WSO2 EMM Agent configurations to enroll and manage devices
Table of Contents |
---|
...
Create an email account to send out emails to users that register with EMM (e.g., no-reply@gmail.com).-reply@gmail.com).
Note If you are using a Google mail account, you need to note that Google has restricted third party apps or less secure apps from sending emails. Therefore, you need to configure your account to enable this setting as WSO2 EMM acts as a third party application when sending emails to confirm user registrations or inviting existing users to register devices with WSO2 EMM.
Expand title Click here for more information. Follow the steps given below to enable your Google mail account to provide access to third party applications.
- Navigate to https://myaccount.google.com/security.
- Click Signing in to Google on the left menu and make sure that the 2-step Verification is disabled or off.
- Click Connected apps and sites on the left menu and enable Allow less secure apps.
Open the
<EMM_HOME>/repository/conf/axis2/axis2.xml
file, uncomment themailto
transportSendertransportSender
section, and configure the EMM email account.Note You may need to enable the "Allow less secure apps" option in the Gmail account security settings, to connect account to WSO2 products.
Code Block <transportSender name="mailto" class="org.apache.axis2.transport.mail.MailTransportSender"> <parameter name="mail.smtp.host">smtp.gmail.com</parameter> <parameter name="mail.smtp.port">587</parameter> <parameter name="mail.smtp.starttls.enable">true</parameter> <parameter name="mail.smtp.auth">true</parameter> <parameter name="mail.smtp.user">synapse.demo.0</parameter> <parameter name="mail.smtp.password">mailpassword</parameter> <parameter name="mail.smtp.from">synapse.demo.0@gmail.com</parameter> </transportSender>
Info For
mail.smtp.from
,mail.smtp.user
, andmail.smtp.password
, use the email address, username, and password (respectively) from the mail account you set up.Example:
Code Block <transportSender name="mailto" class="org.apache.axis2.transport.mail.MailTransportSender"> <parameter name="mail.smtp.host">smtp.gmail.com</parameter> <parameter name="mail.smtp.port">587</parameter> <parameter name="mail.smtp.starttls.enable">true</parameter> <parameter name="mail.smtp.auth">true</parameter> <parameter name="mail.smtp.user">no-reply</parameter> <parameter name="mail.smtp.password">$foo1234</parameter> <parameter name="mail.smtp.from">no-reply@gmail.com</parameter> </transportSender>
Configure the email sender thread pool.
Navigate to theemail-sender-config.xml
file, which is in the<EMM_HOME>/repository/conf/etc
directory, and configure the following fields under<EmailSenderConfig>
.MinThreads
: Defines the minimum number of threads that needs to be available in the underlying thread pool when the email sender functionality is initialized.MaxThreads
: Defines the maximum number of threads that should serve email sending at any given time.KeepAliveDuration
: Defines the duration a connection should be kept alive. If the thread pool has initialized more connections than what was defined inMinThreads
, and they have been idle for more than theKeepAliveDuration
, those idle connections will be terminatedThreadQueueCapacity
: Defines the maximum concurrent email sending tasks that can be queued up.
Example:
Code Block <EmailSenderConfig> <MinThreads>8</MinThreads> <MaxThreads>100</MaxThreads> <KeepAliveDuration>20</KeepAliveDuration> <ThreadQueueCapacity>1000</ThreadQueueCapacity> </EmailSenderConfig>
Customize the email templates that are in the
<EMM_HOME>/repository/resources/email-templates
directory.Info The email templating functionality of WSO2 EMM is implemented on top of Apache Velocity, which is a free and open-source template engine.
- Open the email template that you wish to edit based on the requirement, such as the user-invitation.vm or user-registration.vm file.
- Edit the
<Subject>
and<Body>
to suit your requirement. - Restart WSO2 EMM.
Tip If you need to access
HTTP
orHTTPS
base URLs of the server within your custom template configs, use the$base-url-http
and$base-url-https
variables, respectively.
...
Open the
config.json
file that is in the<EMM_HOME>/repository/deployment/server/jaggeryapps/
emm-web-agent/config
directory.
Configure theAnchor emm-web-agent emm-web-agent host
attribute that is undergeneralConfig
by providing the entire server address.Info You are required to configure this file as it is used to handle device enrollments.
Note - To download the EMM Android agent in a testing environment configure the host attribute using a an HTTP URL, because the Android browser does not trust hosts with self-signed certificates.
