Administrator Guide Part VIII: Admin
Admin Tab
The Admin Tab allows the Administrator to configure some of the core settings of Silverback installation like: .
- Customize the Look and feel of specific elements, such as the Self Service Portal, or App Store Icon.
- Create and Configure Users and give those individual users different levels of access to the Silverback Console.
- Configure the Device Types Silverback is aware of.
- Capture a list of Serial Numbers and Usernames associated with them.
- Setup and Enable Advanced System Settings.
- View Device or Server Logging Information.
- View Important License Information.
- Enable Connection to
- Android Enterprise
- Apple Device Enrollment Program
- Apple Volume Purchase Program
- Add a Custom Authentication Provider
Content
Android Enterprise
With Android Enterprise, Google released a technology platform which will be enabled by managed Google Play accounts and works with any Google account. In comparison to Android for Work no domain verification is required and it takes practically minutes to set it up. Silverback manages the individual Android Enterprise accounts on the managed devices, meaning there’s no need for additional Google accounts or GSuite user management. With Android Enterprise Google cannot associate the accounts to any particular user and as a privacy is enhanced as a result. Please check the Android Enterprise Integration Guide to get familiar with Android Enterprise.
Setting | Setting | Description |
---|---|---|
Enabled | Enabled or Disabled | Enables or Disables Android Enterprise |
Automatic Activation | Activate | Starts the automatic integration into Android Enterprise |
Manual Activation | Choose File | Upload here your Android Enterprise activation token |
Enterprise ID | e.g. LC04f8o5j9 | Your listed Organization or Enterprise ID for Android Enterprise. Will be created automatically during Activation |
Service Account Email | e.g. w841714cc9a537f667abad359d7810@pfwp-...iceaccount.com | Your listed Service Account Email for Android Enterprise. Will be created automatically during Activation |
Google Account | e.g. tim.tober@gmail.com | Displays the used Google account during activation process |
App Portal
The Application portal is where devices can access Enterprise applications and recommended Third Party applications via a web clip icon. Customization of the App Portal, when done in this location, will replicate system wide for all Device Types with the App Portal enabled. For it to work properly the icon must meet the following specifications:
Setting | Options | Description |
---|---|---|
App Portal Label | e.g Imagoverum | Customize the Header Text within the Silverback App Portal Website |
App Portal Icon Text | e.g. Company App Store | Customize the Shortcut name associated with the App Portal |
Precomposed Icon | Enabled or Disabled | Adds the gloss effect to the icon when displaying on the device. |
Full Screen | Enabled or Disabled | Makes the App Portal appear Full Screen in Safari (*iOS only) |
Icon | Choose File |
Upload your preferred icon in *.png format. The file will be optimized to 59x60 pixels. |
Authentication Provider
Please check our Identity Provider Guide for Integration of a SAML2 based Authentication Provider.
Authentication Provider Settings
Most of the Authentication Provider Settings will be filled automatically after importing the Identity Providers Metadata. Additionally you can configure the visibility settings for Self Service Portal and Management Console Login.
Setting | Options | Description |
---|---|---|
Direct Forwarding | Enabled or Disabled | Enables a direct forwarding to the IDP on the Self Service Portal. User will not need to click on the Authentication Provider button. |
Show on Login Page | Enabled or Disabled | With this checkbox a second button appears on each login page. Configuration of the button takes place in the Authentication Provider Button Settings area on this site. |
Disable classic sign-in | Enabled or Disabled | By enabling users will only have the possibility to choose the Authentication Provider button |
Service Provider | e.g. silverback.imagoverum.com | Contains the unique identifier of the service provider (Silverback) and will be filled automatically when you import the Metadata URL or file. |
X.509 Certificate Thumbprint | e.g. 5C547048DC931BFF488324388A82B3F696010703 | Contains the certificate thumbprint for signing the payload and the assertion. This field will be filled automatically when you import the Metadata URL or file. |
Identity Provider | e.g. https://accounts.matrix42.com | Contains the unique identifier of your identity provider (e.g. MyWorkspace, Azure Active Directory or Ping Identity). This field will be filled automatically when you import the Metadata URL or file. |
Saml SSO Redirect URL | e.g. https://accounts.matrix42.com/issue/...31c3/saml2/sso | This is the URL where Silverback will send the SAML2 requests. This field will be filled automatically when you import the Metadata URL or file. |
Saml SLO Redirect URL | e.g. https://accounts.matrix42.com/issue/saml2/slo | This is the URL where Silverback will send the SAML2 Logout requests. This field will be filled automatically when you import the Metadata URL or file. |
Dynamic User Creation | Enabled or Disabled | By Enabling User Creation Silverback will create for each SAML2-based login a local user account. This enables you to configure all authorized users within your Identity Provider. |
Authentication Provider Button Settings
This sections covers the customization for the Authentication Provider Button for the Self Service Portal and the Management Console Login.
Setting | Options | Description |
---|---|---|
Title | e.g. MyWorkspace | Defines the text content of the additional button on Administrator and Self Service Portal Login |
Icon | Choose File | Defines the icon which will be shown left of the Title. Supported file types are *.jpg, *.png and *gif |
Color | Pick your color | Defines the background color. It enables you to easily pick a basic or configure a custom color. |
Azure Active Directory
Connects your Azure AD to Silverback to unleash additional Management Options for Windows 10 Autopilot, Windows 10 Azure AD, Store for Business and App Protection Policies
Mobility (MDM and MAM)
Setting | Description |
---|---|
Enabled | Enables the connection to Azure Active Directory |
Tenant ID | This is you Directory ID (Azure > Azure Active Directory > Properties > Directory ID) |
Application ID | This is your Mobility (MDM and MAM) Application ID, created in Azure |
Application Key | This is your Mobility (MDM and MAM) Application Key, created in Azure |
Windows Store for Business
Setting | Description |
---|---|
Enabled | Enables the synchronization of Windows Store for Business applications into the Silverback Management Console. This setting is mandatory to distribute Windows Store for Business Applications to Windows 10 devices. |
Period to refresh Store for Business Apps (min) | Defines the synchronization interval for Windows Store for Business applications into the Silverback Management Console. |
App Protection
Setting | Description |
---|---|
Enabled | Enables the Synchronization of App Protection Policies and allows to create App Protection Policies remotely in Microsoft Intune. |
Period to refresh App Protection Policies (min) | Defines the synchronization interval for App Protection Policies. E.g. if a App Protection policy is created in Microsoft Intune this value defines the time when it will appear in Silverback. Created policies within the Silverback Management Console will be created immediately in Microsoft Intune. |
Last updated | Displays the last synchronization time stamp. |
Backup Policy
Administrators have the ability to allow or deny iOS devices to be restored from backup and maintain access to corporate information. By default this setting is disabled for security reasons, to prevent a user’s backup being restored to another device. There are certain situations where a Restore from Backup is required, such as major iOS upgrades and it is recommended this setting be enabled only for the duration of the fleet upgrade.
