Configure Mobile App Deployment
Using the Android and iOS ADSelfService Plus mobile app end users can reset forgotten passwords or change expiring their passwords on the go. The Mobile App Deployment feature in ADSelfService Plus will help you to easily deploy the ADSelfService Plus iOS app to users' mobile devices. It also pushes ADSelfService Plus server settings to mobile apps automatically.
Prerequisites
- Make sure you’ve enabled SSL (HTTPS) and applied a valid SSL certificate in ADSelfService Plus. See, Guide to install SSL certificate to learn how to enable SSL in ADSelfService Plus.
- The SSL certificate applied in ADSelfService Plus must be signed by a certificate authority, and it must be in CER or CRT format only. If you have a PFX, PEM, P12, and other format certificates, pleas convert them to CER or CRT, and then proceed.
- Self-signed certificates cannot be used to configure MPM.
- Make sure you’ve configured Mail Server Settings in ADSelfService Plus.
- Make sure you've configured Access URL in ADSelfService Plus. The value you have provided as Access URL will be used while pushing Server Settings to the mobile app.
Configuration
There are two types of Mobile App Deployment configuration: Trial mode configuration and APNs configuration.
Trial mode configuration:
The Mobile App Deployment trial mode can be used to test out the feature in up to 10 mobile devices.
Prerequisite: Allow outbound connections to creator.zoho.com by creating an appropriate firewall rule to allow outbound connections to creator.zoho.com.
Configuration steps:
- Open ADSelfService Plus and go to Configuration > Administrative Tools > Mobile App Deployment.
- To register for the trial mode, select Click here to register in the note at the top of the Mobile App Deployment section.
- In the Mobile App Deployment - Trial Registration pop-up that appears, enter the ADSelfService Plus Server details, which include the protocol, hostname/IP, port number, your name, and the email domain name of your organization.
- After filling in these details, click Register.
Providing the server details ensures that the Server Settings required in the ADSelfService Plus mobile app are automatically updated in the users' mobile devices.
APNs configuration
For more than 10 mobile devices, APNs configuration must be performed using the steps mentioned below.
Before starting, ensure that mobile push management (MPM) is configured, and an MPM profile is installed on users' mobile devices. Only then can the ADSelfService Plus mobile app be remotely deployed to users' mobile devices. Follow the steps below:
- Log in to ADSelfService Plus.
NOTE: Make sure that you use the SSL Certificate Hostname to access the ADSelfService Plus portal. For example, if the hostname in the certificate is abctech, then the access URL is abctech:portnumber.
- Go to Configuration → Administrative Tools → Mobile App Deployment.
- Click APNs Configuration.
- Step 1: ADSelfService Plus automatically uploads the SSL root certificate, so proceed with Step 2. For PFX file type, convert it to CER and click Upload Certificate to manually upload the certificate.
- Step 2: Now get the CSR signed from ManageEngine by sending the CSR file to us via email. Just enter your email address in the From field and click Send Now.
- ManageEngine will send you a PLIST_ENCODED file within 48 hours.
- Upload the plist_encoded file received, in APNS Certificate Creation portal. A new push certificate will be generated in PEM file format. Click Download and save the file.
- Step 3: Back in ADSelfService Plus, upload the PEM file.
- You have now successfully completed the MPM configuration.
Note: If you ever change the SSL certificate used in ADSelfService Plus, you need to redo the steps above for the mobile app deployment feature to continue working.
Installation
Here you can select end-users (From a domain, OU or a Group) for installing the MPM profile and the ADSelfService Plus mobile app.
- Open ADSelfService Plus and go to Configuration → Administrative Tools → Mobile App Deployment.
- Click Install App.
- Select a domain.
- Under the All Users tab, select the users and click Send Notification to send the enrollment link to their mobile device.
- End users have to authenticate themselves by clicking on the link provided in the notification.
- When the user installs their MPM profile, his device will be enrolled.
- Under the Configured Devices tab, devices configured with the MPM profile will be listed.
- Select the devices and click Install to deploy the ADSelfService Plus app.
Set Up Schedulers
Once you have configured MPM, you don't have to manually send notifications to install the MPM profile or install the app in end users' devices. You can automate the whole process by setting up schedulers to periodically check for new users and devices and automatically install the app. Follow the steps below to configure the schedulers:
- Open ADSelfService Plus and go to Configuration → Administrative Tools → Mobile App Deployment.
- Click Set Up Schedulers.
- You will be presented with two schedulers. One for MPM profile registration and another one for app installation.
- You can Enable/Disable the scheduler.
- Click Edit, if you want to make any changes.
- Select the domain (or OU).
- Select the interval at which the scheduler should be run.
- Click Save.
To know more about ADSelfService Plus, click here.
Highlights
Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console.
Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus!
Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.
Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more.
Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.
Portal that lets Active Directory users update their latest information and a quick search facility to scout for information about peers by using search keys, like contact number, of the personality being searched.