Xcitium Enterprise Admin Guide - Profiles for iOS Devices

Profiles for iOS Devices

iOS profiles let you specify a device's network access rights, restrictions and other general settings.

Process in Brief:

Click 'Assets' > 'Configuration Templates' > 'Profiles'.

Click 'Create' > 'Create iOS Profile'.

Type a name and description for your profile then click the 'Create' button. The profile will now appear in 'Assets' > 'Configuration Templates' > 'Profiles'.

New profiles have only one section - 'General'. Click 'Add Profile Section' to add settings for various security and management features. Each section you add will appear as a new tab.

Once you have fully configured your profile you can apply it to devices, device groups, users and user groups.

You can make any profile a 'Default' profile by selecting the 'General' tab then clicking the 'Edit' button.

This part of the guide explains the processes above in more detail, and includes in-depth descriptions of the settings available for each profile section.

Create an iOS profile

Click 'Assets' > 'Configuration Templates' > 'Profiles'

Click the 'Create' button > 'Create iOS Profile':

Enter a name and description for the profile

Click the 'Create' button

The new profile will open at the 'General Settings' section:

The profile is not a 'default' profile at this stage. A 'default' profile is one that is applied automatically to any device which matches its operating system. You can have multiple 'default' profiles per operating system.

Click the 'Make Default' button if you want this profile to be a default.

Alternatively, click the 'Edit' button on the right of the 'General' settings screen and enable 'Is Default'.

Click 'Save'.

The next step is to add profile sections.

Each profile section contains a range of settings for a specific management feature.

For example, there are profile sections for 'Email', 'Single Sign-On', 'LDAP', 'Cellular Networks' and so on.

You can add as many different sections as you want when building your device profile.

To get started:

Click 'Add Profile Section'

Select the component that you want to include in the profile:

Configure the component as required

Click 'Save'

This adds a new tab for the component to the profile:

The following links explain more about each section:

Air Play

Air Print

Calendar

Cellular Networks

Certificate

Contacts

Active Sync

Global Proxy HTTP

LDAP

E-Mail

Passcode

Proxy

Restrictions

Single Sign-On

Subscribed Calendars

Per -App VPN

Web Clip

Wi-Fi

App Lock

Air Play settings

These settings let you whitelist devices which can play content from managed iOS devices via Apple Airplay. Example devices are televisions, monitors, stereo systems.

Note: If you do not create a whitelist then managed mobile devices will be able to broadcast to any Airplay capable device.

Click 'Air Play' from the 'Add Profile Section' drop-down

Form Element	Description
White List Devices ID	Enter the identifier of the output device that you want to whitelist for Air Play. The ID numbers of the devices should be entered in the format as given below: XX:XX:XX:XX:XX:XX Note: The whitelist is applicable for supervised iOS 7+ devices and will not apply for all other devices. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables. Click the button to add more 'Device ID' fields. Click beside an item to remove it from the list.
Device Name	Enter the name of the Air Play output device that you entered above. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables. Click the 'Add' button to add more devices Click beside a device name to remove it from the list.
Password	Enter the password for the Air Play destination that you entered above.
Add	Click this button to add another 'Devices' section.

Click the 'Save' button.

The 'Air Play' device is added to the list.

You can add multiple Air Play devices to the profile.

Click 'Add Air Play' to add more devices

Click a device name to edit its settings

You can edit the settings or remove the section from the profile at anytime. See Edit Configuration Profiles if you want help with this.

Air Print settings

These settings let you specify the default printer your devices use with the 'Air Print' feature.

Click 'Air Print' from the 'Add Profile Section' drop-down

Form Element	Description
IP Address	Enter the network address of the Air Print printer you wish to use.
Resource Path	Enter the resource path of the printer. For example: printers/Canon_MG5300_series
Add	Click this button to add another Air Print section.

Form Element

Description

IP Address

Enter the network address of the Air Print printer you wish to use.

Resource Path

Enter the resource path of the printer.

For example: printers/Canon_MG5300_series

Add

Click this button to add another Air Print section.

You can add more printers by repeating the process. To remove a printer, click the 'X' button beside the printer.

Click the 'Save' button.

The printer is added to the list.

Click 'Add Air Print' and repeat the process to add more printers.

Click the name of a printer to view and edit its settings of a printer.

You can edit the settings or remove the section from the profile at anytime. See Edit Configuration Profiles for more details.

APN settings

Note: APN settings have been deprecated in favor of cellular settings in iOS 7 and above.

Click 'APN' from the 'Add Profile Section' drop-down

Form Element	Description
Access Point Name (APN)*	Enter the name of the GPRS access point provided by the cellular service provider. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
Access Point User Name / Access Point Password	Enter the login of the APN account to connect to the access point. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
Proxy Server / Proxy Port	Enter the host name and connection port of the proxy server. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.

Form Element

Description

Access Point Name (APN)*

Enter the name of the GPRS access point provided by the cellular service provider.

Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.

Access Point User Name / Access Point Password

Enter the login of the APN account to connect to the access point.

Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.

Proxy Server / Proxy Port

Enter the host name and connection port of the proxy server.

Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.

Fields marked * are mandatory.

Click the 'Save' button.

You can edit the settings or remove the section from the profile at anytime. See Edit Configuration Profiles for more details.

Calendar settings

Click 'Calendar' from the 'Add Profile Section' drop-down

Form Element	Description
Account Description	Enter the display name of the CalDav account. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
Account Host Name*	Enter the CalDav host name or IP address. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
Account Port	Enter the port number on which to connect to the server. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
CalDav Account	The user name of the CalDav user. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
Account Password	The password for the CalDav account. Leave the field blank. The user will be prompted to enter the password while configuring the account for the first time. After it is validated, the users can access the account without entering the credentials.
Use SSL	If enabled, SSL connection will be established with the CalDav server.
Principal URL	The URL of the CalDav account. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.

Fields marked * are mandatory.

Click the 'Save' button after entering or selecting the parameters.

The calendar account host will be added to the list.

Click 'Add Calendar' to add more calendar servers

Click the host name of a calendar server to view and edit its settings

You can edit the settings or remove the section from the profile at anytime.

Note: A cellular network setting cannot be applied if an APN setting is already installed. This feature is available for iOS 7 and later versions only.