If this setting is disabled, when a device is restored from backup, Silverback will detect this and send a command to the device, removing all corporate data.
Setting | Options | Description |
---|---|---|
Allow Restore from Backup | Enabled or Disabled | Will prevent or allow that End users can restore their Silverback device connection with a backup. |
Certificates
Communication to iOS devices needs two certificates to ensure a highly secure connection to end user devices. Both certificates has an expiry timeline of one year. The Apple MDM Push certificate needs to be created and renewed by yourself. The Companion Push certificate and corresponding renewals are covered by Matrix42.
Signing Certificate
Displays the Expiration Date of the Profile Signing Certificate
Certificate | Expires | Description |
---|---|---|
Common Name | e.g. *.imagoverum.com | Display the common certificate name used as Signing certificate |
Expires | e.g. 01 July 2020 | Display the expiration date of your SSL certificate which is linked under Settings Admin > MDM Payload |
Thumbprint | e.g. C38565344A68ECC9A3515EE5D2B2722AD7C3C7B | Displays the certificate thumbprint |
Apple Push Notification Service
An Apple Push Notification Service (APNS) certificate is required for Silverback to manage iOS and macOS devices. After you add the certificate to Silverback, your users can enroll their devices. When a push certificate expires, you must renew it. When renewing, make sure to use the same Apple ID that you used when you first created the push certificate.
- The creation process is listed in the following Guide: Getting Started - Apple Guide I : Basics
- To renew the certificate please check the following knowledge base article: APNS Renewal process
Setting | Options | Description |
---|---|---|
Push Topic | e.g. com.apple.mgmt.External.10356f6a-8dda-40e5-89ff-47c537d76410 | Topic that Silverback listens to for push notifications |
Expires | e.g. 09/07/2020 10:14:04 AM | Certificate expiration date |
Thumbprint | e.g. C38565344A68ECC9A3515EE5D2B2722AD7C3C7B | Certificate thumbprint |
Request Certificate |
|
Generates a signed CSR for a new certificate |
Upload Existing Certificate |
|
Provides the ability to upload a new certificate |
Download copy |
|
Provide a copy of the current certificate with a generated password |
Companion Push Notification Service for iOS & iPadOS
Companion Push Notification Service for iOS & iPadOS is the certificate used for Matrix42 Companion application on iOS or iPadOS devices to create or send push notifications. It will be provided and delivered with any Silverback installation. The certificate is valid for 1 year and will be replaced by a new one in the course of Silverback updates. In the case that the certificate will expire and you are not able to update to a newer Silverback version, check the following knowledge base article: Companion Push Certificate Update
Setting | Options | Description |
---|---|---|
App Identifier | com.matrix42.silverback.companion | Bundle ID for Matrix42 Companion app |
Expires | e.g. 02/01/2020 11:31:33 AM | Certificate expiration date |
Thumbprint | e.g. CB18565344A68ECC9A3515EE5D2B2722AD7C3C8C | Certificate thumbprint |
Upload Existing Certificate |
|
Provides the ability to upload a new certificate |
Download copy |
|
Provide a copy of the current certificate with a generated password |
Cloud Connectors
Cloud Connectors are used for cloud customers that wants to connect the cloud instance from an On Premise network via HTTPS to use the following services:
- LDAP
- Certificate Authority
- Exchange Protection for On Premise Exchange Servers
In this section all installed and linked Cloud Connectors are displayed. Cloud Connectors Monitor will open the Cloud Connector Tunnel info, where you can see details of all Cloud Connectors like Clients, Traffic and Errors after pasting your admin credentials.
Setting | Information | Description |
---|---|---|
ID | e.g. 1 | Cloud Connector ID |
Ip Address | e.g. 65.50.150.90 | Connected IP Address |
Client Machine Name | e.g. Server-001 | Machine Name where Cloud Connector is installed |
Last Seen | e.g. 17/09/2018 18:37 | Last connection time |
Companion
Setting | iPhone, iPad, iPod | Android, Samsung Safe | Description |
---|---|---|---|
Device Modification Detection |
|
|
Enables Jailbreak or Root Detection and actions taken after detection |
Alert Administrators | Enabled or Disabled | Enabled or Disabled | If enabled, Administrators will receive an information if a Device Modification has been detected |
Allow user to unenroll | Not available | Enabled or Disabled |
Will activate or deactivate the unenroll functionality inside Companion This will not prevent the users to remove Device Admin from Settings |
Notification Interval |
|
Not available | Defines how often the end user will receive a notice to launch Companion for an integrity check |
Grace Period |
|
Not available | The maximum allowable time a device has to perform an integrity check |
Grace Period Failure Action |
|
Not available | Action to be performed if grace period is exceeded |
Companion Client IPA File | Choose File | Not available | |
Companion Client PLIST File | Choose File | Not available | |
Allow key generation for Managed Devices | Enabled or Disabled | Not available | |
Client visible in App Portal | Enabled or Disabled | Not available | |
Check for Companion Updates | Not available |
Console Permissions
Access
In addition to the normal permissions granted to the various console user roles, some of these can be additionally configured from this section.
Setting | Target | Option | Description |
---|---|---|---|
Managed Applications | Super Helpdesk | Enabled or Disabled | When enabled, it provides the Super Helpdesk role the ability to Manage Applications |
Assign Tags | Super Helpdesk | Enabled or Disabled | When enabled, it provides the Super Helpdesk role the ability to Assign Tags to devices |
Create Pending Enrollments from Console | Require LDAP user | Enabled or Disabled | When enabled, local user accounts cannot be used to authorize pending enrollments. An LDAP account must be used. |
Device Privacy
Silverback allows to control visibility of applications installed on devices and control the permissions for administrative users to view applications lists and perform factory resets on managed devices.
Setting | Options | Descriptions |
---|---|---|
Privacy | ||
Enable Application List Privacy | Enabled or Disabled | When enabled, you can configure that e.g. not managed apps are not visible for Administrators or Help Desk users in the device overview. This will increase privacy for end users. |
Application List Privacy for Ownership Type |
|
Defines if e.g. for personal devices non managed applications are not visible for Administrators or Help Desk Users. When Personal Only is select, these roles will not see any personal installed apps in the device overview. |
Minimum Role Allow to View Application List |
|
Define which role has the ability to view the installed application list on devices. |
Permissions | ||
Minimum Role to Factory Reset Personal Devices |
|
Define which role has the ability to factory wipe personal devices. When you select Super Helpdesk, then Super Helpdesk and Administrator will have the ability. |
Minimum Role to Factory Reset Corporate Devices |
|
Define which Silverback role has the ability to factory wipe corporate devices. When you select Super Helpdesk, then Super Helpdesk and Administrator will have the ability. |
Device Enrollment Program
Apple’s Device Enrollment Program can be managed from this section in the Admin Tab. The Device Enrollment Program allows you to have devices enroll into Silverback on first setup, rather than having the user navigate to the Silverback website after setup. Please check our Apple Deployment Programs Integration Guides
Home Section
The main page gives an overview of the status and information relating to your Device Enrollment Program account. The organization and server information is displayed after a successful import of your token. The Account Overview section indicates how many devices are currently in your DEP account and how many are currently enrolled in Silverback.
