Guide
TrainingSupportCommunity

Set up Bring Your Own Device (BYOD)

Suggest Edits

To set up bring your own device (BYOD):

  1. Specify corporate email domains in the Local Bypass Settings. This allows users to request an activation code after installing the client on their device. For instructions, see Specify corporate email domains.

    🚧

    Do not specify domains that are associated with unauthorized users. For example, do not specify a domain for a public service like gmail.com that has addresses of users who are not part of your organization.

  2. Specify usernames or email addresses of users in the User Lists. If you plan to manually distribute activation codes to users or send an email invitation that includes the code, you can specify a random username or an email address for each client user​. For more information, see Generate activation codes in a CSV file.

    The username or email address that is provided allows ​SIA​ to easily identify users in reports. This information is shown in the Device Owner field that’s available in event and activity reports.

  3. Distribute MITM certificates to ​ETP Client​ devices. The MITM certificate for ​SIA​ Proxy is required for TLS inspection of web traffic. To use ​ETP Client​ with the proxy, you need to securely distribute and install the certificate on the user’s device.

    To distribute the certificate to a laptop or computer, see Distribute the ​SIA​ Proxy certificate. To distribute the certificate to a mobile device, see Distribute MITM certificates to ​SIA​ mobile devices. To generate a certificate, see Create an ​Akamai​ certificate and Create a non-​Akamai​ certificate.

Specify corporate email domains

To support activation requests from users who install the client, you need to enter the corporate email domains in the Local Bypass Settings. ​SIA​ uses this information to verify that users belong to these domains.

🚧

Do not specify domains that are associated with unauthorized users. For example, do not specify a domain for a public service like gmail.com that has addresses of users who are not part of your organization.

To specify corporate email domains:

  1. In the Threat Protection menu of Enterprise Center, select Clients & Connectors > Local Bypass Settings.

    You can also access these settings in the Configuration settings for ​ETP Client​. In the Enterprise Center navigation menu, select Clients & Connectors > ​ETP Client​s. Click Configuration.

  2. Expand the Email Domains section.

  3. In the Corporate Email Domains field, enter one or more corporate email domains. End users need to belong to one of the specified domains to receive the email invitation with the activation code.

  4. Click Save. To save and deploy this configuration, click Save and Deploy.

Next steps

Email activation codes to users

Before you begin

If you would like users to have the option of requesting activation codes from the client, make sure you define the corporate domains in the Local Bypass Settings. For more information, see Specify corporate email domains.

From ​SIA​, you can send users an email that contains the activation code. An activation code is valid for seven days.

For a mobile client, the email will contain a deep link that activates the client. The user has seven days to click the deep link or copy the activation code and paste it into the client. If the user has not yet installed the client, the deep link redirects the user to the appropriate app store (according to device type). After installing the client, the user can provide the activation code.

To email activation codes to users:

  1. In the Threat Protection menu of Enterprise Center, select Clients & Connectors > ​ETP Client​s.

  2. Click the Activation tab.

  3. In the Select Type field, select Send email invitation.

  4. In the User's List area, enter a comma-separated list of user email addresses where you want to send activation codes. To add users in bulk, you can download the spreadsheet template, enter email addresses, and upload the spreadsheet. For instructions, see Email activation codes to users in bulk.

  5. Click Submit. The emails are sent to the users you specified in the User's List.

Email activation codes to users in bulk

Before you begin

If you would like users to have the option of requesting activation codes from the client, make sure you define the corporate domains in the Local Bypass Settings. For more information, see Specify corporate email domains.

Complete this procedure to download the template spreadsheet for one-time activation codes and upload it with the email addresses of users who you want to receive the email invitation for ​ETP Client​. The email contains the activation code and for mobile clients, a link that users can tap to automatically activate ​ETP Client​ on their device.

To email activation codes to users in bulk:

  1. In the Threat Protection menu of Enterprise Center, select Clients & Connectors > ​ETP Client​s.

  2. Click the Activation tab.

  3. Download the Bulk OTAC spreadsheet and complete the spreadsheet:

    1. Click Bulk OTACs to download the spreadsheet template.

    2. In the User column of the downloaded spreadsheet, enter an email address in each row.

    3. Save the spreadsheet.

  4. In the Select Type field, select Send email invitation.

  5. Click Upload CSV to find and select the spreadsheet. The users you specified are sent an activation code email.

Generate activation codes in a CSV file

Before you begin

If you would like users to have the option of requesting activation codes from the client, make sure you define the corporate domains in the Local Bypass Settings. For more information, see Specify corporate email domains.

Complete this procedure to generate activation codes for users in a CSV file. After you generate activation codes, you can distribute these codes offline to users.

The usernames or email addresses that you specify in the User's List or in an uploaded CSV are used to identify the Device Owner in ​SIA​ reports.

To generate activation codes in a CSV file:

  1. In the Threat Protection menu of Enterprise Center, select Clients & Connectors > ​ETP Client​s.

  2. Click the Activation tab.

  3. In the Select Type field, select Download as CSV.

  4. In the User's List field, enter a comma-separated list of unique users. You can provide an email address or a random username. No spaces are allowed in the names.

    To add users in bulk, see Generate activation codes for users in bulk.

  5. Click Generate & Download. A CSV with the users you added to the User's List and the activation codes appear.

Next steps

Securely communicate activation codes to users.

Generate activation codes for users in bulk

Before you begin

If you would like users to have the option of requesting activation codes from the client, make sure you define the corporate domains in the Local Bypass Settings. For more information, see Specify corporate email domains.

Complete this procedure to generate activation codes by submitting a CSV file that contains a list of users IDs and email addresses. This process involves downloading the one-time activation codes CSV template and uploading it to ​SIA​.

To generate activation codes for users in bulk:

  1. In the Threat Protection menu of Enterprise Center, select Clients & Connectors > ​ETP Client​s.

  2. Click the Activation tab.

  3. Download the Bulk OTAC CSV file and complete the spreadsheet:

    1. Click Bulk OTACs to download the spreadsheet template.

    2. In the User column of the downloaded spreadsheet, enter an email address or a random username for a user in each row.

    3. Save the CSV.

  4. In the Select Type field, select Download as CSV.

  5. Click Upload CSV. A CSV file with the users and their activation codes appear.

Next steps

Securely communicate activation codes to users.

Distribute MITM certificates to ​SIA​ mobile devices

A MITM certificate needs to be installed on each device to allow ​SIA​ Proxy to inspect traffic.

To distribute MITM certificates to ​SIA​ mobile devices:

  1. An ​SIA​ administrator securely distributes the certificate to end users. This can be done using email, the corporate intranet web site, or other means.

  2. The end user then installs the certificate as required for the device type shown in this table:

Device TypeSteps
iOS devicesThe end user:

  1. Downloads the certificate to the device and is prompted to install it.
  2. Verifies the certificate displays under iOS Settings > General > Profiles.
  3. Navigates to iOS Settings > General > About > Certificate Trust Settings and enables the certificate.
Android and Chromebook devicesThe end-user performs the following steps:

  1. Downloads the certificate to the device.
  2. Uses a file manager app to find and install the downloaded certificate.
  3. Verifies that the certificate displays under Settings > Security.

Updated about 1 year ago