illus. 109)
or ta do A G 2013
Examples
■ PLATFORMS Illus. 104 ■ DEVICES Illus. 105Illus. 104Device platforms as a pie-chart
© Cor ■ APPS Illus. 106 ■ HARDWARE PROPERTIES Illus. 107 ■ ROAMING Illus. 108
Illus. 106Installed or downloaded apps
or ta do A G 2013 ■ STORAGE Illus. 109
Managing apps
Here you can provide in-house apps respectively apps that have been written for your users. Furthermore you can provide links to web sites (e.g. to an App store), from which users can download apps.
The users can access the User Self Service Portal(see Page 96) via the mobile
device’s browser. There they can download the provided apps on their devices. Fur-thermore you can define the OS version of the devices that are to get these apps.
In Cortado Management Console, you can allocate individual apps to particular users and devices.
– To do so, first select CONTROL PANEL¡ APPS (Illus. 110).
Illus. 110
Illus. 109Device’s memory or storage usage
©
Cor
Assigning apps stored by default
– You can assign one of the available apps (links in Illus. 111) to your users. These apps are saved in the form of links to the app store.
– Select the desired app (left arrow in Illus. 111), noting the platform (Android or iOS) and the minimum required OS version.
Illus. 111
– Then click on ASSIGN USERS (middle arrow in Illus. 111).
– Select the desired users (right arrow in Illus. 111) and click on ASSIGN.
– Users will now find the assigned apps in the USER SELF SERVICE PORTAL14 under
APPS (Illus. 112).
Illus. 112
Illus. 111Assigning apps to users
Illus. 112Saved apps in the User Self Service Portal, under Apps (example on the iPhone)
or
ta
do A
G
2013
– The user selects the app, and is directed to the app in the app store and can install it on his (Illus. 113).
Illus. 113
Adding new apps
– Click on the plus icon (Illus. 114), to add more apps.
Illus. 114
– In the following dialog (Illus. 115), select whether you want to import the app (IMPORT APP, Page 71) or save it as a link (DEFINE APP, see below).
For all app store apps, select DEFINE APP, to save the app as a link. Select IMPORT
APP only for those apps you have programmed yourselves, or those that have been
developed for your company.
Illus. 113The app can be installed by the user (example: App Store on the iPhone)
©
Cor
Illus. 115
Storing apps as a link (Define App)
– Select DEFINE APP (Illus. 115). The dialog in Illus. 116 opens.
Name and description are arbitrary. The minimum and maximum OS version is optional; it can contain digits and dots, but not letters. If the versions are entered, the app will only be made available to those devices with an operating system that meets these requirements.
Under URL enter a link to the applicable app store. Select the appropriate plat-form. At the bottom, select an icon in .png or .jpg file format with a maximum size of 100 KB.
Illus. 116
or
ta
do A
G
2013
An example of a successfully imported app (Illus. 117):
Illus. 117
For how to allocate this app to the users, read Page 68.
Importing apps
Here you can import those apps that aren't found in any app store. For apps in a store, we recommend saving as a link (see above).
– Click on the plus icon (Illus. 114) and select IMPORT APP (Illus. 115)
– In the following dialog (Illus. 118), specifying the minimum and maximum operating system version of the mobile device is optional. It can contain digits and dots, but not letters. If versions are entered, the app will only be made available to those devices with an operating system version that meets these requirements.
Illus. 118
The following apps can be made available here (Illus. 118): ■ for Apple devices
Here you can store apps which you have developed yourselves, or that have been developed for your company, for iOS devices.
■ for BlackBerry devices
Create a .zip file from BlackBerry .cod and .alx files. ■ for Android devices
Here you can store apps which you have developed yourselves, or that have been developed for your company, for Android devices.
Illus. 117 Successfully imported app, (as a link)
Illus. 118 Selecting the app to be imported and
©
Cor
In each case, the app needs to be zipped. For Apple and Android apps you need a
special .cclx file. For how to create these files, read Page 112.
– Select the app with the SELECT FILE (arrow in Illus. 118) button and click on
IMPORT.
– You can see successfully imported apps in the Management Console (Illus. 119).
Illus. 119
– For how to allocate this app to the users, read Page 68.
– Then the users find the apps located in the USER SELF SERVICE PORTAL15 under
APPS and can download them there (Illus. 120).
Illus. 120
Managing intranet apps
Intranet apps are website bookmarks that you can distribute to mobile devices. So you can make important in-house sites (e.g. time management, Intranet) available for mobile devices. These apps are listed in the Cortado Secure Browser inside the Cortado app.
To access intranet apps from outside the company, IIS settings on the Cortado
Illus. 119Imported app (example Cortado Explorer for BlackBerry)
Illus. 120An app as software for downloading in the User Self Service Portal (on a Black-Berry)
or
ta
do A
G
2013
– Select CONTROL PANEL¡ INTRANET APPS (Illus. 121).
Illus. 121
Define a link
– Click on the plus sign (arrow in Illus. 122), to add intranet apps.
Illus. 122
The following dialog opens:
Illus. 123
Illus. 121 Open Intranet Apps
Illus. 122Add Intranet Apps
©
Cor
– Enter any name and description and the redirected URL you defined in IIS (Page 114). If you want the intranet app to be available only when the mobile device is connected to the company's Wi-Fi, enter instead the usual URL of the website (see Illus. 124, example: Onexma).
– MANDATORY: Select this option (upper arrow in Illus. 123), if you want the
intranet app mandatorily distributed to mobile devices. The intranet app then turns up as a bookmark in Secure Browser of the Cortado app, as soon as you have assigned it to the desired users (Illus. 126).
– OPTIONAL: If you select this option (lower arrow in Illus. 123) the intranet app
also turns up as a bookmark in Secure Browser in the Cortado app, once you have assigned it to the desired users (Illus. 126). However, here the users have
the option of disabling the intranet app in the USER SELF SERVICE PORTAL16 (see
Illus. 127).
– The icon of the website (favorite icon or favicon) will normally be inserted auto-matically, so long as there is an internet connection. If that's not the case, you can select an icon, using the .jpeg, .jpg or .png format, which may not exceed the size of 80 x 80 pixels and max 100 KB.
Assigning links
– Select the intranet app(s) that you want to assign to the users and then click on ASSIGN USERS (Illus. 124).
Illus. 124
or
ta
do A
G
2013
– Now select the desired users and then click on ASSIGN (Illus. 125).
Illus. 125
The users will now find the intranet apps in the Secure Browser of the Cortado app (Illus. 126):
Illus. 126
If the intranet app was assigned as OPTIONAL (lower arrow in Illus. 123), the users
have the option of disabling it in the USER SELF SERVICE PORTAL17 (Illus. 127).
Illus. 125Assigning intranet apps to individual users
Illus. 126Intranet Apps im Secure Browser der Cortado-App auf dem iPhone