Devices Section
Overview
The Devices section lists the devices in your DEP account and an associated username after enrollment. The table shows a list of all users in your DEP program, regardless of whether they are enrolled in Silverback. The list can also be exported by clicking the Export button. The table contains the following details:
Column | Description |
---|---|
MDM Username | If the serial number matches a currently enrolled user, it will be displayed here |
Serial Number | The serial number of the device in your DEP program |
Model | The model description of the device |
Profile Name | Displays the assigned profile for the device |
Profile Status |
Shows the profile status for the device.
Pushed means that the Profile is ready to be applied on the device. It will be assigned as device will be enrolled |
Profile Assigned Time | Displays the timestamp for the profile assigned time. |
Disown | Removes the device from the current and future DEP accounts. |
The disown function will permanently remove a device from your current DEP. It takes an unknown grace period until the device can be added again. Please do this only if you feel confident.
Actions
Action | Description |
---|---|
Assign Profile | Select first a range of devices and assign a specific profile. |
Bulk Assignment | Use Bulk Assignment to assign profiles via a *.csv file. Please refer to our Knowledge Base article |
Export | This will generate an *.csv report |
General Settings Section
The Settings section allows you to configure your integration with Apple’s DEP program and determine the device behavior.
Control | Description |
---|---|
Settings | |
Company Token | The token file provided by Apple |
Valid Until | Displays the expiration date for the Company Token. |
Active Directory Authentication | Determines whether Active Directory Credentials will be used during a device enrollment or the classic One Time Password. |
User Prompt Text | The text presented to the user on enrollment. |
Default Profile | |
Name | Displays the default profile name. |
Allow Pairing | Determines if the device can be paired with a computer. |
Supervised | Determines whether the device will be supervised. |
Force Enrollment | Determines if the user can skip the enrollment process. Note: The device will be unusable unless enrolled in Silverback. |
Profile Removable | Determines whether the MDM profile can be removed by the user after enrollment |
Language | Define the Language for Apple TV's and provide a language designator that represents a language. |
Region | Define the Region for Apple TV's and provide a region designator that represents a country. Use the ISO 3166-1 standard, a two letter, capitalized code. |
Support Phone Number | Displayed to the user in the About section on enrollment. |
Department | Displayed to the user in the About section on enrollment. |
Activate Apple Location | Location for the devices to activate on enrollment. This should be changed to reflect your server address. |
Skip Setup Items | |
Location | Skip Location Services setup |
Restore | Skip Restore from backup |
Apple ID | Skip entering Apple ID information |
Terms and Conditions | Skip Terms and Conditions Agreement |
Siri | Skip Siri Setup |
Diagnostics | Skip Send Diagnostics prompt |
Passcode | Skip Passcode Setup |
Touch ID | Skip Touch ID Setup |
Apple Pay | Skip Apple Pay setup |
Zoom | Skip Zoom Setup |
Move from Android | Skip the migration from Android prompt |
DisplayTone Setup | Skips DisplayTone setup |
Privacy Pane | Skips privacy pane |
Add Cellular Plan Pane | Skips the add cellular plan SIM Setup pane |
Home Button Screen | Skips the Home Button Sensitivity screen in iOS. |
iMessage and FaceTime Screen | Skips the iMessage and FaceTime screen in iOS. |
On-boarding Screen | Skips on-boarding informational screens for user education (“Cover Sheet, Multitasking & Control Center”, for example) in iOS. |
Screen Time | Skips the screen for Screen Time in iOS. |
Software Update Screen | Skips the mandatory software update screen in iOS. |
Watch Migration Screen | Skips the screen for watch migration in iOS |
Choose Your Look Screen | Skips the Choose Your Look appearance screen |
Keyboad Pane | Skips the Keyboard Pane |
Express Language Setup | Skips the Express Language Setup |
Preferred Language Order | Skips the Preferred Language Order |
Get Started Pane | Skips the Get Started Pane |
Restore Completed | Skips the Restore completed Pane |
Software Update Completed | Skips the Software Update Completed Pane |
Registration (OS X) | Skip OS X Registration |
FileVault Setup (OS X) | Skip File Vault setup for Mac |
iCloud Analytics Screen (OS X) | Skips iCloud Analytics screen in macOS. |
iCloud Documents and Desktop Screen (OS X) | Skips iCloud Documents and Desktop screen in macOS |
Accessibility (OS X) | Skips Accessibility screen in macOS |
Device to Device Migration | Skips Device to Device Migration pane |
Tap To Set Up Option (Apple TV) | Skips Tap To Set Up Option in tvOS |
Aerial Screensavers (Apple TV) | Skips Aerial Screensavers in tvOS |
TV Home Sync Screen (Apple TV) | Skips TV Home Sync Screen in tvOS |
TV Provider Sign In Screen (Apple TV) | Skips TV Provider Sign In Screen in tvOS |
TV Room (Apple TV): | Skips TV Room in tvOS |
Certificates | |
Anchor Certificates | Additional root certificates to be trusted by the device |
Supervising Certificates | If Allow Pairing is disabled, enter supervising computer certificates to allow the device to connect to that machine |
Save | Saves settings |
Additional Profiles
With additional profiles you are able to assign specific profiles to specific devices. This will help as an example to configure the out-of-the-box experience for all iPhones in a different way as for iPads. Click new Profile to create a new profile and assign the profile in the Devices section.
Column | Description |
---|---|
ID | Displays a unique identifier for the device based on the database entry |
Profile Name | Displays the given name for the Profile |
Registered in App | This information show if the profile has been successfully registered on Apple side |
Edit | Edit your created profile |
Remove | Remove your created profile |
Logs
Clicking the Logs button will export a *.csv file of actions that have been performed specifically on the Device Enrollment Program. This covers changes made by administrators and also events that are related to the Silverback connection to Apple.
The file will contain the following information:
- Log ID
- Date
- User Name
- Action
- Action Destination
- Http Code
- Http Text
Device Types
Each type of device can be mapped to a description for easy reading and categorization. By default, known device types are already mapped by Silverback. More device types can be added manually as they become available. If a device enrols in the system and Silverback does not recognize its model number, the model number will be added to the system with a black description, allowing the Administrator to define it later. In this case the new device model number will be listed in the Device Types Overview with a description as Unknown. You can edit this model number and assign it an appropriate Device Type and Description.