Click 'Cellular Networks' from the 'Add Profile Section' drop-down

Form Element	Description
Name	Enter the name for this configuration, specifying the cellular service provider. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
Authentication Type	Select the user authorization type used by the service provider. The options are CHAP or PAP.
Username / Password	Enter login credentials for the provider network. This is required to authenticate the request. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
APNs
Note: You can add more APN accounts for a single service provider by clicking the button at the bottom right.

Click 'Save'

This will add a 'Cellular Networks' tab to the profile. You can edit the settings or remove the section at anytime. See Edit Configuration Profiles if you want help with this.

Certificate settings

The certificate settings area lets you upload certificates which can be used to secure other aspects of Xcitium. For example, you can select your uploaded certificates in the 'Wi-Fi, 'Exchange Active Sync' and 'VPN' areas.

Click 'Add profile section' > 'Certificate'

Form Element	Description
Name	Enter a label for the certificate. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
Description	Enter a brief description for the certificate.
Data	Click 'Browse' and upload you certificate. Supported extensions - 'p12'. 'pub', '.crt', '.key'.
Password	Enter the password for importing the certificate.

Click the 'Save' button.

The certificate will be added to the certificate store.

Click 'Add Certificate' and repeat the process to add more certificates.

Click on the name of a certificate to view the certificate key and edit its name.

You can add any number of certificates to the profile and remove certificates at anytime. See Edit Configuration Profiles for more details.

Contacts settings

Click 'Contacts' from the 'Add Profile Section' drop-down

Form Element	Description
Account Description	Enter the display name of the CardDav account. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
Account Host Name* / Account Port*	Enter the CardDav server details. This includes hostname / IP address and server port. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
Account Username / Account Password	The login credentials of the CardDav user account. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
Use SSL	If enabled, a secure SSL connection will be used for communications with the CardDav server.
Principal URL	Enter the 'Principal URL' of the CardDav account.

Fields marked * are mandatory.

Click the 'Save' button after entering or selecting the parameters.

The contact account is added to the list.

Click 'Add Contacts' and repeat the process to add more accounts

Click the hostname of the contact account to view or edit its details

The settings will be saved and shown under 'Contacts' tab. You can edit the contacts or remove the section from the profile at anytime. See Edit Configuration Profiles for more details.

ActiveSync settings

Click 'Add Profile Section' > 'ActiveSync Settings'

Form Element	Description
Account Name	Enter the Exchange ActiveSync account name. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
Exchange ActiveSync host*	Enter the Exchange host name (Microsoft Exchange Server). Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
Allow Move	If enabled, the user can move sent or received mails to another account.
Disable Mail Recent Syncing	If enabled, recently used emailed addresses are not synced with other devices via iCloud.
Prevent App Sheet	If enabled, mails cannot be sent using third-party applications.
Use SSL	If enabled, communication between Exchange server and devices will be encrypted using SSL.
S/MIME Enabled	If enabled, users can sign and encrypt email messages from their devices. Please note that certificates have to be installed in users' devices before this feature can be used.
Domain	Email domain name. Click the 'Variables' button and click beside '%u.mail' from the 'User Variables' list. The email address of the users to whom the profile is associated will be automatically filled. For more details on variables, See Create and Manage Custom Variables.
User Name	User name for the account. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
Email Address	Address of the email account. Click the 'Variables' button and click beside '%u.mail' from the 'User Variables' list. The email address of the users to whom the profile is associated will be automatically filled. For more details on variables, See Create and Manage Custom Variables.
Password	Leave the field blank. The user will be prompted to enter the password while configuring the email account for the first time. After it is validated, the users can access the email account without entering the password.
Past days of mail to sync	Choose the period for which the emails are to be kept synchronized between the device and the exchange server from the recent past, from the drop-down.
User Certificate	Select the user client authentication certificate from the drop-down or upload it using the 'Add New' button.

Click the 'Save' button.

This adds the ActiveSync section to the profile. You can edit the settings or remove the section from the profile at anytime. See Edit Configuration Profiles for more details.

Global HTTP proxy settings

Click 'Add Profile Section' > 'Global Proxy HTTP'

Form Element	Description
Name	Enter the host name of the proxy you want devices to use. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
Proxy type	Select the proxy type from the drop-down. The options available are: None Manual Auto If you select 'Manual', enter the IP address of the proxy server, proxy server port, proxy username and proxy password in the respective fields. If you select 'Auto', enter the URL of the Proxy Pac, select whether or not the device can directly connect to the destination if Pac server is not reachable and whether or not the device can bypass the proxy server to display the login page for captive networks from the respective check box options. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.

Form Element

Description

Name

Enter the host name of the proxy you want devices to use.

Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.

Proxy type

Select the proxy type from the drop-down. The options available are:

None

Manual

Auto

If you select 'Manual', enter the IP address of the proxy server, proxy server port, proxy username and proxy password in the respective fields.

If you select 'Auto', enter the URL of the Proxy Pac, select whether or not the device can directly connect to the destination if Pac server is not reachable and whether or not the device can bypass the proxy server to display the login page for captive networks from the respective check box options.

Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.

Click the 'Save' button.

This will add a 'Global Proxy HTTP' section to the profile. You can edit the settings or remove the section from the profile at anytime. See Edit Configuration Profiles for more details.

LDAP settings

Click 'Add Profile Section' > 'LDAP'

Form Element	Description
Account description	Enter the display name of the LDAP account. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
Account hostname	Enter the hostname or IP address of the AD server. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
Account Username / Account Password	Login credentials for the LDAP account. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
Use SSL	If enabled, the communication will be encrypted.
Search settings	Configure the settings for searching email contacts from the LDAP server. See 'Search the LDAP directory' below for more details.

Search the LDAP directory

Admins can search for email contacts in the domain using the search feature.

Form Element	Description
Description	Enter a label for the search
Scope	Level of search on the LDAP tree structure. Base - Searches only the defined search base. One level - Searches the base and the first level below it. Subtree - Searches the base and all levels below.
Search base	Enter the search base for which the search will be restricted. For example, you might want to allow users to search only for other email users via LDAP.

Form Element

Description

Enter a label for the search

Scope

Level of search on the LDAP tree structure.

Base - Searches only the defined search base.

One level - Searches the base and the first level below it.

Subtree - Searches the base and all levels below.

Search base

Enter the search base for which the search will be restricted. For example, you might want to allow users to search only for other email users via LDAP.

You can add more searches by clicking the button.

To remove an item, click the button.

Click the 'Save' button.

The LDAP account will be added to the list.

You can add multiple LDAP accounts.