- To download the EMM Android agent in a production environment configure the host attribute using a an HTTPS URL as the production server has a Certificate Authority (CA) installed with a valid SSL certificate. For more information on enabling HTTPS communication, see here.
Example:
Code Block "generalConfig" : { "host" : "http://10.10.10.182:9763", "companyName" : "WSO2 Enterprise Mobility Manager", "browserTitle" : "WSO2 EMM", "copyrightText" : "\u00A9 %date-year%, WSO2 Inc. (http://www.wso2.org) All Rights Reserved." }
- Open the
config.json
file that is in the<EMM_HOME>/repository/deployment/server/jaggeryapps/emm/config
directory. Configure the
host
attribute that is undergeneralConfig
by providing the entire server address.Info You are required to configure this file as it is used to manage the devices.
Note In a clustered environment, configure the host attribute by providing the entire server address (by changing only the protocol to HTTPS and the port to the HTTPS port) that was given for the host attribute in the emm-web-agent's
config.json
file. This is required because the EMM configurations refer to the emm-web-agent app as it is used to handle device enrollments.Example:
Code Block "generalConfig" : { "host" : "https://10.10.10.128:9443", "companyName" : "WSO2 Enterprise Mobility Manager", "browserTitle" : "WSO2 EMM", "copyrightText" : "\u00A9 %date-year%, WSO2 Inc. (http://www.wso2.org) All Rights Reserved." }
WSO2 App Manager configurations to
...
manage applications in WSO2 EMM
Follow the steps given below to configure WSO2 App Manager for the EMM:
- Open the
carbon.xml
file that is in the<EMM_HOME>/repository/con
f directory. Uncomment the
HostName
attribute and provide the server IP.
Default:Code Block <!--HostName>www.wso2.org</HostName-->
An example of the configuration:
Code Block <HostName>10.100.7.35</HostName>
Uncomment the
MgtHostName
attribute and provide the server IP.
Default:Code Block <!--MgtHostName>mgt.wso2.org</MgtHostName-->
An example of the configuration:
Code Block <MgtHostName>10.100.7.35</MgtHostName>
- Comment the uncommented ServerURL and uncomment the ServerURL attribute that was commented by default.
Configure the uncommented ServerURL as follows:- Provide
localhost
as the value for{carbon.local.ip}
. - Provide the
https
port as the value for{carbon.management.port}
.
By default, the port is 9443. - Remove
${carbon.context}
.
By default:
Code Block <ServerURL>local:/${carbon.context}/services/</ServerURL> <!-- <ServerURL>https://${carbon.local.ip}:${carbon.management.port}${carbon.context}/services/</ServerURL> -->
An example of the configuration:
Code Block <!--ServerURL>local:/${carbon.context}/services/</ServerURL--> <ServerURL>https://localhost:9443/services/</ServerURL>
- Provide
- Restart the WSO2 EMM server.
Login to the WSO2 App Manager publisher to publish application or WSO2 App Manager store to install apps on mobile devices.
Info - Access the WSO2 App Manager publisher:
http://localhost:9763/publisher
https://localhost:9443/publisher
- Access WSO2 App Manager store
http://localhost:9763/store/
https://localhost:9443/store
- Access the WSO2 App Manager publisher:
...
The WSO2 EMM administrators can monitor devices by accessing the portal dashboard. Before accessing the dashboard you need to configure the dashboard server to communicate with external OAUTH protected APIs that will be accessed by its gadgets.
Configure
<ServerRoles>
that is in the<EMM_HOME>/repository/conf/carbon.xml
file by adding theCDMFPlatform
roleEMMAnalytics
andCDMFAnalytics
roles.Code Block <ServerRoles> <Role>EMMPlatform<<Role>EMMAnalytics</Role> <Role>CDMFPlatform<<Role>CDMFAnalytics</Role> </ServerRoles>
Configure the
designer.json
file that is in the<EMM_HOME>/repository/deployment/server/jaggeryapps/portal/configs
directory as follows:If you have enabled SSO for WSO2 EMM, you need to define
sso
as the value foractiveMethod
underauthorization
else, you can define theactiveMethod
asbasic
.Info For more information on enabling
sso
, see the WSO2 Dashboard Server documentation on Enabling SSO in WSO2 DS.Example:
Localtabgroup Localtab title Enabling SSO authentication Panel bgColor #ffffff Configure the following fields:
- Under
authentication
, define theactiveMethod
assso
. - Configure
responseSigningEnabled
as true. - Set the Assertion Consumer (ACS) URL as
https://<JAGGERY_APP_HOST>:<JAGGERY_APP_PORT>/portal/acs
. In WSO2 EMM the jaggery portal application is available in the product itself. Therefore, you can configure the<JAGGERY_APP_HOST>
as localhost and<JAGGERY_APP_PORT>
as 9443 if you have not port offset WSO2 EMM.