Overview
Setting | Option | Description |
---|---|---|
Type | e.g. Samsung Safe | Defines the Operating System platform the the known device. |
Model No. | e.g. SM-J530F | Each device models gets his Model number from the Hardware Vendor. In our example the Galaxy J5 could have more then 1 Model No. due to Market or region specific changes. |
Description | e.g. Galaxy J5 | The description will be shown in Devices area as the "Model" to identify Device Names |
Edit | ![]() |
Edit an existing device type mapping by clicking on the edit button |
Remove | ![]() |
Remove a device type mapping by clicking on the remove button |
Edit Unknown Devices
- Click the Magnifier icon
- Change the Find filter to Description
- Enter as search criteria Unknown
- Click Edit on any unknown device type
- Enable the New Description checkbox
- Enter a desired device name, e.g. Galaxy J5
- Click Save
New Device Type
Add here device types in advance
- Click New Device Type
- Fill ill all necessary Create Device Type information
Setting | Option | Description |
---|---|---|
Type |
|
Select the device type. |
Model Number | e.g. SM-J530F | Enter the Model Number |
Description | e.g. Galaxy J5 | Enter a description for the Device Overview |
- Click Save
Bulk Import
Add here new device types in bulk mode.
Download the newest device types lists from Matrix 42 Marketplace
Create your*.csv file
Bulk Model Number *.csv file needs to be created in the following format: Type ID, Device Description, Model Number
The following Type IDs are available;
- 1 – iPad
- 2 – iPhone
- 3 – iPod
- 4 – Android
- 5 – Samsung Safe
- 6 – Windows Phone 8
- 11 – Windows Phone
- 12 – Windows
- 13 – OS X
Download Example File: Bulk Import Model Numbers.csv
1,6th Gen Cell + 3G + Wi-Fi 128GB,MR7C2FD
2,7 150GB,MN8G2ABD
4,Google Nexus 5,Nexus 5X
5,Galaxy A5,SM-A520F
12,Surface Pro 1,Surface with Windows 8 Pro
Import File
- Click Bulk Import
- Select Choose File
- Navigate to your *.csv file
- Click Open
- Click Save
Exchange Protection
Configurations for the Exchange Protection Integration
Setting | Options | Description |
---|---|---|
Exchange Protection | Enabled or Disabled | Enables the Exchange Protection |
Server Version |
|
Defines the used Exchange Server Version |
Server Address | e.g. http://eas.imagoverum.com/powershell/ | Endpoint to access for the Exchange Protection |
Username | e.g. IMAGOVERUM\silverback_exchange | Service Account for Access |
Password | e.g. Pa$$w0rd | Service Account Password |
Client Access Policy Name | e.g. Default | Corresponding to the default or created Client Access Policy on Exchange Server |
Auth Mechanism |
|
Used authentication mechanism to connect to the API |
Email Templates
Email Templates section lets you modify the emails that are sent to users and administrators, and also modify the SMS text that will be sent to end users. Every email generated by Silverback is available in the list. By clicking on Edit, you can customize what the email templates contain. This includes adding images, modifying the text and input system variables.
The following Email Templates can be edited:
Email Template | Recipient |
---|---|
Policy Violation Alert | Admin |
New Operating System Alert | Admin |
SMS Failure Alert | Admin |
New Model Number Alert | Admin |
Clear Passcode Notification | Admin |
Admin Provisioned a Device Notification | Admin |
Unpaired Windows Phone Alert | Admin |
Certificate Expiry Alert | Admin |
System Account Locked Out Alert | Admin |
Local User Created Alert | User |
Android for Work User Creation Failure Alert | Admin |
Clear Passcode Notification for User | User |
Device Roaming Notification | Admin |
Admin Provisioned a Device Notification for User | User |
Manual Unenrollment Alert | Admin |
Edit Email Templates
- Choose the Email Template you want to edit
- Click the Edit button
When you click Edit on a template, a window will appear showing you the contents of the template.
You can use the controls at the top of this window to modify the template itself. It’s important to note that every language in the system has its own template. This means if you modify the template for English, these changes won’t affect the German template.
You can change the language currently being edited by clicking on the language drop down menu at the top. Note that language sent with the email depends on some conditions. For Admin emails, the language of the destination administrator will be used. For user enrollment based emails, the language of the user’s device using the SSP will be used. For user emails triggered by admins, the language of the admin will be used.
It’s also possible to use System Variables in each template. The availability of the variables depends on the template you are working with. By clicking the Variables drop down menu, you can choose the variable to add and also see what is available for that template.
Edit SMS Template
You can also modify the SMS message that is sent to users on enrollment. You can modify the message individually per language. The only variable available for SMS message is {0}, and this will be replaced with the user’s enrollment link automatically.
The SMS text should not be more than 83 characters.
- Scroll down to the SMS Template section
- Select from the drop down list the language you want to edit
- Change the text, but keep the {0} variable
- Click Save
- Click Reset to restore to get back to the default text
Hardware Authentication
Hardware authentication is a form of access control to Silverback which can ensure that only pre-authorized devices are allowed to become a managed devices, e.g. Corporate owned devices that are issued and are fixed assets of the business. During the enrolment process, Silverback will verify the serial number and or IMEI of the device against the pre-authorized list and only recognized devices will get to the managed status. Not known devices will stay in blocked mode.
Overview
Detail | Example | Description |
---|---|---|
Id | e.g. 1 | Database ID for the item |
Serial Number | e.g. F17M9VN8FFG8 | Serial number of the device |
IMEI | e.g. 35303609258938 8 | IMEI number of the device |
Username | e.g. tim.tober@imagoverum.com | Displays the associated user to this device when it is enrolled. |
Ownership |
|
Displays the pre-defined ownership for this device and will overwrite whatever end users are choosing from Self Service Portal |
Device Name | e.g. Imagoverum-iPad-001 | Displays the pre-assigned device name |
Label | e.g. Marketing | Displays the currently associated Label |
Visibility Flag | e.g. Executive Board | Displays the currently associated Visibility Flag |
Edit | ![]() |
Edit the selected device id |
Remove | ![]() |
Removes the selected device id |
Add New Device ID
Note that either Serial or IMEI is required, but one must exist. It’s also allowed to populate both serial and IMEI, but this will match either or (i.e. it will not make sure the device matches both values, it will find the first match and allow this).