Click 'Add LDAP' and repeat the process to add more LDAP servers

Click the hostname of an LDAP account to view and edit its settings

This will add a 'LDAP' section to the profile. You can edit the settings or remove the section from the profile at anytime. See Edit Configuration Profiles for more details.

Email settings

Click 'Add Profile Section' > 'E-mail'

Form Element	Description
Email account description	Enter a label for the email account. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
Allowed values are email type POP and email type IMAP *	Select the mail protocol. Possible values are IMAP and POP.
Path prefix	This will be visible if IMAP is chosen as Email Type in the previous step. Enter the path of the inbox in the field. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
Email account name	Enter a label to identify the user's email account at the incoming mail server, if the profile is for a single user. Click the variables button to insert dynamic values if the profile is for several users. See Create and Manage Custom Variables for more details on variables. The email address of the users to whom the profile is associated will be automatically added to the profile while rolling out the same to the devices.
Email address	Enter the email address of the user at the incoming mail server If the profile is for a single user. Click the variables button to insert dynamic values if the profile is for several users. The email address of the users to whom the profile is associated will be automatically added to the profile while rolling out the same to the devices. See Create and Manage Custom Variables for more details on variables.
Allow move	If enabled, the user can move sent or received mails to another account.
Designates the incoming mail server host name (or IP address)*	Enter the host name of the incoming mail server or its IP address. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
Designates the incoming mail server port number*	Enter the server port number used for incoming mail service. For POP3, it is usually 110 and if SSL is enabled it is 995. For IMAP, it is usually 143 and if SSL is enabled it is 993. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
Incoming mail server username	Enter the username for the email account of the user at the incoming mail server if the profile is for a single user. Click the variables button to insert dynamic values if the profile is for several users. See Create and Manage Custom Variables for more details on variables. The email usernames of the users to whom the profile is associated will be automatically added to the profile while rolling out to the devices.
Allowed values are email auth password and email auth none *	Select the type of authentication method for the mail account from the drop-down. The options available are: None Password CRAM MD5 NTLM HTTP MD5
Incoming password	Leave the field blank. If authentication is chosen in the previous step, then user needs to enter the password while configuring the email account for the first time. After it is validated, the users can access the email account without entering the password.
Incoming mail server use SSL	If enabled, communication between incoming mail server and devices is encrypted using SSL.
Outgoing mail server host name*	Enter the host name or IP address of the outgoing (SMTP) mail server for a single user. Click the variables button to insert dynamic values if the profile is for several users. See Create and Manage Custom Variables for more details on variables.
Designates the outgoing mail server port number*	Enter the server port number used for outgoing mail service. If no port number is specified then ports 25, 587 and 465 are used in the given order. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
Outgoing mail server username	Enter the username for the email account of the user at the outgoing (SMTP) mail server if the profile is for a single user. Click the variables button to insert dynamic values if the profile is for several users. See Create and Manage Custom Variables for more details on variables. The email usernames of the users to whom the profile is associated are automatically added to the profile while rolling out to the devices.
Outgoing mail server authentication*	Select the type of authentication method for outgoing mail server from the drop-down. The options available are: None Password CRAM MD5 NTLM HTTP MD5
Outgoing password	Leave the field blank. If authentication is chosen in the previous step, then user needs to enter the password while configuring the email account for the first time. After it is validated, the users can access the email account without entering the password.
Outgoing password same as incoming password	If enabled, the password for incoming mail server will be used for outgoing mail server too.
Disable email recents syncing	If enabled, recently used email addresses are not synced with other devices via iCloud.
Signing and encryption per-message	If enabled, the device digitally signs and encrypts your mail per-message.
Prevent App Sheet	If enabled, outgoing mails can be sent from this account only via mail app.
Outgoing mail server Use SSL	If enabled, communication between outgoing mail server and devices is encrypted using SSL.
S/MIME enabled	If enabled, users can sign and encrypt email messages from their devices. Please note that certificates have to be installed in users' devices before this feature can be used.

Click the 'Save' button.

The e-mail account will be added to the profile.

You can add several email accounts to the same profile.

Click 'Add Mail' and repeat the process to add more email accounts.

Click the name of an email account to view and edit its settings

You can edit the settings or remove the section from the profile at anytime. See Edit Configuration Profiles for more details.

Passcode settings

Click 'Passcode' from the 'Add Profile Section' drop-down

Form Element	Description
Allow simple value	Allows users to use repeated or sequential characters in their passwords. For example, '9999' or ABCD.
Require alphanumeric value	Compels users to use at least one number or letter in their passwords.
Minimum passcode length	The minimum number of characters that a password should contain. The option is available to set from 1 to 16.
Minimum number of complex characters	The minimum number of symbols (non alphanumeric characters such as *, %, @) that a password should contain. The option is available to set from 1 to 4.
Maximum passcode age	Enter the maximum number of days that a password can be valid. The available option is from 1 day to 730 days. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
Maximum idle time	Select the period of time in minutes that a device can be idle before it's screen is automatically locked.
Passcode history	New passwords should not match previously used passwords. Specify the number of last used passwords that should be stored for comparison. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
Maximum grace period for device lock	Select the period from the drop-down how soon the device can be unlocked since last used without prompting the user to enter the password. The option is available from 'Immediately' to '4 Hours' If 'Immediately' is selected, the user has to enter the password each time the device is unlocked.
Maximum number of failed attempts	Select the number of unsuccessful login attempts that can be tried by a user before the device is wiped clean of all its data and settings. The option is available to set from 4 to 10. After 6 unsuccessful login attempts, there will be a time delay before a password can be entered again and the time delay period increases with each failed login attempt. This time delay begins only after the sixth attempt, so if you select the period as 6 or lower, there will be no time delay and data will be erased after the final attempt.
Allows the user to modify Touch ID	If enabled, allows user you to modify the biometric authentication to unlock your device, make purchases and so on.

Click 'Save'.

You can edit the settings or remove the section from the profile at anytime. See Edit Configuration Profiles for more details.

Proxy settings

Click 'Proxy' from the 'Add Profile Section' drop-down

Form Element	Description
Name	Enter a label for the proxy to be shown to the device users. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
Proxy	Select the proxy type from the drop-down. The options available are: None Manual Auto If you select 'Manual', enter the details for IP address of the proxy server, proxy server port, proxy username and proxy password in the respective fields. If you select 'Auto', enter the URL of the Proxy Pac. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.

Form Element

Description

Name

Enter a label for the proxy to be shown to the device users.

Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.

