Skip to main content
Matrix42 Self-Service Help Center

Tags Guide Part I: Create and Deploy

  1. Last updated
  2. Save as PDF

Overview

This guide provides a comprehensive overview of Admin Tags and how to create, configure and distribute them. In general, Silverback offers two Tag types and the difference between the out-of-the-box System Tags for each platform and the Admin Tags that can be additionally created and configured is that System Tags are automatically applied to all devices on that platform. Therefore, you should keep your configurations in the System Tags (as they are by default Auto Populated) to a minimum (such as passcode settings, root and intermediate certificates, Companion or Lockdown settings) and distribute additional configurations, applications and policies through multiple Admin Tags. These Admin Tags can be distributed individually, allowing granular configuration of your entire and individual device landscape.

Create a new Tag

  • To create a new Tag, navigate to Tags 
  • Click New Tag
  • Enter a friendly name (required)
  • Enter a description (optional)
  • Enable at least one Feature
    • Profile
    • Policy
    • Apps
    • Content
  • Enable at least one Device Type (required)
    • iPhone
    • iPad
    • iPod
    • Android
    • Samsung Knox
    • Windows
    • macOS
    • AppleTV
  • Click Save
  • Proceed with configure your Tag
  • After your configuration, proceed with Deploy Tags

Configure your Tag

After your initial Tag creation by clicking Save, all Enabled Features will be activated in the left panel and you can fill the tags with device type dependent configurations and applications. Please refer to the following Guides to review your options:

Deploy Tags

Once you have configured your Tag, you can deploy it manually by associating/assigning the Tag or automatically by enabling the Auto Population. In general, we recommend that you perform a manual deployment first for testing purposes and then enable the auto population to perform the 'global' rollout and go live.

Manually Associate Devices

In general, there are two ways to manually assign Tags to Devices. The first is to perform the action directly in the Tag using the Associated Devices button in the Definition tab, and the second is to assign Tags from the Devices section. Both options are described below:

Associate Devices within the Tag

  • After saving the configured Tag navigate to Definition and click Associated Devices
  • Click Attach More Device 
  • Select any applicable device from the List
  • Click Attach Selected Devices

To export a list of users associated with the specific Tag, click the Export button and choose the location to save the output file (in XLS Format).

Assign Tags from the Device Overview

  • After saving the configured Tag navigate to Devices
  • Locate your target devices
  • Press the Tag button
  • Select your previously created Tag
  • Press Save 

Auto Population

Once your Admin Tag has been created, you can set conditions so that existing devices (at the next device synchronization/refresh) and newly enrolled devices will automatically receive this tag based on the configured variables. As an administrator, this gives you the flexibility to individually and automatically configure your devices based on their purpose and specific characteristics. By enabling the Auto Population checkbox, you can configure automatic tag assignment based on DeviceUser, or Ownership variables:

Device Variables

You can configure devices variables in combination with operators to customize the automatic assignment of Tags to your specific needs.

Operators

The Device Variable field does not always have to be ‘absolute’, by using a wildcard (*) character in the Device Variable Value field the scope of the Auto-Population is widened to allow more devices.

Operator Function Purpose
* Wildcard Allows the Administrator to specify Wildcards when filtering devices.
> Greater Than Used for Numerical Fields, will allow the Admin to specify values Greater than a value.
< Less Than Used for Numerical Fields, will allow the Admin to specify values Less than a value.
Variables
Device Variable Key Device Variable Value Description
None - Every enabled Device Type will receive the tag.
Type e.g. Galaxy A5 Device Model Name.
OS Version e.g. > 12.1.1 The OS version reported by the device.
Model Number e.g. SM-A520F Device Model Number.
Current Country e.g. Germany Device Current Country.
Current Network e.g. o2 - de Device Current Network.
Subscriber Country e.g. Switzerland The country that the device reported on enrollment.
Subscriber Network e.g. o2 - ch The network that the device reported on enrollment.
Label e.g. Marketing Device Label as specified in the console.
Roaming True or False The tag is assigned to roaming devices.
IP Address e.g. 10.0.0.110

The IP address of the device(e.g. 192.168.1.100/32). The acceptable formats are:

  • Single IP address (10.10.1.1)
  • IP range with hyphen (10.10.1.1-10.10.1.200)
  • IP range using CIDR notation (e.g. 10.0.0.0/24)
  • IP range using wildcard (10.10.1.*)
SSID e.g. Imagoverum Wi-Fi

The name of the WiFi SSID that device is connected to. The acceptable formats are:

  • Full SSID name (e.g. Airport)
  • Wildcarded SSID name (e.g. Airp*)
  • Multiple SSID values using + as delimiter (e.g. Airport+Linksys)
Note: This value is only reported by Companion client.
MDM Version e.g. 36 Assigns the Tag to Samsung Knox devices based on the reported the MDM Version with corresponds to the Knox API Level.
iTunes Account  True or False For iOS and iPadOS devices, set to true or false to populate if the user has an iTunes account configured.
Serial Number e.g. F9FWFJD4JF89 Assigns the Tag to a specific Device Serial Number.
Device Owner Yes or No Include or exclude devices in Device Owner Mode. If no is selected all Non Device Owner devices will receive the configuration.
Supervised Yes or No Include or exclude devices in Supervised Mode. If no is selected all Non supervised devices will receive the configuration.
Azure AD Joined Yes or No Include or exclude Azure AD Joined devices. If no is selected all Non Azure AD joined devices will receive the configuration.
Apple Silicon Yes or No Include or exclude devices that reports that they are running on an Apple Silicon Processor. If no is selected all Non Apple Silicon Processor will receive the configuration.

User Variables

With User Variables, you can use an LDAP filter to automatically associate Tags with specific users or groups in your organizations' directory

LDAP Base DN

In some scenarios, it is necessary to specify the Base DN where the LDAP filter should be performed. The Base DN should be entered into the text box provided, with a Full DN Syntax (Distinguished Name), which can be found using Active Directory User and Computers or another LDAP Browser.

E.g. MemberOf=OU=Frankfurt,DC=imagoverum,DC=com

LDAP Filter 

Auto Populating an Admin Tag can also be done using containers that exist within your LDAP schema (or Active Directory). This means that if you have setup distribution groups for individual departments, you can auto assign Tags based on these groups. When adding an LDAP Filter it must be done in Full DN Syntax (Distinguished Name), which can be found using Active Directory User and Computers or another LDAP Browser. An example of Full DN Syntax is displayed below:

Full DN Syntax Example for a Sales Department Distribution group: MemberOf=CN=Sales Department, CN=Groups,DC=imagoverum,DC=com

Ignore Empty Results

The option for Ignore Empty Results will tell the server to not remove users from the Tag, if the response from LDAP is empty. In some scenarios an LDAP source can return a valid, successful result however without any LDAP results. Normally this would cause Silverback to remove all users from this Tag. If your LDAP source is returning empty results validly, then use this option to ensure minimal user interruption.

Ownership Variable

With the Ownership Variable, you automatically assign Tags by the specified ownership of the device that the user owns.

Selected Ownership

Define to which Ownership Type the Tag should be applied. You can choose between All, Corporate and Personal

Force a Tag Update

If your Tag does not have the Auto Population option enabled, you can force an update to your devices by clicking Push to Devices in your Tag definition. This will queue the update for your devices when a change is made to the Tag. Another way to force a Tag update is to navigate to Devices, open the Device Information of a specific device and press the Refresh button. The difference between updating a Tag with Auto Population enabled or disabled is when Auto Population is enabled, the changes are pushed directly to the devices, and in the other case, the devices will receive the update at the next check-in.

Remove Deployment

To remove a Tag from a device that has been assigned manually, you can perform one of the following actions:

Detach Devices within the Tag 

  • From the Definition Tab in your Tag press Associated Devices
  • Select any device(s) that you want to unassign from the Tag
  • Press Detach Selected Devices
  • Confirm with OK

Unassign Tags from the Device Overview 

  • Navigate to Devices
  • Locate your target devices
  • Press the Tag button
  • Uncheck the assigned Tag
  • Press Save
  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    How-To
  2. Tags
    This page has no tags.