Setting | Options | Example | Description |
---|---|---|---|
Serial Number | Enter Serial Number | e.g. F17M9VN8FFG8 | Serial number of the device you want to detect |
IMEI | Enter IMEI | e.g. 353036092589388 | IMEI number of the device you want to detect |
Pre-Assign Device Name | Enabled or Disabled | e.g. Imagoverum-iPad-001 |
If enabled, the Device Name column in the CSV will be used to populate the device name value for this serial number. Supported only for iOS supervised devices |
Pre-Assign Ownership | Enabled or Disabled | Corporate or Personal | If enabled, the console user can select the Ownership that will be assigned to the imported devices, either Corporate or Personal. It will overwrite whatever end users are choosing from Self Service Portal |
Pre-Assign Label | Enabled or Disabled | e.g. Marketing | If enabled, the Label will be populated to this serial device |
Pre-Assign Visibility Flag | Enabled or Disable | e.g. Executive Board | If enabled, the Visibility Flag will be populated to this serial device |
Bulk Import
Create your *.csv file
Hardware Authentication *.csv file needs to be created in the following format: Serial Number,Label,Device Name,Visibility Flag,IMEI
- Tip 1: Either Serial or IMEI is required, but one must exist
- Tip 2: Our recommendation is to use Serial Number as criteria
- Tip 3: Create for any Device Platform (iOS, Android) separated *.csv files
- Tip 4: For all other then iOS, keep the *.csv format, enter a dummy Device Name and do not Enable Pre-Assign Device Name
iOS example:
F9FWFJD4JF85,Frankfurt,Tim Tobers iPad,Executive Board,353036092589388
F17M9VN8FFG8,Frankfurt,Tim Tobers iPhone,Executive Board
F9FWFJD4JF86,New York,Maria Millers iPad,Executive Board
F17M9VN8FFG9,New York,Maria Millers iPhone,Executive Board
F9FWFJD4JF81,London,Vincent Valentines iPad,Executive Board,353036092589389
Android example:
02503a0759313c6b,Frankfurt,Android,Executive Board
00cebf02959bc196,New York,Android,Executive Board
Download Example File: Hardware Authentication.csv
Bulk Import Device IDs
- Click Bulk Import
- Click Choose File
- Select your *.csv file
- Click Open
- Enable Pre-Assign Device Name (optional)
Silverback System Variables are not supported
- Enable Pre-Assign Ownership (optional)
- Enable Pre-Assign Label (optional)
- Enable Pre-Assign Visibility Flag (optional)
- Click Save
Licenses
The Silverback License information is important as it will not only tell you how many devices are enrolled into Silverback, it can also tell you how many Silversync licenses have been consumed and when you’re Maintenance Period Expires.
Information | Example | Description |
---|---|---|
License ID | e.g. 2500 | License ID given by Matrix42 |
Customer | e.g. Imagoverum | Customer behind the License |
Maintenance Expires | e.g. 31 January 2025 | Display the expiration date of your Maintenance. Once this has expired, you will need to renew your Support Contract to regain access to the latest Silverback Upgrades. |
Current Software Version | e.g 18.0.3.22 | Displays your current installed Silverback Version |
Status | e.g. Valid | Displays the License Status |
Silverback Device Quantity | e.g. 50000 | Displays the corresponding License amount of devices for Silverback. |
Silverback Device Used | e.g. 25000 | Displays the corresponding License amount of devices already in use with Silverback. |
Silverback Devices Remaining | e.g. 25000 | Delta between Silverback Device Quantity and Device Used |
Silversync Device Quantity | e.g. 50000 | Displays the corresponding License amount of devices for Silversync. |
Silversync Devices Used | e.g. 25000 | Displays the corresponding License amount of devices already in use with Silversync. |
Silversync Devices Remaining | e.g. 25000 | Delta between Silversync Device Quantity and Device Used |
Companion Device Quantity | e.g. 50000 | Displays the corresponding License amount of licenses for Companion. |
Companion Devices Used | e.g 25000 | Displays the corresponding License amount of devices already in use with Companion. |
Companion Devices Remaining | e.g. 25000 | Delta between Companion Device Quantity and Device Used |
Remove Duplicate Device Info | Enabled or Disabled |
Remove Duplicate devices will attempt to detect if a device enrolling already exists, and remove it. This is because some devices do not provide a unique identifier, if this setting is enable, Silverback will attempt to match existing data, such as IMEI number, Serial number and remove the previous entry if it detects one. |
Maximum Devices Per User | e.g. 3 |
Set a limit on the number of devices an individual user can enroll into Silverback. If users has too many devices enrolled they will met a warning on the Self Service Portal when trying to create a new Pending Enrollment. |
License Key |
|
Here you enter after your Silverback installation your License Key provided by Matrix42 |
Lockdown Interval
Lockdown Interval will determine how often Silverback asks each device that is enrolled to perform a Check in to ensure it is still complying with corporate policy. Silverback will automatically stagger these calls out, so that not all devices are asked to check in at the same time, so keep this in mind if you are seeing some delay between different devices. If the device is unable to connect to the Internet, or communicate with Silverback or Cloud Messaging Services (Apple & Android) then the device isn't able to check in – but should do so as soon as it is introduced to a connection where these services are available. Take as well into consideration that the Check In process may have an impact on device battery and data consumption, so set these to sometime sensible.
Allow Automated Unblocking: Allows the system to automatically unblock a device if it no longer violates policy. By default, unblocking requires Admin intervention. By configuring this, if the device checks in and the system detects that a blocking policy is no longer violated, the user will be unblocked automatically, with one exception; admin initiated blocked. These still require the Administrator to manually unblock the device.
Setting | iPhone, iPad, iPod, OSX | Android, Samsung Safe | Windows 10 Mobile | Windows 10 |
---|---|---|---|---|
Audit Interval | e.g. 720 Minutes | e.g. 720 Minutes | not available | not available |
Allow Automated Unblocking | Enabled or Disabled | Enabled or Disabled | Enabled or Disabled | Enabled or Disabled |
Number of initial pools | not available | not available | e.g. 25 | not available |
Initial poll interval (Minutes) | not available | not available | e.g. 5 | not available |
Number of Secondary polls | not available | not available | e.g. 10000 | not available |
Secondary poll interval (Minutes) | not available | not available | e.g. 120 | not available |
Interval of remaining polls (Minutes) | not available | not available | e.g. 240 | not available |
Logs
Administrators have the ability to export the error logs from Silverback. These logs could contain either any error messages generated by Silverback or any Action Audit details performed by Administrators and Help Desk users. Administrators can filter the results based on date, using the Start Date and End Date parameters. Simply select the date range and the log generated will return the information within that date range.
