We are preparing a new source of documentation for you. Work in progress!

Difference between revisions of "Device control"

From Resco's Wiki
Jump to: navigation, search
(Security policy)
Line 44: Line 44:
  
 
== Security policy ==
 
== Security policy ==
 
+
[[File:New security policy.png|thumb|right|200px|Create security policies]]
 
A security policy is a set of properties that are applied to all devices for which the policy is set.
 
A security policy is a set of properties that are applied to all devices for which the policy is set.
  
Line 50: Line 50:
  
 
; Application Session
 
; Application Session
: '''Require Login after X minutes of inactivity''' – After defined time in minutes the Mobile CRM application asks for the password to continue using it.
+
: '''Require Login after X minutes of inactivity''' – After defined time in minutes, the Mobile CRM application asks for the password to continue using it.
  
 
; Check Security Policy
 
; Check Security Policy
: '''At Application Login''' – Mobile CRM application checks whether there is a change in the security policy at the application login. Login is performed either at the start of the application or if user enters password to log in to the application.
+
: '''At Application Login''' – Mobile CRM application checks whether there is a change in the security policy at the application login. Login is performed either at the start of the application or if user enters a password to log in to the application.
 
: '''Every X Hours''' – Security Policy is checked periodically after defined time in hours.  
 
: '''Every X Hours''' – Security Policy is checked periodically after defined time in hours.  
 
{{Note|If none of these options are used, the policy is downloaded only at synchronization.}}
 
{{Note|If none of these options are used, the policy is downloaded only at synchronization.}}
Line 59: Line 59:
 
; Lock Application
 
; Lock Application
 
: '''Lock Application''' – If this option is enabled, all devices under this policy will be locked and the application cannot be used unless the device has a different policy assigned.
 
: '''Lock Application''' – If this option is enabled, all devices under this policy will be locked and the application cannot be used unless the device has a different policy assigned.
: '''If no server contact after X hours''' – Application is locked if it did not connect to the CRM server either in matter of checking the policy or synchronization, or online mode access. Application can be unlocked by entering the correct password. Also, internet access is required in this case.
+
: '''If no server contact after X hours''' – Application is locked if it did not connect to the CRM server either in matter of checking the policy or synchronization, or online mode access. The application can be unlocked by entering the correct password. Also, internet access is required in this case.
 
: '''During non-business hours''' – Application is locked if the current time is outside of the given interval.
 
: '''During non-business hours''' – Application is locked if the current time is outside of the given interval.
 
: '''Invalid password X times''' – If a wrong login password is entered for a specified number of times, the Mobile CRM application locks up (Admin lock) and can be unlocked in the Woodford’s Security list of devices. The locked device will have a Lock checkbox enabled and needs to be unchecked.
 
: '''Invalid password X times''' – If a wrong login password is entered for a specified number of times, the Mobile CRM application locks up (Admin lock) and can be unlocked in the Woodford’s Security list of devices. The locked device will have a Lock checkbox enabled and needs to be unchecked.
  
 
; Wipe Application
 
; Wipe Application
: '''Wipe Application''' – If this option is enabled, all devices under this policy are wiped, even if user tries to synchronize the Mobile CRM with the server.
+
: '''Wipe Application''' – If this option is enabled, all devices under this policy are wiped, even if the user tries to synchronize the Mobile CRM with the server.
 
: '''If no server contact after X hours''' – The device’s local Mobile CRM database is wiped out if the application does not contact server after the specified number of hours.
 
: '''If no server contact after X hours''' – The device’s local Mobile CRM database is wiped out if the application does not contact server after the specified number of hours.
 
: '''Invalid password X times''' – The device’s local Mobile CRM database is wiped out after entering a wrong password for a specified number of times.
 
: '''Invalid password X times''' – The device’s local Mobile CRM database is wiped out after entering a wrong password for a specified number of times.
Line 72: Line 72:
 
=== Default security policy ===
 
=== Default security policy ===
  
When a new device is set to synchronize with user’s server, it is automatically listed under the Default policy. You can edit this policy by selecting the Default row and clicking on '''Edit''' button on the toolbar. By editing this policy, you define how all devices shall handle security until being moved under a custom created Security Policy.
+
When a new device is set to synchronize with user’s server, it is automatically listed under the Default policy. To edit the policy, select the Default row and click '''Edit'''. By editing this policy, you define how all devices handle security unless you move them to a custom policy.
  
 
== Technical details ==
 
== Technical details ==

Revision as of 10:41, 4 December 2019

Administrators can use Woodford to display devices that are synchronized with your CRM.