Proxy

Select the proxy type from the drop-down. The options available are:

None

Manual

Auto

If you select 'Manual', enter the details for IP address of the proxy server, proxy server port, proxy username and proxy password in the respective fields.

If you select 'Auto', enter the URL of the Proxy Pac.

Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.

Click the 'Save' button.

The proxy server configuration is added to the profile.

You can add more proxy server accounts to the profile.

Click 'Add Proxy' and repeat the process to add more proxy server accounts.

Click the name of a proxy server account to view or edit its details.

This will add a 'Proxy' section to the profile. You can edit the settings or remove the section from the profile at anytime.See Edit Configuration Profiles for more details.

Restriction settings

Click 'Restrictions' from the 'Add Profile Section' drop-down

Device Functionality
Form Element	Description
Allow installing apps	The user can install or update apps from the Apple App Store. If left unchecked, the App Store icon is removed from the device's home screen.
Allow app uninstall	The user can to uninstall applications.
Allow use of the iMessage	The user can quickly and easily chat over iMessage or SMS/MMS.
Allow camera	The user can to take photos, videos or use FaceTime (if enabled). If left unchecked, the camera icon is removed from the device and camera is disabled.
Allow face time	The user can use FaceTime. Please note the 'Allow face time' can be enabled only if 'Allow Camera' is enabled.
Allow Personal Hotspot	Allows users to setup Wi-Fi hot-spots from their device, and allow other devices to connect.
Allow screen shot	Allows users to take screenshots on their device.
Allow global background fetch when roaming	Select this to allow the device to sync data when in roaming mode abroad.
Allow assistant	If enabled, users can use Siri voice commands and dictation.
Allow assistant while Locked	If enabled, users can use Siri even when the device is locked. The checkbox will be active only when 'Allow Assistant' is enabled.
Allow assistant user generated content	If enabled, users can use Siri to query user-generated content from the Internet or device. (Supervised mode only.)
Forces the use of the profanity filter assistant	If enabled, enforces profanity filter for Siri.
Allow voice dialing	Select this to allow the user to dial their phone using voice commands.
Allow passbook while locked	If enabled, Passbook notifications will be displayed even when the device is locked.
Allow in app purchases	Select this to allow the user to make in-app purchases from the device.
Force iTunes store password entry	If enabled, users have to enter their Apple ID to enter the iTunes store.
Allow multiplayer gaming	Select this to allow the user to play multiplayer games in Game Center.
Allow adding Game Center friends	If enabled, users can add friends in Game Center.
Allow account modification	Select this to allow user account modifications on devices. Note: This feature is available for iOS 7+ and supervised devices only.
Allow air drop	Select this to allow Air Drop on devices. Note: This feature is available for iOS 7+ and supervised devices only.
Allow find my friends modification	Select this to enable Find My Friends feature on devices. Note: This feature is available for iOS 7+ and supervised devices only.
Allow fingerprint for unlock	Select this to enable Touch ID to unlock devices. Note: This feature is available for iOS 7+ and supervised devices only.
Allow Game Center	If enabled, users can access Game Center, an online multiplayer social gaming network. Note: This option is available for supervised devices only.
Allow host pairing	Select this to allow host pairing on devices. Note: This feature is available for iOS 7+ and supervised devices only.
Allow lock screen control center	Select this option to allow Control Center to be displayed in the lock screen. Note: This feature is available for iOS 7 and later versions.
Allow lock screen notifications view	Select this option to allow Notification Center to be displayed on the lock screen. Note: This feature is available for iOS 7 and later versions.
Allow lock screen today view	Select this option to allow the Today View from Notification Center to be displayed in the lock screen. Note: This feature is available for iOS 7 and later versions.
Allow OTAPKI updates	Select this option to allow over-the-air public key infrastructure (OTAPKI) updates on the device. Note: This feature is available for iOS 7 and later versions.
Allow UI configuration profile installation	Select this option to allow users to install UI configuration profiles. Note: This option is available for supervised devices only.
Force limit ad tracking	Select this to limit ad tracking on devices. Note: This feature is available for iOS 7 and later versions.
Force Wifi Whitelisting	If enabled, the device will connect only to whitelisted Wifi connections. Make sure at least whitelisted Wifi connection is available. Note: This option is available for supervised devices only for iOS 10.3 and later versions.
Forces all devices receiving AirPlay requests from this device to use a pairing password	If enabled, forces the use of pairing password for all other devices sending AirPlay requests to the device.
Allow managed applications from using cloud sync	If enabled, users can restrict managed apps backing up any data to iCloud, while still allowing it for user downloaded apps.
Allow the "Erase All Content And Settings" option in the Reset UI	If enabled, users can remove his/her personal information: credit or debit card, photos, contacts, music, or apps. Note: This feature is available for supervised devices only.
Spotlight will return Internet search results	If enabled, the spotlight features will provide suggestions from the Internet, iTunes, and the App Store for the user to quickly find any file, documents, emails, apps contacts and more on the device. (For supervised devices only.)
Allow the "Enable Restrictions" option in the Restrictions UI in Settings	If enabled, users can enable or disable 'Enable Restrictions' option in the 'Restrictions' user interface on the device. (For supervised devices only.)
Allow activity continuation	If enabled, user can control data flow through iCloud.
Allow backed up enterprise books	If enabled, users can backup iBooks and restrict synchronization to iCloud.
Enterprise books notes and highlights will be synced	If enabled, allows the user to to sync Enterprise books, notes and highlights to iCloud.
Allow podcasts	If enabled users can receive their favorite podcasts. Note: This feature is available only for supervised devices with iOS 8 and later versions.
Allow definition lookup	If enabled, allows the user to enable or disable spell check and definition features on the device. Note: This feature is available only for supervised devices with iOS 8.1.3 and later versions.
Allow predictive keyboard	If enabled, users can enable or disable the predictive keyboard feature. Note: This feature is available only for supervised devices only with iOS 8.1.3 and later versions.
Allow keyboard auto-correction	If enabled, allows user to enable/disable keyboard auto-correct feature. Note: This feature is available only for supervised devices with iOS 8.1.3 and later versions.
Allow keyboard spell-check	If enabled, allows user to enable/disable keyboard spell check feature. Note: This feature is available only for supervised devices with iOS 8.1.3 and later versions.
Paired Apple Watch will be forced to use wrist detection	If an Apple Watch is paired with the device, the device forces the Apple Watch to enable Wrist Detection. Note: This feature is available for iOS 8.2 and later versions.
Allow music service and music	If enabled, it allows third-party apps to add music to user's iCloud music library. Note: This feature is available for iOS 9.0 and later versions.
Allow iCloud Photo Library	If enabled, allows the user to upload photos and videos to iCloud photo library.