Overview
Logs | |
---|---|
Number of days to retain logging | The number of days Silverback should keep logging information. |
Save | Saves the number of days to retain logging |
Generate Logs | |
Type | The type of log to export (Error Log or Audit Log) |
Start Date | Specifies the Start Date of the Exported Log |
End Date | Specifies the End Date of the Exported Log |
Generate Log | Generates the log files in CSV format |
Activation Lock Bypass | |
Export Bypass Codes | To bypass the Activation Lock, click Export Bypass Codes from the Logs page |
Error Logs
Silverback manages its enrolled devices through a series of commands that are sent and received by these devices over either a Wireless or Cellular connection. If for any reason one of these devices responds with an error, Silverback will log it in this error log for the Administrator to find.
The Error log is generated with the following headers:
Header | Example | Description |
---|---|---|
DeviceId | e.g. 1001 | Unique device ID |
UserName | e.g. maria.miller@imagoverum.com | Username associated with the device that generated the error. |
LdapFirstNameUserField | Maria | Users First Name as read from LDAP |
LdapSurnameUserField | Miller | Users Surname as read from LDAP |
MdmCommand | e.g InstallProfile | MDM Command Silverback tried to send |
MdmErrorChainId | e.g 346 | Unique Number for this error in Silverback |
MdmDeviceCmdId | e.g. 105558 | Unique Number ID for this error encountered by Silverback |
Mdm_ErrorCode | e.g. 1000 | MDM Error Code as documented by Apple |
Mdm_ErrorDomain | e.g. MCProfileErrorDomain | MDM Error Message as documented by Apple |
Mdm_USEnglishDescription | e.g. The profile “Lock Screen Message” is invalid. | Error Message displayed in English |
Mdm_LocalizedDescription | e.g. The profile “Lock Screen Message” is invalid. | Error Message displayed in the Local Regional Language (as configured on the device). |
CreatedDate | 02/01/2019 15:46:19 | Recorded error date and time |
Audit Logs
The Audit Logs will help Silverback Administrators keep a track of which user performed which action within the Silverback Management Console. The Audit Log is generated with the following headers:
Header | Example | Description |
---|---|---|
ID | e.g. 5461 | Unique Action ID Number |
ActionTime | e.g. 02/01/2019 14:11:26 | Time when the action was performed |
ActionUser | e.g. admin | Username of the Silverback Administrator that performed the Action |
ActionAddress | e.g. 10.0.0.101 | IP Address of the Computer that the action was performed on |
ActionAction | e.g. ModifyTagSettings | Action that the User tried to perform |
ActionDestination | TagAdd,198 | Device the action was performed against OR, the TAG/Setting that was edited by the user. |
Activation Lock Bypass
For devices running iOS 7.1 or higher, it’s possible to override devices that have had Activation Lock enabled on them. For the bypass to work, three conditions must be met:
- Device must be running iOS 7.1 or above
- Device must be supervised
- Allow Activation Lock must be enabled in restrictions for that device.
When the device enrolls, Silverback will request a bypass code from the device, whether the user has enabled Activation Lock or not. To bypass the Activation Lock, click Export Bypass Codes from the Logs page. A CSV file will be downloaded containing all of the bypass codes that Silverback has collected. Locate the device by using either the UDID, Last MDM Username or IMEI Number, and then note down the Activation Lock Bypass Code. On the device, when prompted for the previous user’s iTunes account information, leave the Username field empty, and enter the bypass code in the password field.
Do not include hyphens when typing in the code.
The Bypass Code Export is generated with the following headers:
Header | Example | Description |
---|---|---|
Device UDID | e.g. eb0fe2bd19451bb54e0d608847c52be9c87b1d81 | Device UDID to identify the device |
Last MDM User Name | e.g. maria.miller@imagoverum.com | Last associated username for the device |
Serial Number | e.g. F9FPT2YRFLMY | Device serial number to identify the device |
IMEI Number | e.g. 35 877405 911775 2 | Device IMEI number to identify the device |
Activation Lock Bypass Code | e.g. Q3GL4-T4Y3H-GCQL-J9NK-8D1M-6MV4 | Code to bypass the activation lock |
MDM Settings
MDM Settings contains settings that are specific to MDM for certain platforms.
Windows 10 Mobile
Setting | Example | Description |
---|---|---|
Support phone number | e.g. 069 69696969 | Will be displayed under the Work account under Settings |
Support website | e.g. https://www.matrix42.com | Will be displayed under the Work account under Settings |
Support email address | e.g. tim.tober@imagoverum.com | Will be displayed under the Work account under Settings |
Windows 10
Setting | Example | Description |
---|---|---|
Support phone number | e.g. 069 69696969 | Will be displayed under the Work account under Settings |
Support website | e.g. https://www.matrix42.com | Will be displayed under the Work account under Settings |
Support email address | e.g. tim.tober@imagoverum.com | Will be displayed under the Work account under Settings |
OSX
Setting | Example | Description |
---|---|---|
Default PIN for Policy Actions | e.g. 12345678 | When the system automatically locks an OS X device, this is the default PIN that will be set. It is mandatory that a PIN be provided when locking or wiping the device, and this will be the value that is set. |
Pending Commands
Pending commands section will let you enable Managed App Feedback Collection for iOS devices, display all outstanding send commands to iOS, Android, Samsung Safe and OSX devices and display concurrency statistics (if enabled).
Managed App Feedback Collection for iOS
With iOS 7 and above, application developers can add information to their applications that a third party system like Silverback can retrieve. Enabling this setting will make sure that managed applications will be checked for application feedback. The application feedback is viewed from the Device Information Popup.
Pending Commands Overview
iOS, OSX Samsung SAFE and Android devices have pending commands stored in a form of queue. This means when a device checks in to the system, the system will find commands for that device in the queue and execute them. The table shows what pending commands exist in the system and also let you search and sort them, or delete them.
The various elements of the Pending Commands table contains:
Information | Description |
---|---|
DeviceID | Unique device ID to which the command belongs to |
Username | Username of the user who’s device has the command queued |
Platform | The OS type of the device, e.g. iOS, OSX, Samsung SAFE, Windows 10 |
Command | Actual command that is queued. You will notice patterns here, for example if you click “Refresh” on a device from the Devices Tab, you will see a certain set of commands appear in this list for that device. |
Queued | Date and time that the command was queued |
Now Now | If the device is not ready for a command, generally in the case of iOS it will reply with a “Not Now”, meaning that its not ready. This could be for example if you attempt to install an application on the device, but the screen is locked. |
Delete | Delete the command from the table |
- Click Refresh to update the pending command list
- Select outstanding pending commands and click delete selected (not recommended)
Concurrency Statistics
Concurrency Statistics gives you an overview of how long commands are taking to execute in your environment. The graph will display the average execution time for the top slowest requests. The “Current cut off limit” is the maximum number of devices that can connect to the system at any one time (this excludes enrolling devices). In large deployments, this means that a steady load can be achieved on the server. When a device attempts to connect and this number is consumed, the device will be told to “go away”, and attempt to connect later. Use the average execution time in the graph to determine your system limit. If the times are getting too high, reduce the cut off limit.
