Using ADSelfService Plus mobile apps end users can manage their passwords on the go. The Mobile App Deployment feature in ADSelfService Plus will help you to easily deploy the ADSelfService Plus iOS app to users' mobile devices. It also pushes ADSelfService Plus server settings to mobile apps automatically.
Prerequisites
- Make sure you’ve enabled SSL (HTTPS) and applied a valid SSL certificate in ADSelfService Plus. See, Guide to install SSL certificate to learn how to enable SSL in ADSelfService Plus.
- The SSL certificate applied in ADSelfService Plus must be signed by a certificate authority, and it must be in CER or CRT format only. If you have a PFX, PEM, P12, and other format certificates, please convert them to CER or CRT, and then proceed.
- Self-signed certificates cannot be used to configure MPM.
- Make sure you’ve configured Mail Server Settings in ADSelfService Plus.
- Make sure you've configured Access URL in ADSelfService Plus. The access URL must have the SSL Certificate Hostname. For example, if the hostname in the certificate os abctech, then the access URL is abctech:portnumber. The value you have provided as Access URL will be used while pushing Server Settings to the mobile app.
Configuration
You need to first configure Mobile Push Management (MPM) and ask users to install the MPM profile on their mobile devices. Only then the ADSelfService Plus mobile app can be remotely deployed to users' mobile devices. Follow the steps below:
- Login to ADSelfService Plus.
NOTE: Make sure that you use SSL Certificate Hostname to access ADSelf Service Plus portal. For example, if the hostname in the certificate is abctech, then the access URL is abctech:portnumber.
- Go to Configuration --> Administrative Tools --> Mobile App Deployment.
- Click Configuration.
- Step 1: ADSelfService Plus automatically uploads the SSL root certificate and hence proceed with Step 2. For PFX file type, convert it to CER and click Upload Certificate to manually upload the certificate.
- Step 2: Now get the CSR signed from ManageEngine by sending the CSR file to us via email. Just enter your email address in the From field and click Send Now.
- ManageEngine will send you a PLIST_ENCODED file within 48 hours.
- Upload the plist_encoded file received, in APNS Certificate Creation portal. A new push certificate will be generated in PEM file format. Click Download and save the file.
- Step 3: Back in ADSelfService Plus, upload the PEM file.
- You have now successfully completed the MPM configuration.
Note: If you ever change the SSL certificate used in ADSelfService Plus, you need to redo the steps above for the mobile app deployment feature to continue working.
Installation
Here you can select end-users (From a domain, OU or a Group) for installing the MPM profile and the ADSelfService Plus mobile app.
- Open ADSelfService Plus and go to Configuration --> Administrative Tools --> Mobile App Deployment.
- Click Install App.
- Select a domain.
- Under the All Users tab, select the users and click Send Notification to send the enrollment link to their mobile device.
- End users have to authenticate themselves by clicking on the link provided in the notification.
- When the user installs their MPM profile, his device will be enrolled.
- Under the Configured Devices tab, devices configured with the MPM profile will be listed.
- Select the devices and click Install to deploy the ADSelfService Plus app.
Set Up Schedulers
Once you have configured MPM, you don't have to manually send notifications to install the MPM profile or install the app in end users' devices. You can automate the whole process by setting up schedulers to periodically check for new users and devices and automatically install the app. Follow the steps below to configure the schedulers:
- Open ADSelfService Plus and go to Configuration --> Administrative Tools --> Mobile App Deployment.
- Click Set Up Schedulers.
- You will be presented with two schedulers. One for MPM profile registration and another one for app installation.
- You can Enable/Disable the scheduler.
- Click Edit, if you want to make any changes.
- Select the domain (or OU).
- Select the interval at which the scheduler should be run.
- Click Save.