Allow News	If enabled, users can subscribe to news services. Note: This feature is available only for supervised devices with iOS 9.0 and later versions.
Causes AirDrop to be considered an unmanaged drop target	If enabled, all targets specified for the AirDrop feature will be considered as unmanaged drop targets. Note: This feature is available for iOS 9.0 and later versions.
Enable the App Store on the home screen	If enabled, displays the AppStore icon on the home screen of the device.
Allow keyboard shortcuts	If enabled, allows the user to create and use keyboard shortcuts for typing snippets. Note: This feature is available only for Supervised devices with iOS 9.0 and later versions.
Allow pairing with an Apple Watch	If enabled, allows the user to pair the device with an Apple Watch. Note: This feature is available only for Supervised devices with iOS 9.0 and later versions.
Allow device passcode from being added, changed, or removed	If enabled, users can create and modify screenlock passcodes for the device. Note: This feature is available only for supervised devices with iOS 9.0 and later versions.
Allow device name modification	If enabled, allows users to change the device name. Note: This feature is available for only Supervised devices with iOS 9.0 and later versions.
Allow wallpaper modification	If enabled, allows user to change wallpaper displayed on the device. Note: This feature is available only for supervised devices with iOS 9.0 and later versions.
Allow automatic download applications	If enabled, allows applications in the device to automatically download and install apps and updates. Note: This feature is available only for supervised devices with iOS 9.0 and later versions.
Allow enterprise application trust	If enabled, 'Trusted' status is automatically applied to enterprise applications. Note: This feature is available for iOS 9.0 and later versions.
Allow enterprise application trust modification	If enabled, users can manually change the Trust status of enterprise applications. Note: This feature is available only for Supervised devices with iOS 9.0 and later versions.
Allow radio service	If enabled, users can use Radio services on their device. Note: This feature is available only for Supervised devices with iOS 9.3 and later versions.
Allow notifications modification	If enabled, user can modify 'Apple Push Notifications' settings on the device. Note: This feature is available only for Supervised devices with iOS 9.3 and later versions.
Whitelisted application bundles	Add applications to the app whitelist. The applications in the whitelist will be skipped from security checks during installation and usage. Enter the App bundle ID of the application to be added to the whitelist. For more details on obtaining the App bundle ID, see the explanation at the end of this section. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables. Click the button to add more apps to the whitelist. Click beside an app to remove it from the list. Note: This feature is available only for supervised devices with iOS 9.3 and later versions.
Blacklisted application bundles	Add applications to the app blacklist. The applications in the blacklist will not be allowed to be installed or used. Enter the App bundle ID of the application to be added to the blacklist. For more details on obtaining the App bundle ID, see the explanation at the end of this section. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables. Click the button to add more apps to the whitelist. Click beside an app to remove it from the list. Note: This feature is available only for Supervised devices with iOS 9.3 and later versions.
Security and privacy
Allow diagnostic submission	If enabled, the device will be enabled to submit its iOS diagnostic information to Apple.
Allow untrusted TLS prompt	If enabled, users will be prompted if they want to trust unverified certificates. This setting applies to Calendar accounts, Contacts, Safari and to Mail.
Force encrypted backup	If left unchecked, users can select whether or not to encrypt backups from the device to iTunes in a local computer. If this option is enabled, the backup data from the device to iTunes in local computer will be automatically encrypted.
Content ratings
Allow explicit music and podcasts	Content providers of iTunes flag their explicit content for easy identification. If enabled, explicit content including music and video will be displayed in iTunes store instead being hidden, in the device.
Allow iBookstore	If enabled, users can access iBookstore, an online bookstore from Apple. Note: This option is available only for supervised devices.
Allow iBookstore erotica	If enabled, users can download media tagged as erotica from iBooks. Note: This feature is available only for Supervised devices with versions prior to iOS 6.1.
Rating region	Select the region whose content ratings are to be followed, from the drop-down.
Rating movies	Choose the content rating to be allowed for watching movies.
Rating TV Shows	Choose the content rating to be allowed for watching the TV shows.
Rating apps	Choose the rating to be allowed for using apps.
Applications
Allow use of iTunes Store	If enabled, users can access iTunes store. If left unchecked, iTune store is disabled and its icon will be removed from the home screen.
Allow Safari	If enabled, users can use Safari for browsing internet. If left unchecked, the Safari browser app will be disabled and its icon will be removed from the home screen.
Allow auto fill	If enabled, the 'auto-fill' feature will be enabled for Safari, to automatically fill details such as user name, password, credit card details and so on in web forms.
Allow java script	If enabled, java script features will be supported by Safari.
Allow popups	If enabled, popups will be allowed in Safari.
Force fraud warning	If enabled, Safari displays alerts to users when visiting websites that are identified as compromised or fraudulent.
Accept cookies	Select the option on when Safari can accept cookies, from the drop-down. The available options: Always Never From visited site
Allow app cellular data modification	If enabled, user can modify cellular data usage settings for individual apps on the device. Note: This feature is available only for Supervised devices with iOS 7 or later versions.
Allow open from Managed to Unmanaged	If enabled, users can send data from managed apps to unmanaged apps. Note: This feature is available for iOS 7 and later versions.
Allow open from Unmanaged to Managed	If enabled, users can send data from unmanaged apps to managed apps. Note: This feature is available for iOS 7 and later versions.
Autonomous single app mode permitted app bundle IDs	iOS apps built with the functionality of single App Lock, can provoke App Lock for them under certain scenarios in Autonomous single app mode. Administrators can specify the apps for which the mode can be enabled, by entering their App bundle IDs. Enter the App bundle ID of the application to be permitted for autonomous single app mode. For more details on obtaining the App bundle ID, see the explanation at the end of this section. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables. To add more apps, click button. To remove an app, click beside it. Note: This feature is applicable only for Supervised devices with iOS 7 or later versions.
iCloud
Allow cloud keychain sync	If enabled, the Apple Keychain data on the device will be synced to iCloud. Note: This feature applies only to iOS 7 and later versions.
Allow cloud backup	If enabled, users can backup their device data to iCloud. Note: This feature applies only to iOS 7 and later versions.
Allow cloud document sync	If enabled, users can synchronize documents on their device with iCloud. Note: This feature applies only to iOS 7 and later versions.
Allow photo stream	Users can use Photo Stream. Note: This feature applies only to iOS 7 and later versions.
Allow shared stream	If enabled, users can share and view photos in Photo Stream. Note: This feature applies only to iOS 7 and later versions.

