Skip to main content
Matrix42 Self-Service Help Center

Tags Guide Part I: Create and Deploy

Create and Deploy

Adding additional Admin Tags allows Administrators to specify Groups or levels of security to their Silverback Installation. Once a Device is enrolled it should already have its ‘Base Level of Security’ so Administrators can now create additional Tags and apply these to selected devices which will then receive the updated settings.

New Tag

  • To create a new Tag navigate to Tags 
  • Click New Tag
  • Enter a friendly name (required)
  • Enter a description (required)
  • Select the Enabled Features Area
    • Profile
    • Policy
    • Apps
    • Content
  • Select the Device Types (required)
    • iPhone
    • iPad
    • iPod
    • Android
    • SamsungSafe
    • Windows 10
    • Windows 10 Mobile
    • macOS
    • AppleTV
  • Enable Auto Population (optional)
  • Click Save

After clicking Save all Enabled Features will be activated in the left panel.

Auto Population

Once an Admin Tag has been created, you can set up conditions so that devices enrolling into Silverback are auto-assigned upon enrollment. Using the information captured during enrollment, Silverback will determine if the incoming device needs to have Tags associated with it.

Device Variables

Operators

The Device Variable field does not always have to be ‘absolute’, by using a wildcard (*) character in the Device Variable Value field the scope of the Auto-Population is widened to allow more devices.

Operator Function Purpose
* Wildcard Allows the Administrator to specify Wildcards when filtering devices.
> Greater Than Used for Numerical Fields, will allow the Admin to specify values Greater than a value.
< Less Than Used for Numerical Fields, will allow the Admin to specify values Less than a value.
Variables
Device Variable Key Device Variable Value Description
Type e.g. Galaxy A5 Device Model Name
OS Version e.g. > 12.1.1 The OS version reported by the device
Model Number e.g. SM-A520F Device Model Number
Current Country e.g. Germany Device Current Country
Current Network e.g. o2 - de Device Current Network
Subscriber Country e.g. Switzerland The country that the device reported on enrollment
Subscriber Network e.g. o2 - ch The network that the device reported on enrollment
Label e.g. Marketing Device Label as specified in the console
Roaming True or False The tag is assigned to roaming devices
IP Address e.g. 10.0.0.110

The IP address of the device(e.g. 192.168.1.100/32)

The acceptable formats are:

Single IP address (10.10.1.1)

IP range with hyphen (10.10.1.1-10.10.1.200)

IP range using CIDR notation (e.g. 10.0.0.0/24)

IP range using wildcard (10.10.1.*)

SSID e.g. Imagoverum Wi-Fi

The name of the WiFi SSID that device is connected to
The acceptable formats are:

Full SSID name (e.g. Airport)

Wildcarded SSID name (e.g. Airp*)

Multiple SSID values using + as delimiter (e.g. Airport+Linksys)

Note: This value is only reported by Companion client
MDM Version e.g. 6.1  *only for Samsung Safe. Samsung SAFE MDM Version for the device
iTunes Account  True or False For iOS devices, set to true or false to populate if the user has an iTunes account configured.

User Variables

LDAP Base DN

In some scenarios, it is necessary to specify the Base DN where the LDAP filter should be performed. The Base DN should be entered into the text box provided, with a Full DN Syntax (Distinguished Name), which can be found using Active Directory User and Computers or another LDAP Browser.

E.g. MemberOf=OU=Frankfurt,DC=imagoverum,DC=com

LDAP Filter 

Auto Populating an Admin Tag can also be done using containers that exist within your LDAP schema (or Active Directory). This means that if you have setup distribution groups for individual departments, you can auto assign Tags based on these groups. When adding an LDAP Filter it must be done in Full DN Syntax (Distinguished Name), which can be found using Active Directory User and Computers or another LDAP Browser. An example of Full DN Syntax is displayed below:

Full DN Syntax Example for a Sales Department Distribution group: MemberOf=CN=Sales Department, CN=Groups,DC=imagoverum,DC=com

Ignore Empty Results

The option for “Ignore Empty Results” will tell the server to not remove users from the Tag, if the response from LDAP is empty. In some scenarios an LDAP source can return a valid, successful result however without any LDAP results. Normally this would cause Silverback to remove all users from this Tag. If your LDAP source is returning empty results validly, then use this option to ensure minimal user interruption.

Selected Ownership

Define to which Ownership Type the Tag should be applied. You can choose between All, Corporate and Personal

Manually Associate Devices

  • After saving the configured Tag click Associated Devices
  • You will see a list of already associated devices
  • Click Attach More Device 
  • Select applicable Devices from the List
  • Click Attach Selected Devices
  • To detach devices use the Detach functionality. 

Export

To Export a list of users associated with a specific Tag, use the following steps:

  • Click the Export button and choose the location to save the output file (in XLS Format).

Push

  • Click Push to Devices to force an policy update for all associated devices. 
  • Was this article helpful?