Select Device control from the Administration menu of Woodford to display:

  • list of security policies
  • list of devices associated with each security policy

Toggle the arrow in the security policy line to show or hide devices using that policy.

Device details

Name
Name of the device
State
State of the device’s security (OK, locked, or wiped)
Device ID
Unique device identification
Device OS
Operating system of the device
Version
Version of the Resco Mobile CRM app installed on the device
Lock, Wipe, Full Sync
Tools for remote management of devices
Current User, Business Unit
Name of the user currently using the device and their business unit
Synchronized On, Synchronization Status
Date and result of the most recent synchronization. You can also access the most recent synchronization log from here.
Project Name
Name of the Woodford project running on the device

Check Lock if you want to lock the application on a particular device. Locked application does not start.

Check Wipe if you want to delete the local database on a device, including server URL and user credentials.

Check Full Sync if you want to ensure that the next synchronization of that device will be a full synchronization. This checkbox will be disabled automatically after full synchronization finishes. What will happen is that the user changes will be uploaded, local Mobile CRM app database will be deleted and initial, full synchronization will be performed. If there are unsynchronized changes or Sync Errors, e.g. synchronization conflicts waiting for resolving, Force Full Sync will not be performed until these conflicts are resolved.

If there is a permission change on user’s security role, this change will be applied only with full synchronization. The easiest way to get these changes applied, is to use the Force Full Sync for all devices that users with the updated security role are using.

Note With Android and iOS platforms, the push notifications are used for the Lock and Wipe and the device is Locked or Wiped out immediately (or after application start) when the device connects to the internet. Other platforms require performing synchronization or changing the Security policy.

For more security related information (sum up) and examples on how it works in real life, please check the security webinar. Webinar

Toolbar functions

New Policy
Create a new security policy.
Edit
When you edit a device, you can select a different security policy, lock, wipe, or force full synchronization.
When you edit a policy, you can edit its settings.
Delete
When you delete a device, the device is assigned the default policy when the device next synchronizes with the server.
When you delete a security policy, you need to assign devices to another policy. Security policy cannot be deleted if there are devices assigned to it.
Export
Download a .csv file with the list of devices.
Sync Log
Display a list of synchronization logs of a device.
Sync Status
Toggle to populate the columns Synchronization Status and Project Name.

Security policy

Create security policies

A security policy is a set of properties that are applied to all devices for which the policy is set.

Security policy properties are in these groups:

Application Session
Require Login after X minutes of inactivity – After defined time in minutes, the Mobile CRM application asks for the password to continue using it.
Check Security Policy
At Application Login – Mobile CRM application checks whether there is a change in the security policy at the application login. Login is performed either at the start of the application or if user enters a password to log in to the application.
Every X Hours – Security Policy is checked periodically after defined time in hours.
Note If none of these options are used, the policy is downloaded only at synchronization.
Lock Application
Lock Application – If this option is enabled, all devices under this policy will be locked and the application cannot be used unless the device has a different policy assigned.
If no server contact after X hours – Application is locked if it did not connect to the CRM server either in matter of checking the policy or synchronization, or online mode access. The application can be unlocked by entering the correct password. Also, internet access is required in this case.
During non-business hours – Application is locked if the current time is outside of the given interval.
Invalid password X times – If a wrong login password is entered for a specified number of times, the Mobile CRM application locks up (Admin lock) and can be unlocked in the Woodford’s Security list of devices. The locked device will have a Lock checkbox enabled and needs to be unchecked.
Wipe Application
Wipe Application – If this option is enabled, all devices under this policy are wiped, even if the user tries to synchronize the Mobile CRM with the server.
If no server contact after X hours – The device’s local Mobile CRM database is wiped out if the application does not contact server after the specified number of hours.
Invalid password X times – The device’s local Mobile CRM database is wiped out after entering a wrong password for a specified number of times.

Devices can be assigned to the Security Policy after selecting them and clicking on the Edit button on the toolbar (or double-clicking on the device). To change the Security Policy, select the Policy that should be used from the options. Please note that a new Security Policy needs to be created in order to assign it to the device.

Default security policy

When a new device is set to synchronize with user’s server, it is automatically listed under the Default policy. To edit the policy, select the Default row and click Edit. By editing this policy, you define how all devices handle security unless you move them to a custom policy.

Technical details

Internally, the information about devices and security policies are stored on the CRM server.

  • Each device is represented by a record in the resco_mobiledevice entity (Dynamics) or mobiledevice entity (Resco).
  • Each security policy is a record in the resco_mobilesecuritypolicy entity (Dynamics) or mobilesecuritypolicy entity (Resco).

Installations with Salesforce store this information in Resco CRM server.