Click the 'Save' button.

You can edit the settings or delete the section at any time. See Edit Configuration Profiles for more details.

Single Sign-On settings

These settings are used to configure Kerberos authentication and are applicable for iOS 7 or later versions only. You can add several Single Sign On accounts to a profile.

Click 'Single Sign-On' from the 'Add Profile Section' drop-down

Form Element	Description
Name*	Enter a label for the account. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
Principal name*	Enter the Kerberos principal name. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
Realm*	Enter the Kerberos realm name with upper-case characters. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
URL prefix matches*	Enter the URL prefix, which must be matched in order to use this account for Kerberos authentication over HTTP. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables. Click the button to add more 'URL prefix matches' fields. Click the button beside an item to remove it from the list.
App identifier matches	Enter the bundle IDs of apps that are allowed to use this Single Sign-On account for logging-in to respective account. If this field is left blank, this login matches all app bundle IDs. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables. Click the button to add more 'URL prefix matches' fields. Click the button beside an item to remove it from the list.

Click the 'Save' button.

The account will be added to the Single Sign-On section of the profile.

You can add several SSO accounts to the profile.

Click 'Add Single Sign-On' and repeat the process to add more SSO accounts

Click the name of an account to view and edit its details

This will add a 'Single Sign-On' section to the profile. You can edit the settings or remove the section from the profile at anytime. See Edit Configuration Profiles for more details.

Subscribed Calendar settings

Click 'Subscribed Calendars' from the 'Add Profile Section' drop-down

Form Element	Description
Description	Enter a description of the calendar subscription. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
URL*	Enter the URL of the calendar account to be subscribed. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
Username	The user name for the subscription. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
Password	The password for the subscription. Leave the field blank. The user will be prompted to enter the password while configuring the account for the first time. After it is validated, the users can access the account without entering the credentials.
Use SSL	If enabled, SSL connection will be established with the calendar server, if available.

Click the 'Save' button.

The calendar account will be added.

You can add several calendar accounts for a profile.

Click 'Add Subscribed Calendars' and repeat the process to add more calendar accounts.

Click the host name of a calendar account to view and edit its details.

This will add a 'Subscribed Calendar ' section to the profile. You can edit the settings or remove the section from the profile at anytime. See Edit Configuration Profiles for more details.

VPN settings

Click 'Add Profile Section' > 'VPN'

Form Element	Description
User name	Enter a label for the connection. This is shown on the device. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
Connection type*	Options available are: L2TP PPTP IPSec Cisco Any Connection Juniper SSL F5 SSL Open VPN The connection parameters for each type are explained in the table below.
Proxy	This drop-down shows any proxies you added to the proxy settings section of the profile. Choose the proxy you want the device to use. See Proxy settings if you want help to add a new proxy.

Form Element

Description

User name

Enter a label for the connection. This is shown on the device.

Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.

Connection type*

Options available are:

L2TP

PPTP

IPSec

Cisco Any Connection

Juniper SSL

F5 SSL

Open VPN

The connection parameters for each type are explained in the table below.

Proxy

This drop-down shows any proxies you added to the proxy settings section of the profile.

Choose the proxy you want the device to use.

See Proxy settings if you want help to add a new proxy.