Example:
Code Block "authentication":{ "activeMethod":"sso", "methods":{ "sso":{ "attributes":{ "issuer":"portal", "identityProviderURL":"https://localhost:9443/samlsso", "responseSigningEnabled":"true", "acs":"https://localhost:9443/portal/acs", "identityAlias":"wso2carbon", "useTenantKey":false } }, "basic":{ "attributes":{ } } } }
Localtab title Enabling basic authentication Panel bgColor #ffffff Under
authentication
, define theactiveMethod
asbasic
.Code Block "authentication":{ "activeMethod":"basic", "methods":{ "sso":{ "attributes":{ "issuer":"portal", "identityProviderURL":"https://localhost:9443/samlsso", "responseSigningEnabled":"false", "acs":"https://localhost:9444/portal/acs", "identityAlias":"wso2carbon", "useTenantKey":false } }, "basic":{ "attributes":{ } } } }
- Under
Configure the
authorization
attributes.Code Block "authorization":{ "activeMethod":"oauth", "methods":{ "oauth":{ "attributes":{ "idPServer":"%https.ip%/oauth2/token", "dynamicClientProperties":{ "callbackUrl":"%https.ip%/portal", "clientName":"portal", "owner":"admin", "applicationType":"JaggeryApp", "grantType":"password refresh_token urn:ietf:params:oauth:grant-type:saml2-bearer", "saasApp":false, "dynamicClientRegistrationEndPoint":"%https.ip%/dynamic-client-web/register/", "tokenScope":"Production" } } } } }
Property Description Data
TypeExample activeMethod
Define the method that needs to be made active from the available authorization methods. In this case you need to define the active mode as OAuth. Yes String OAuth
idPServer
Define the Identity Provider URL by replacing %https.ip% with
https://<EMM_HOST>:<EMM_PORT>
.Info The default value for
<EMM_HOST>
is localhost and if you have not port offset WSO2 EMM, the default<EMM_PORT>
is9443
.Yes String localhost:9443/oauth2
/tokencallbackURL
Define the callback URL by replacing %https.ip% with the
https://<EMM_HOST>:<EMM_PORT>
.Info The default value for
<EMM_HOST>
is localhost and if you have not port offset WSO2 EMM, the default<EMM_PORT>
is9443
.Yes String localhost.9443/portal
clientName
Define the OAuth application name. Yes String portal
owner
Define the username of the owner of the application. Inthisusecaseit is the administrator. Yes String admin
applicationType
The default application type is a jaggery application. If you wish to change it, you need to update this field with the respective application type. Yes String JaggeryApp
grantType
In this use case, out of the six OAuth 2.0 grant types WSO2 EMM uses the password
refresh_token
and thesaml2-bearer
grant types. You can add more grant types as space separated values. If you configured WSO2 EMM for SSO authentication, thesaml2-bearer
grant type will be used and if you configured WSO2 EMM for basic authentication, thepassword refresh_token
grant type will be used.Yes String password
saasApp
Define if this application is a Software as a Service (SaaS) application or not, by defining true
orfalse
as the respective values.Yes Boolean false
dynamicClientRegistrationEndPoint
Define the dynamic client registration endpoint by replacing
%https.ip%
with thehttps://<EMM_HOST>:<EMM_PORT>
.Info The default value for
<EMM_HOST>
is localhost and if you have not port offset WSO2 EMM, the default<EMM_PORT>
is9443
.Yes String localhost:9443/dynamic-client
-web/register/tokenScope
Define the scope of the issued access token. It is used to limit the authorization granted to the client by the resource owner. Yes String Production
- Optionally, if you configured the authentication method as
sso
, you need to register the portal application as a service provider. For more information, see the WSO2 Dashboard Server documentation on configuring SSO in DS.
...