MDM- Android Device Authentication

Enrolling devices is the first step in managing mobile devices. In order to enroll devices, every user should be configured with user authentication level. There are three types of authentication, which are described as follows:

One Time Passcode

An one time password will be generated and sent to the user, along with the enrollment invitation. User should use the OTP to enroll their mobile device. The email invitation is valid only for 7 days and can be used only once. If the Administrator sends an enrollment request with an OTP, that can be used only once. OTP cannot be used for enrolling more than one device.

Active Directory Authentication

Active Directory password is used to authenticate the user while enrolling the device. Active Directory user name and password are used only for enrollment purpose, which means any changes made to the Active Directory password does not have impact  on managing the mobile devices. Administrators should use this type of authentication, if they wanted to enable self enrollment.  Users will use the domain credentials while using self enrollment process.

Two Factor Authentication

This is considered to be the most secure mode of enrolling the mobile devices. Administrators can use this mode to ensure that users use their domain credentials and the OTP which has been sent along with the enrollment invitation. This mode cannot be used for Self Enrollment, even if authentication type is enabled as "Two Factor Authentication", users will have to use their Active Directory credentials while enrolling Windows devices. Two factor authentication is not supported for devices running Windows operating system.

The above mentioned authentication types are used only while enrolling the devices. Any changes made the authentication type will have an impact on the devices  which will be enrolled henceforth and it does not affect on the enrolled devices. Follow the steps mentioned below to configure the authentication that should be performed while enrolling the device;

  1. Click  MDM Tab

  2. Under Settings click Authentication

  3. Click Settings and configure the Authentication  

  4. Choose the type of Authentication

  5. Click Save

You have successfully configured the authentication level for the device.

Configuring Android Agent settings:

If you wanted to manage android devices, you need to configure the android agent settings. Android agent which will be installed in all the managed mobile devices. By configuring Android agent settings you can force the user to accept the Profile within a specified time.

Every time you distribute a profile with few policies and restrictions to some devices,  Android agent will notify the end user to accept the Policy. Based on the specified  time limit,  end user will be asked to accept the policy.  If  the policy is not installed within the specified time, then the policy will be moved to violated status. Follow the steps mentioned below to know more about configuring the android agent settings;

  1. Click  MDM Tab

  2. Under Settings click Android Agent Settings

  3. Specify the time limit allowed for the end user to accept the policy, so that end users will be forced to install the policy within the specified time.

  4. Specify the deactivation message that need to be displayed if the end user disables the Device Administrator Settings

  5. Specify whether you wanted to allow the end users to remove MDM Agent (this is applicable only for SAFE devices)

  6. Click Save Changes

You have successfully configured the android agent settings.

 

Copyright © 2005-2014, ZOHO Corp. All Rights Reserved.
ManageEngine