VPN Connection Type settings

Connection Type	Description
L2TP	Override primary - Force VPN for all connections, including those to external domains: Enabled - All traffic to and from the device passes through the VPN. Disabled - The device accesses internal resources and intranet sites over the VPN, and external domains through a direct connection. Server - Enter IP address or host name of the VPN server. Click the variables button to insert dynamic values here. Account - Enter the VPN account user name. Click the variables button to insert dynamic values here. User authentication protocol - Select the authorization type the device uses to connect to the VPN server. The available options are 'Password' and 'RSA SecurID'. Password - If 'Password' is selected in 'User authentication protocol', enter the VPN account password. Click the variables button to insert dynamic values. Token Card - Select this if you have chosen 'RSA SecurID' in ''User authentication protocol'. Auth EAP plugins - Applies only if RSA SecurID is being used. Enter the 'EAP-RSA' value. Click the variables button to insert dynamic values here Shared secret - Applies only i if RSA SecurID is being used. Click the variables button to insert dynamic values here For more details on variables, see Create and Manage Custom Variables.
PPTP	Override primary- Force VPN for all connections, including those to external domains: Enabled - All traffic to and from the device passes through the VPN. Disabled - The device accesses internal resources and intranet sites over the VPN, and external domains through a direct connection. Server - Enter the IP address or host name of the VPN server. Click the variables button to insert dynamic values here. Account - Enter the VPN account user name. Click the variables button to insert dynamic values here User authentication protocol - Select the authorization type the device uses to connect to the VPN server. The available options are 'Password' and 'RSA SecurID' Password - If 'Password' is selected, enter the VPN account password. Click the variables button to insert dynamic values here Token Card - Select this if you have chosen 'RSA SecurID' in 'Auth Protocol'. Authentication EAP plugins - Applies only if RSA SecurID is being used. Enter the 'EAP-RSA' value. Click the variables button to insert dynamic values here Encryption Level - Choose the encryption level you want to use for the VPN connection. The available options are: None Automatic Maximum 128 bit encryption Shared secret - Applies only if RSA SecurID is used. Enter the shared secret string. Click the variables button to insert dynamic values here For more details on variables, see Create and Manage Custom Variables for more details.
IP SEC	Override primary- Force VPN for all connections, including those to external domains: Enabled - All traffic to and from the device passes through the VPN. Disabled - The device accesses internal resources and intranet sites over the VPN, and external domains through a direct connection. Server - Enter the IP address or host name of the VPN server. Click the variables button to insert dynamic values here Account - Enter the VPN account name. Click the variables button to insert dynamic values here Password - Enter the password for the account. Click the variables button to insert dynamic values here Authentication Method - Select the authorization type the device uses to connect to the VPN server. Shared secret / Group name - Enter the shared secret string or the group name. Certificate - If you want client certificate type authentication, choose this option and configure the parameters as given below: Password encryption - Enter a password to be used as key to encrypt the communication. Prompt for VPN PIN - The user needs to enter the VPN PIN while connecting. On demand enabled - Create rules for auto-establish the VPN connection based on the domains accessed. You can create a list of domains and specify the VPN connection establishment type for each domain. Certificate - Shows certificates uploaded for the profile. Select the client certificate you want to use for authentication. See the explanation of adding certificates to the profile for more details. Click 'Add New' to upload the a new certificate. Domain and Type fields - Add a list of domains and specify VPN connection type for each domain, if 'On demand enabled' is selected. Enter a domain name in the domain field and choose the connection type: Always establish - Initiates a VPN connection for the domain. Never establish - No VPN connection is created for the domain. Establish if needed - A VPN connection is created if domain name resolution fails. Click 'Add' to add the domain to the list Repeat the process to add more domains For more details on variables, see Create and Manage Custom Variables.
Cisco Any Connection and F5 SSL	Override primary- Force VPN for all connections, including those to external domains: Enabled - All traffic to and from the device passes through the VPN. Disabled - The device accesses internal resources and intranet sites over the VPN, and external domains through a direct connection. Remote Address - Enter the IP address or host name of the VPN server. Click the variables button to insert dynamic values here Auth name - Enter the VPN account name. Click the variables button to insert dynamic values here Authentication method - Select the authorization type the device uses to connect to the VPN server. Shared secret / Group name - Enter the shared secret string or the group name. Certificate - Id Certificate - Shows certificates uploaded for the profile. Select the client certificate you want to use for authentication. See the explanation of adding certificates to the profile for more details. On demand enabled - Create rules to auto-establish the VPN connection based on the domains accessed. You can create a list of domains and specify the VPN connection establishment type for each domain. Domain and Type fields - Add a list of domains and specify VPN connection type for each domain, if 'On demand enabled' is selected. Enter a domain name in the domain field and choose the connection type: Always establish - Initiates a VPN connection for the domain. Never establish - No VPN connection is created for the domain. Establish if needed - A VPN connection is created if domain name resolution fails. Click 'Add' to add the domain to the list Repeat the process to add more domains. For more details on variables, see Create and Manage Custom Variables.
Juniper SSL	Override primary - Force VPN for all connections, including those to external domains: Enabled - All traffic to and from the device passes through the VPN. Disabled - The device accesses internal resources and intranet sites over the VPN, and external domains through a direct connection. Remote Address - Enter the IP address or host name of the VPN server. Click the variables button to insert dynamic values here. Auth name - Enter the VPN account user name. Click the variables button to insert dynamic values here Realm - Enter the name of the authentication server. Click the variables button to insert dynamic values here Role - Enter the role of the user. Click the variables button to insert dynamic values here Authentication method - Select the authorization type the device uses to connect to the VPN server. Shared secret / Group name - Enter the shared secret string or the group name. Certificate - Certificate ID - Shows certificates uploaded for the profile. Select the client certificate you want to use for authentication. See the explanation of adding certificates to the profile for more details. On demand enabled - Create rules to auto-establish the VPN connection based on the domains accessed. You can create a list of domains and specify the VPN connection establishment type for each domain. Domain and Type fields - Add a list of domains and specify VPN connection type for each domain, if 'On demand enabled' is selected. Enter a domain name in the domain field and choose the connection type: Always establish - Initiates a VPN connection for the domain. Never establish - No VPN connection is established for the domain. Establish if needed - A VPN connection is created if domain name resolution fails. Click 'Add' to add the domain to the list Repeat the process to add more domains For more details on variables, see Create and Manage Custom Variables.
Open VPN	Override primary- Force VPN for all connections, including those to external domains: Enabled - All traffic to and from the device passes through the VPN. Disabled - The device accesses internal resources and intranet sites over the VPN, and external domains through a direct connection. Remote Address - Enter the IP address or host name of the VPN server. Click the variables button to insert dynamic values here. Certificate ID - The drop-down shows certificates uploaded for the profile. Select the client certificate you want to use for authentication. See the explanation of adding certificates to the profile for more details. Click 'Add New' to upload the a new certificate. Tip - You can extract the certificate in .p12 format, from the Open VPN configuration file (in .ovpn format) in the VPN server. Use the command "sh split-ovpn.sh config.ovpn" Upload the certificate to the profile On demand enabled - Create rules to auto-establish the VPN connection based on the domains accessed. You can create a list of domains and specify the VPN connection establishment type for each domain. Domain and Type fields - Add a list of domains and specify VPN connection type for each domain, if 'On demand enabled' is selected. Enter a domain name in the domain field and choose the connection type: Always establish - Initiates a VPN connection for the domain. Never establish - No VPN connection is created for the domain. Establish if needed - A VPN connection is created if domain name resolution fails. Click 'Add' to add the domain to the list Repeat the process to add more domains Vendor config Key - The 'Key' string in the Open VPN server configuration file (in .ovpn format). Open the .ovpn file in a text editor like Notepad Copy the content between the tags , excluding '-----BEGIN PRIVATE KEY-----' and '-----END PRIVATE KEY-----', and paste into the 'Key' field Value - The 'Value' string in the Open VPN configuration file Copy the content from between the tags, if present in the configuration file and paste into the 'Value' field similar to above. Else, leave this field blank. Click 'Add' to add the vendor config to the list Repeat the process to add more vendor configurations. For more details on variables, see Create and Manage Custom Variables.

Click the 'Save' button.

The VPN connection is added to the profile.

You can add several VPN accounts to the profile.

Click 'Add VPN' and repeat the process to add more VPN accounts.

Click the name of a VPN account to view and edit its settings

This will add a 'VPN' section to the profile. You can edit the settings or remove the section from the profile at anytime. See Edit Configuration Profiles for more details.

Per-App VPN settings

Note: If you would like to connect only certain apps to VPN, then this feature allows you to configure the settings. This feature is available for iOS 7 and later versions.

Click 'VPN Per App' from the 'Add Profile Section' drop-down

On Demand Match App Enabled - Select this checkbox to enable per-app VPN connection.

Safari domains - Domains for which a VPN connection is established when visited through Safari browser.

Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.

Click the button to add more domains in the field.

Click the button to remove a domain from the list

For details on other settings please see 'VPN settings'.

Click the 'Save' button.

The VPN per App settings for the specified VPN server will be saved and added to the list.

You can add multiple VPN servers for the profile.