These settings will only be visible if the settings for concurrency in the Settings Administration page allow it. See the Settings Administration guide for enabling this.
Self Service Portal
End users interface with Silverback through the Self-service portal. The self-service portal can be customized to provide a recognizable look and feel for end users.
With the Require Policy Agreement setting enabled the user must agree to a Corporate Policy before they are able to begin the enrolment process. Enabling this policy will change the layout of the Self Service Portal to include an ‘Agreement Checkbox’ with an additional, customizable text that is displayed under the Self Service Portal Window.
Please refer to our Getting Started Guide - Company Branding
Front End
Setting | Options | Description |
---|---|---|
Use default text and graphics | Enabled or Disabled | Login Pages will be shown with default settings |
Use Banner | Enabled or Disabled | Choose between Banner or Logo |
SSP Banner | Choose File | Change to your customized banner |
Require Policy Agreement | Enabled or Disabled | Enables a checkbox which needs to be accepted before users can create an enrollment token |
Policy Agreement Text | e.g. Terms and Conditions | Changes the name of the optional checkbox |
Policy Agreement File URL | e.g. https://www.matrix42.com | Create a hyperlink to your Terms and Conditionals |
Additional SSP Text | e.g. Welcome to Matrix42 Silverback | Add a footnote to Login Pages |
Show Ownership | Enabled or Disabled | If disabled, the ownership selection will not be displayed |
Set Personal Ownership to default | Enabled or Disabled | If enabled, Personal is set to default |
Detect country code by IP | Enabled or Disabled | Will detect the country code automatically (e.g +49) |
Configure presets | e.g. +49 | Will set a default phone number |
Define placeholder | e.g. +49 17012345678 | Create a hint how endusers phone number could look like |
One Time Passwords
Setting | Options | Description |
---|---|---|
OTP Expiry |
|
Define the expiration date of created OTPs |
OTP Length |
|
Defines the length of created OTPs |
OTP Strength |
|
Defines the complexity of created OTPs |
Allow Multiple Pending Enrollments | Enabled or Disabled | Allows a user to have multiple pending enrollments |
Activate Bulk Staging Mode | Enabled or Disabled | Should be activated if your plan to use service accounts for devices |
Set OTP Expiration Date to unlimited | Enabled or Disabled | Will expose OTP expiration dates for selected bulk stating mode users to unlimited |
Select users for Bulk Staging Mode | e.g. tim.tober@imagoverum.com | Define your staging users |
Simple Enrollment
Setting | Options | Description |
---|---|---|
iOS Simple Enrollment | Enabled or Disabled | Allows a direct enrollment from the device without entering a OTP via enrollment link |
macOS/iPadOS Simple Enrollment | Enabled or Disabled | Allows a direct enrollment from the device without entering a OTP via enrollment link |
Android Simple Enrollment | Enabled or Disabled | Allows a direct enrollment from the device without entering a OTP |
Android Simple Enrollment SSP with OTP | Enabled or Disabled | Allows a direct enrollment from the device by opening the enrollment link |
Android Simple Enrollment SSP with SMS | Enabled or Disabled | Allows a direct enrollment with the use of a received SMS |
Use QR-Code | Enabled or Disabled | Displays a QR-Code for Enrollments and enables all Simple Enrollment methods |
QR-Code Logo | Choose File | Change the QR-Code Logo Icon. A recommended size is 48x48 pixel |
Silversync
On a high level this sections lets you add, configure, enable and disable Silversync Servers for Silverback. Silversync is the Mobile Content Management Solution from Silverback and lets end users remotely gain access to internal files.
Please refer to the Silversync Installation and Configuration Guide
The iOS Application Tab lets you define applications for iOS to gain access to internal files. These will be prefilled from Matrix42 and in usual cases you will not have to configure something additional here.
User Management
User Management section give Administrators an overview of all existing accounts and their corresponding roles. New Users can be created, Additionally Viability Flags can be set and API Tokens can be generated. Under the Active Directory tab Administrators have the ability to define LDAP Groups, so that all members of this group are able to login as an administrative user into the Management Console.
Overview
Setting | Options | Description |
---|---|---|
ID | e.g. 1 | |
Username | e.g. admin | |
Roles | e.g. Administrator | |
e.g. admin@imagoverum.com | ||
Time Zone | e.g. (UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna | |
Edit | ![]() |
|
Remove | ![]() |
Create New System User
From here the administrator is able to create local users to manage the Silverback environment.
- Click New System User
- Fill in the following information
Setting | Options | Description |
---|---|---|
Username | e.g. Tim.Tober | Username for the new user |
e.g. tim.tober@imagoverum.com | Valid Email address for the user | |
Password | e.g. Pa$$w0rd |
Password for the user with the following requirements
|
Confirm Password | e.g. Pa$$w0rd | Ensure the password is set correctly |
Receive Email Alerts | Enabled or Disabled | Enables administrative alerts for this user. |
Date Format |
|
Change the Date/Time format depending on the region |
Time Zone | UTC-12:00 - UTC+14:00 | Time Zone where user is located. It is important to ensure you correctly select the Local Time Zone, as this will adjust the date/time for all events caused by this user, ensuring that all Silverback Logs, Administrative Email Alerts, and User Actions will all display the local time for the user. |
Role |
|
Sets the Level of access for the user |
Language |
|
Sets the default language that will be displayed when this user logs in. If Default is selected, Silverback will attempt to use the browser’s language setting |
- Click Save
Adjust User Details
- Click the Edit button next to any of the listed System User
Account Locked Out
Silverback will automatically lock out any Management Account if the password has been incorrectly entered a specified number of times. By Default this is set to 10. To adjust the specified number of times login as Settings Administrator. Under General you will find the Maximum Failed Login Attempts for Console Users.
Once a user’s account has been Locked Out due to incorrect password attempts, you will find the status in the User Details view under Account Locked Out. If this checkbox is enabled, then the account is locked. To unlock the account, uncheck this checkbox and click save.
Visibility Flags
It’s possible with Silverback to configure devices so that console users can or cannot see them. At a high level, this is achieved by assigning a Visibility Flag to a device. A Visibility Flag is simply a piece of text. Then configure system user accounts to either see, or not see these flags.
From the Edit or New User screen, the Visibility Flags have the following top-level options:
- None - The system user will see no devices
- All - The system user will see all devices
- Custom - The console user will see the Visibility Flag selected in the Edit Popup
You can either set the Visibility Flag by Bulk Provision Users or by opening the Device Overview and click the ... next to Device Visibility Flag and enter a Flag. Afterwards all created Flags will be visible when you click the Edit Popup button for system users.
