Installing a Secured Workspace Container on an iOS device using an email process

In an earlier OBE, Sign and Generate Secure Workspace Application Container you created an "ipa" file for the
secure workspace container called Bitzer.ipa

1. Transfer the secure workspace container application Bitzer.ipa from the iMac or Macbook Pro laptop (where XCode
   was running and where the file was archived and exported) to the OMSS machine (idgovserver1.idc.oracle.com)
   using the ftp command. Move the file to the directory /opt/oracle/omss/msas/htdocs/bmax

2. Login to MSAC using admin@idc.oracle.com

3. Click Catalog. Click Add vApp.

   

4. Select ORACLE CONTAINER APP. Click Browse and upload the Bitzer.ipa file.

   

   

From MSAC Console Settings click invite templates. From here, you can  create new templates, edit an  existing
template and define custom email templates for sending provisioning e-mails to end users.

1. Navigate to Settings > invite templates. Click Create New Template .

   

2. Observe that Access Server Hostname is specified as idgovserver1.idc.oracle.com, Template Name is
   MyCompany container provisioning, Subject line for the email is Secure Container Activation for
   MyCompany Inc. Confirm that the Include TLP option is not selected and Include UPN option is selected.

   

   Note: Generally, you would want the enterprise employees to login to the secure workspace using their enterprise
   SSO credentials (AD in this OBE). However, OMSS also gives the option to setup first time login to secure the
   workspace container using a TLP (Time Limited Password) . This feature is only applicable for Pkinit use-case. You
   will explore this use-case later in a different OBE using Kerberos with Pkinit.

   UPN is Universal Principal Name. If this option is selected, you will be given the option to input the user name
   in an e-mail address format as shown below.

   

   

3. Change the body of the email to:

   Welcome to the mobility program. Please follow the steps below to install and activate the Secure Container on your device.
   These steps need to be taken from your mobile device. If you are not viewing this email on the mobile device you are trying to
   activate then please forward it to the mobile device and perform these steps on that device.

   1. Download and Install the container application iOS Oracle Secure Container on your iOS device.

   2. You have to install the self-signed certificate for OMSS Access server host on your iOS device. This is required for
      mobile device to securely communicate with MSAS. In a real world environment, you would not have to perform this
      step as you will be using trusted CA certificates instead of self-signed certificates.

1. Login to MSAC  as admin@idc.oracle.com.

2. Click Settings > invite settings to specify the SMTP exchange server properties.

   

   Click Save.

   Note: Exchange Server has already been configured on the machine windowserver1.idc.oracle.com. For this OBE,
   SSL has been disabled. However in production environments, SSL must be enabled.

1. Click Policies > Default Policy.

   

2. Click Provisioning. From invite template , Select the newly created invite template. Click Save.

   

3. Next, identify the users or groups to whom the email should be sent. This email will be used to download the
   secure workspace container on their mobile device.

   Navigate to Groups. Select mobileusers (this is the control group in your environment i.e, all the users of the
   secure mobile devices must be members of this group). Click Invite.

   

   If you want the email to be sent to registered users, Select Yes. By default No is selected. Click Invite again.

   

1. Navigate to your mobile device and open the email on your email client. Login as any user
   who is a member of the mobileusers control group  for eg. sanjays@idc.oracle.com

   

2. Click Self Signed Certificate link in your email, to install the SSL certificate.

   1. On the Install Profile window, Click Install.

      

   2. If your iPad is protected using a Security passcode, Enter it now.

      

   3. Ignore the warning and click Install.

      

   4. Click Install again.

      

   5. In the Profile Installed window, click Done.

      

   6. Navigate to Settings > General > Profiles. Verify that the profile is installed successfully.

      

3. Install the secure workspace container using the following steps.

   1. From the email, Click the link (iOS Oracle Secure Container) to download the iOS secure workspace container
      on your iPad. This will invoke secureworkspace.plist where the location of the workspace app is specified.

   2. Click Install. This installs the custom secure workspace container on your iPad.

      

1. On the mobile device, tap MyCompanySecureWorkspace app and open it. Click Trust.

   

2. Notice that the Configuration URL page appears for a few seconds before re-directing to the secure login page.
   In an earlier OBE, Customizing Secure Workspace Application Container, you have already configured
   the URL in the secure workspace container app and set auto configure to true.

   Also notice that the secure container app is fully customized and branded as MyCompany Secure Container, it
   doesn't have the Oracle default branding.

   The option to receive notification can be set as shown below. These settings appear for the first time the
   container app is installed on the mobile device. Click OK.

   

3. In the Secure Login page, login as an AD user who belongs to the mobileusers control group for example,
   sanjays@idc.oracle.com

   

4. You get the option to choose if the workspace app should access your location even when the application is not used. Click Allow.

   

5. If you see the following error, navigate to the OMSS machine (idgovserver1.idc.oracle.com). Edit the
   krb5.conf file under /opt/oracle/omss/msas/conf directory as the root user.

   

   
   

   

   Replace the AD server hostname with the IP address of the AD machine.

   

   Save the file. Restart Mobile Security Access Server.