Click 'Add VPN per App' and repeat the process to add more VPN accounts

Click on a VPN account name to view and edit its settings

This will add a 'Per-App VPN' section to the profile. You can edit the settings or remove the section from the profile at anytime. See Edit Configuration Profiles for more details.

Web Clip settings

Click 'Web Clip' from the 'Add Profile Section' drop-down

Form Element	Description
Label*	Enter a name for the web clip. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.
URL*	The website address visited when the clip is opened. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more detail on variables.
Is removable	If enabled, users can remove the web clip from their devices.
Pre composed	If enabled, the web clip icon will be shown with no added visual effects.
Full screen	If enabled, the user can choose to view the web clip full screen mode.
Icon	Upload the image to be used as icon for the web clip.

Click the 'Save' button.

The web clip will be added to the list.

You can add multiple web clips for a profile.

Click 'Add Web Clip' and repeat the process to add more webclips

Click the name of a web clip to view and edit its settings

The settings will be saved and shown under the 'Web Clip' tab. You can add more web clips and edit the settings or remove the section from the profile at anytime. See Edit Configuration Profiles for more details.

Wi-Fi settings

Click 'Wi-Fi' from the 'Add Profile Section' drop-down

Form Element	Description
SSID*	Enter a unique identifier (Service Set Identifier) of the wireless network that the device should connect to. Note: In iOS 7 and later versions, this is optional if the 'Domain Name' value is set.
Auto join	The device will automatically connect to the configured wireless network.
Hidden network	Select this option if the specified wireless network is hidden and not visible to Wi-Fi scans.
Encryption type	Select the type of encryption used by the wireless network from the drop-down. The available options are: None WEP WPA / WPA2 Any WEP Enterprise WPA / WPA2 Enterprise Any (Enterprise) The Password field will appear if any of the options, 'WEP', 'WPA / WPA2' and 'Any' are chosen. If any of the Enterprise encryption type is chosen, then select the supported protocols and configure authentication. The options available are: TLS, LEAP, TTLS, PEAP, EAP-FAST, Use Pac, Provision pac and Provision Pac Anonymously, PAP, CHAP, MS CHAP ans MS CHAP V2
Password	Enter the password to connect to the Wi-Fi network. If left blank, the user will be prompted to enter the password when the device attempts to connect to the network.
Proxy	The proxy servers you added to the proxy settings section of the profile are available for selection in the 'Proxy' drop-down Choose the proxy to be used by the device for connecting to internet through the Wi-Fi connection. You can also add new proxy servers: Click the 'Add New' and specify the proxy server settings. Repeat the process to add more proxies See 'Proxy settings' for more help with this.
Is hotspot	If enabled, the network is treated as a hotspot.
Service provider roaming enabled	If enabled, devices can connect to roaming service providers.
Domain name	Enter the domain name of the Wi-Fi network to which the device has to connect. This is optional and can be provided instead of SSID. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables. Note: This feature applies only to iOS 7 and later versions.
Displayed operator name	Enter the name of the Wi-Fi network provider, to be shown on the device to the user. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables. Note: This feature applies only to iOS 7 and later versions.
Roaming consortium OIs	Enter the Roaming Consortium Organization Identifier of the Wi-Fi network provider to which the devices will connect to. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables. Click the button to add more Roaming Consortium OIs fields. Click to remove a field. Note: This feature applies only to iOS 7 and later versions.
NAI Realm Names	Enter the Network Access Identifier (NAI) realm names used for Wi-Fi hotspot 2.0. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables. Click the button to add more NAI Realm Names. Click to remove a field. Note: This feature applies only to iOS 7 and later versions.

Click the 'Save' button.

The Wi-Fi network will be added to the list.

You can add multiple Wi-Fi networks to the profile.

Click 'Add Wi-Fi' and repeat the process to add more Wi-Fi networks

Click the SSID of a WiFi network to view and edit its settings

This will add a 'Wi-Fi' section to the profile. You can edit the settings or remove the section from the profile at anytime. See Edit Configuration Profiles for more details.

App Lock settings

The 'App Lock' section allows you to restrict the ability of specific applications to use device resources. You can add only one application with app restriction settings for a profile. If you want to impose restrictions on several applications, create a profile for each and apply those profiles to the managed devices, as required.

Click 'App Lock' from the 'Add Profile Section' drop-down

Form Element	Description
Identifier	Specify the app to be included. You can add an Apple iTunes Store App or Enterprise App. Enter the App bundle ID of the application For more details on getting the App bundle ID of an application, see the explanation given below this table. Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables. Note: This feature applies only to iOS 7 and later versions.
Disable touch	Touch screen inputs will be disabled for the app.
Disable device rotation	The app will not be able to change display orientation.
Disable volume buttons	The app will not be able to modify device volume.
Disable ringer switch	Inputs through the ringer switch will be disabled for the app.
Disable sleep wake button	Inputs through the power/lock/wake button will be disabled for the app.
Disable auto lock	The device will not auto-lock when this app is running.
Enable voice over	Allows the user to use the voice over feature on the device for this app.
Enable zoom	Allows the user to zoom-in/zoom-out the display for this app
Enable invert colors	Allows the user to invert the colors for the display screens of this app.
Enable assistive touch	Allows the user to use the 'Assistive Touch' feature on the device for this app.
Enable speak selection	Allows the user to use the 'Speak Selection' feature on the device for this app.
Enable mono audio	Allows the user to choose mono mode for audio output of this app.
VoiceOver	Automatically switches ON the 'Voice Over' feature for the app.
Zoom	Automatically switches ON the 'zoom-in' feature for the app.
Invert colors	Automatically switches ON the 'Invert Colors' feature when the app is used.
Assistive touch	Automatically switches ON the 'Voice Over' feature when the app is used.

Click Save after configuring the parameters and options

The settings will be saved and shown under 'App Lock' tab. You can edit the settings or remove the 'App Lock' section from the profile at anytime See Edit Configuration Profiles for more details.

Obtain App Identifier

App Store Application:

Find the iTunes Store download URL of the app. Example: https://itunes.apple.com/us/app/cmdm/id807480077?mt=8.
Copy the number after the id in the URL. (Here it is: 807480077).
Open https://itunes.apple.com/lookup?id=807480077 where you replace the ID with the one you looked up.
Search the output for "bundleID". In this example: "bundleId":"com.Xcitium.cmdm.client". So the Bundle ID is com.Xcitium.cmdm.client

Xcitium Enterprise

Xcitium Enterprise Administrator Guide

English

Profiles for iOS Devices