API Token
API Tokens can be used to integrate any third party solution with Silverback. Please refer to the API Integration Guide to get detailed information about the Silverback API.
Active Directory
Under the Active Directory tab Administrators have the ability to define LDAP Groups, so that all members of this group are able to login as an administrative user into the Management Console. Please refer to our Release Notes, where the functionality is fully described.
Role Name | Group Name |
---|---|
Administrator | e.g. silverback_admins |
Helpdesk | e.g. silverback_helpdesk |
Reporting | e.g. silverback_reporters |
Super Helpdesk | e.g. silverback_suhelpdesk |
App Manager | e.g. silverback_appmanager |
File Sync Manager | e.g. silverback_filesync |
Content Manager | e.g. silverback_content |
Settings Administrator | e.g. silverback_setting |
Volume Purchase Program
Apple’s VPP App Licensing program is a service end point that Apple provides, where by licenses can be dynamically assigned to users and/or devices automatically and also revoked. Silverback handles the assignment of users and devices to your VPP Program automatically when the users enroll in the system. Licenses purchased are also retrieved from Apple, and automatically populated into the App Portal where they can then be assigned to Tags. Users and Devices are assigned licenses when they are present in a Tag that has a VPP Application assigned to it. Users and Devices have assigned licenses revoked when they transition out of a Tag with a VPP Application assigned. Information is automatically synchronized with Apple, and can also be forced by clicking the Refresh button from the VPP App Licensing section. For troubleshooting, Logs can be exported by clicking the Logs button.
For integration of Volume Purchase Program please refer to: Apple Deployment Programs Integration Guide
Overview
The Overview Section provides a high level view of your VPP Account, lets you enter the company token and configure VPP Settings.
Item | Description |
---|---|
Last modified | Shows the last time Silverback retrieved updated information from Apple. |
Organization Name | The name associated with your VPP Account. This is provided when you sign up for the VPP Program |
Token Expiry Date | The date that the VPP Token will expire. New tokens can be retrieved from the VPP Program website from Apple. The token can be managed from the Settings Section |
Total Users | Total users that have been added to your account, whether the user has associated themselves or not. |
Associated Users | Users that are assigned to VPP and have also accepted and associated their iTunes account with your VPP Program |
Total Licenses | Total licenses purchased for your VPP account, whether assigned to users or not. |
Associated Licenses | Total number of licenses that are assigned to users in your system. |
Total Assets | The number of applications in the system (regardless of the number of licenses per app). |
Settings
Settings Name | Description |
---|---|
Un-assign licenses from external users | Will instruct Silverback to automatically remove licenses from users it’s not aware of. This is helpful when migrating from another solution that managed VPP for you, without you needing to manually un-assign all licenses. |
Period to refresh VPP data | Time in minutes before VPP information should be updated. We recommend to sync twice a day |
Country code | Country code of the VPP apps you wish to install |
Language code | Language code of the VPP apps you wish to install. Note this should be the same as Country code. |
VPP Operation Mode | Allows you to determine the default behavior when assigning VPP apps to devices or users. This can be overridden on an individual app from the App Portal Tab also. |
Logs
Settings Name | Description |
---|---|
Enable detailed logging | Will enable a detailed logging for Volume Purchase Program. This will create a separate section for vpp logs in the Silverback Logs area (e.g. https://silverback.imagoverum.com/admin/logs) |
Assets
The assets section provides a list of all VPP applications in the system Silverback displays the following application information:
- Asset ID
- App (Name)
- Asset ID
- Total Amount of Licenses
- Total Assigned Licenses
- Total Available Licenses
- Retired Licenses
- Is Irrecoverable
- Product Type
Users
User section displays information about VPP users and the offers possibility to export the list of users in the system.
Item | Description |
---|---|
Export Users | Allows you to export the list of users in the system. |
VPP User ID | Silverback’s ID for the user |
Client ID | The unique identifier for the user in your VPP account |
The email address of the user entry in your account | |
Status |
The status of this user in your system: Registered – The user has been added to your account, but the user has not yet associated their iTunes account. Registered users will not receive VPP App Licenses Associated – The user has been added to your account and also associated their iTunes account. Associated users are eligible to receive VPP Applications |
Invite URL | If the user isn’t associated, you can see the invite URL here. Users should be invited automatically, but you can also distribute this URL to the user to let them enrol in the system. |
Actions | Retire user. This will remove the user from the VPP account and release all licenses. This is not permanent; the user can be re-invited to your system at a later date. |
VPP Users Export
The CSV export for users contains the following fields:
- VPP User ID
- Client ID
- Status
Licenses
The licensing section allows you to view the users, devices and licenses associated with your account. The main view is a table which shows you the licenses in your account, and the information associated with it. You can also export a list of licenses, and manually assign and un-assign licenses from users.
Item | Description |
---|---|
Export Licenses | Allows you to export the list of licenses in the system. |
VPP License ID | Silverback’s ID for the license |
License Id | The unique identifier for the license in your VPP account |
App Name | Displays the (iTunes) Application Name |
User Email | The email of the user who owns the license, if associated. |
Serial | If the user isn’t associated, you can see the invite URL here. Users should be invited automatically, but you can also distribute this URL to the user to let them enrol in the system. |
Asset Id | The asset ID number for the app (check Assets) |
Status |
The status of this license in your system. Available – The license is not in use by any user, and is available to be assigned Associated – The license is assigned to a user. |
Actions |
Lets you manually assign or un-assign a licence. When clicking assign, only valid users and devices will be selectable from the list.
|
Assign Licenses
When you click the icon in the action column on a license that is assigned, the license will be removed from the user or device. If the action button is to Assign, you will be given a pop-up to assign the license. By default, you will see the valid users that this can be assigned (if available) to and choose one:
When you click Devices, you will see valid devices this license can be assigned to.
VPP Licenses Export
The CSV export for licenses contains the following fields:
- VPPLicense ID
- Licence Id
- Adam ID (Asset ID)
- Status
- UserEmail
- Serial
Import
- Navigate to Import Section
- Configure your default values for importing VPP Applications:
Setting | Description |
---|---|
Automatically Push to Managed Device | Installs the App on the device when enrolled into Silverback If the Allow App Store restriction has been disabled, App Store Apps will not be automatically pushed to Managed Devices. |
Remove App when MDM Profile is removed. | Removes the App from the device when MDM Profile is removed from Silverback. |
Prevent Backup of App Data | Prevents iTunes from backing up any information from this client to a computer when tethered. |
Take Management if the app is already installed | Take management of the application if the user installed this themselves outside of management. This is silent for supervised devices and will normally prompt the user |
- Click Save Settings
In case of updating these values, it is possible to update all current existing applications or just to save new values and all newly imported will receive this settings
- Navigate to Overview