Set up Bring Your Own Device (BYOD)

To set up bring your own device (BYOD):

  1. Specify corporate email domains in the Local Bypass Settings. This allows you to specify the email domains of users who are authorized to activate the client. For instructions, see Specify corporate email domains.

    ūüöß

    Do not specify domains that are associated with unauthorized users. For example, do not specify a domain for a public service like gmail.com that has addresses of users who are not part of your organization.

  2. Specify usernames or email addresses of users in the User Lists. If you plan to manually distribute activation codes to users or send users an email invitation that includes the code, you can specify the username or email address of users in ‚ÄčSIA‚Äč. For more information, see Generate activation codes in a CSV file.

    The username or email address that is provided allows ‚ÄčSIA‚Äč to easily identify users in reports. This information is shown in the Device Owner field that‚Äôs available in event and activity reports.

  3. Distribute MITM certificates to ‚ÄčETP Client‚Äč devices. The MITM certificate for ‚ÄčSIA‚Äč Proxy is required for TLS inspection of web traffic. To use ‚ÄčETP Client‚Äč with the proxy, you need to securely distribute and install the certificate on the user‚Äôs device.

    To distribute the certificate to a laptop or computer, see Distribute the ‚ÄčSIA‚Äč Proxy certificate. To distribute the certificate to a mobile device, see Distribute MITM certificates to ‚ÄčSIA‚Äč mobile devices. To generate a certificate, see Create an ‚ÄčAkamai‚Äč certificate and Create a non-‚ÄčAkamai‚Äč certificate.

Specify corporate email domains

To support activation requests, you need to enter the corporate email domains in the Local Bypass Settings. ‚ÄčSIA‚Äč uses this information to verify that users belong to these domains.

ūüöß

Do not specify domains that are associated with unauthorized users. For example, do not specify a domain for a public service like gmail.com that has addresses of users who are not part of your organization.

To specify corporate email domains:

  1. In the Threat Protection menu of Enterprise Center, select Clients & Connectors > Local Bypass Settings.

    You can also access these settings in the Configuration settings for ‚ÄčETP Client‚Äč. In the Enterprise Center navigation menu, select Clients & Connectors > ‚ÄčETP Client‚Äčs. Click Configuration.

  2. Expand the Email Domains section.

  3. In the Corporate Email Domains field, enter one or more corporate email domains. End users need to belong to one of the specified domains to receive the email invitation with the activation code.

  4. Click Save. To save and deploy this configuration, click Save and Deploy.

Next steps

Email activation codes to users

Before you begin

Make sure an administrator defines corporate domains in the Local Bypass Settings. For more information, see Specify corporate email domains.

From ‚ÄčSIA‚Äč, you can send users an email that contains the activation code. An activation code is valid for seven days.

For a mobile client, the email will contain a deep link that activates the client. The user has seven days to click the deep link or copy the activation code and paste it into the client. If the user has not yet installed the client, the deep link redirects the user to the appropriate app store (according to device type). After installing the client, the user can provide the activation code.

To email activation codes to users:

  1. In the Threat Protection menu of Enterprise Center, select Clients & Connectors > ‚ÄčETP Client‚Äčs.

  2. Click the Activation tab.

  3. In the Select Type field, select Send email invitation.

  4. In the User's List area, enter a comma-separated list of user email addresses where you want to send activation codes. To add users in bulk, you can download the spreadsheet template, enter email addresses, and upload the spreadsheet. For instructions, see Email activation codes to users in bulk.

  5. Click Submit. The emails are sent to the users you specified in the User's List.

Email activation codes to users in bulk

Before you begin

Make sure an administrator defines corporate domains in the Local Bypass Settings. For more information, see Specify corporate email domains.

Complete this procedure to download the template spreadsheet for one-time activation codes and upload it with the email addresses of users who you want to receive the email invitation for ‚ÄčETP Client‚Äč. The email contains the activation code and for mobile clients, a link that users can tap to automatically activate ‚ÄčETP Client‚Äč on their device.

To email activation codes to users in bulk:

  1. In the Threat Protection menu of Enterprise Center, select Clients & Connectors > ‚ÄčETP Client‚Äčs.

  2. Click the Activation tab.

  3. Download the Bulk OTAC spreadsheet and complete the spreadsheet:

    1. Click Bulk OTACs to download the spreadsheet template.

    2. In the User column of the downloaded spreadsheet, enter an email address in each row.

    3. Save the spreadsheet.

  4. In the Select Type field, select Send email invitation.

  5. Click Upload CSV to find and select the spreadsheet. The users you specified are sent an activation code email.

Generate activation codes in a CSV file

Before you begin

Make sure an administrator defines corporate domains in the Local Bypass Settings. For more information, see Specify corporate email domains.

Complete this procedure to generate activation codes for users in a CSV file. After you generate activation codes, you can distribute these codes offline to users.

The usernames or email addresses that you specify in the User's List or in an uploaded CSV are used to identify the Device Owner in ‚ÄčSIA‚Äč reports.

To generate activation codes in a CSV file:

  1. In the Threat Protection menu of Enterprise Center, select Clients & Connectors > ‚ÄčETP Client‚Äčs.

  2. Click the Activation tab.

  3. In the Select Type field, select Download as CSV.

  4. In the User's List field, enter a comma-separated list of unique users or arbitrary names. No spaces are allowed in the names.

    To add users in bulk, see Generate activation codes for users in bulk.

  5. Click Generate & Download. A CSV with the users you added to the User's List and the activation codes appear.

Next steps

Securely communicate activation codes to users.

Generate activation codes for users in bulk

Before you begin

Make sure an administrator defines corporate domains in the Local Bypass Settings. For more information, see Specify corporate email domains.

Complete this procedure to generate activation codes by submitting a CSV file that contains a list of users IDs and email addresses. This process involves downloading the one-time activation codes CSV template and uploading it to ‚ÄčSIA‚Äč.

To generate activation codes for users in bulk:

  1. In the Threat Protection menu of Enterprise Center, select Clients & Connectors > ‚ÄčETP Client‚Äčs.

  2. Click the Activation tab.

  3. Download the Bulk OTAC CSV file and complete the spreadsheet:

    1. Click Bulk OTACs to download the spreadsheet template.

    2. In the User column of the downloaded spreadsheet, enter an email address or User ID for a user in each row.

    3. Save the CSV.

  4. In the Select Type field, select Download as CSV.

  5. Click Upload CSV. A CSV file with the users and their activation codes appear.

Next steps

Securely communicate activation codes to users.

Distribute MITM certificates to ‚ÄčSIA‚Äč mobile devices

A MITM certificate needs to be installed on each device to allow ‚ÄčSIA‚Äč Proxy to inspect traffic.

To distribute MITM certificates to ‚ÄčSIA‚Äč mobile devices:

  1. An ‚ÄčSIA‚Äč administrator securely distributes the certificate to end users. This can be done using email, the corporate intranet web site, or other means.

  2. The end user then installs the certificate as required for the device type shown in this table:

Device TypeSteps
iOS devicesThe end user:

  1. Downloads the certificate to the device and is prompted to install it.
  2. Verifies the certificate displays under iOS Settings > General > Profiles.
  3. Navigates to iOS Settings > General > About > Certificate Trust Settings and enables the certificate.
Android and Chromebook devicesThe end-user performs the following steps:

  1. Downloads the certificate to the device.
  2. Uses a file manager app to find and install the downloaded certificate.
  3. Verifies that the certificate displays under Settings > Security.