Versions Compared

Version Old Version 3 New Version Current
Changes made by

Maureen Blando

Melissa Franklin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Anchor
_Hlk42712906
_Hlk42712906

...

Administrator’s Basic Guide to LINK

2023-01B

...

...

Table of Contents

...

You will need the URL of the LINK Controller and the Client ID. You may use your AD credentials or the Admin credentials to login to the LINK Controller.

Also see: Troubleshooting Guide

...

Please contact support@mobilehelix.com if you have not received the URL, Client ID, and Admin credentials.

...

Anchor
_Toc125372094
_Toc125372094
Mobile Helix UI Symbols Explained:

Image Removed
Image Added

Add (e.g., create a new user, application, etc.)

Image Modified

Open item for editing

Image Removed
Image Added

Delete item

Image Removed
Image Added

Save item

Image Modified

Go back (without saving) NOTE: do not press the browser back button!

Image Removed
Image Added

Next page

Image Modified

Previous page


Anchor
_Toc125372095
_Toc125372095
Working with Mobile Helix Support

...

In most cases, this version number should be the version in the App Store.

...

...

...


Anchor
_Toc125372099
_Toc125372099
Managing and Adding Users

...

Code-based activation is configured in the LINK Controller on the “Settings” tab. The first step is to change the launch link type to be “Activation Pincode” in the “Controller Settings” pane on the “Settings” tab. To do so, change the link type using the dropdown pictured here:

Image RemovedImage RemovedImage Removed

Activation Pincode

Please make sure that the “Attach a QR code …” and “Attach an hxl file …” are both toggled off.

...

Select the type as “Web Application”.

Image Removed

Enter a name for this application, which must be unique within the Controller. If the name you would like to appear at the top of the tile in the LINK app differs from the unique name, enter that in the “Display Name …” field. The “Category Name” (typically row name) is required, and it is used to separate tiles in the LINK app into groupings (with a header in between them). This field will auto-complete to existing categories within the Controller, but you can type a new value here to create a new category (row).

...

Next, select the user roles that should be permitted to see this application. Move roles that should see the application from the left to the right box on the page by double-clicking on the role or using the buttons to move list items from “Available Roles” to “Selected Roles.”

Image RemovedImage Added


Web Application Basics

...

An individual user may log out from their device. From the LINK app home screen, tap the 3 bars menu in the upper right. Select logout. Now, fully login with first and second factors.

Image RemovedImage Removed


Anchor
_Toc125372120
_Toc125372120
Email push notifications & settings

...

You can change the global policy (or you can assign different policies to different user groups, if appropriate) on the "Profiles" tab in your Controller. You should have a profile usually called "Offline Profile." Edit that profile (with the pencil button to the far right), and you will see a field labelled "Number of days that files saved to the My Files tab remain on the device. This specifies idle time - the expiration is reset each time the file is opened." This is the setting that determines the expiration period.

Image Removed

Note: When you change this setting and save your change, users will not see this change until: (i) they login to a fresh session by entering their A-D password in the LINK app, and (ii) they download a new file. This policy change is not applied retroactively to files that are already downloaded, and we do not dynamically change the policies of existing user sessions.

...

At Files, tap the pencil icon.

...

Files

Change settings as shown below. Tap the Diskette icon to save.

...

Login to your Azure portal at https://portal.azure.com. To create a new App Registration, search for “App Registrations” and click on the service when it appears. Once you have opened the “App Registrations” panel:

...

From the app registration page for your new app, add a new redirect URI by clicking the link next to “Redirect URIs:”. Toggle on the checkbox next to https://login.microsoftonline.com/common/oauth2/nativeclient for the redirect URI.

Click “Save” at the bottom of the screen.

...

Next, add API permissions to your app registration. To do so, click “API Permissions” in the “Manage” section on the left panel of the page.

(See https://github.com/Azure-Samples/MipSdk-Dotnet-File-ServicePrincipalAuth for the original source):

...

  1. Click API permissions.

  2. Click Add a permission.

  3. Select Microsoft APIs.

  4. Select Azure Rights Management Services.

Permission Type

Permissions Required

Application permissions

Content.DelegatedWriter

Content.Writer

Microsoft Information Protection Sync Service

...

  1. Select Add permissions.

  2. Again, Select Add a permission.

  3. Select APIs my organization uses.

  4. In the search box, type Microsoft Information Protection Sync Service then select the service.

Permission Type

Permissions Required

Application permissions

UnifiedPolicy.Tenant.Read

Grant Admin Consent

  1. Select Add permissions.

  2. In the API permissions blade, Select Grant admin consent for and confirm.

...

Browse to the Resources tab in LINK and edit the file resource for which you would like to enable information protection. Scroll down until you find the option that says “Enable Azure MIP protection when editing files”. Click “Change to yet” to enable Azure MIP integration. Doing so will reveal the following configuration parameters:

Parameter

Description of Value

Azure Tenant ID

Directory (Tenant) ID captured during the app registration

Email address of a tenant administrator (e.g., admin@mobilehelix.com)

As described. This email is used as the sign-in identity when LINK authenticates with Azure using the client secret

App ID for the Azure MIP App Registration

App (Client) ID captured during the app registration

Client secret for MIP service access

Client secret used for authentication with the MIP REST APIs

Email address of the owner for MIP-encrypted files

To protect files while they are being edited with Office for iOS, LINK applies MIP encryption using the owner email address provided here, and grants Read/Write permission to the signed-in LINK user. This allows the user to manipulate the document in Office for iOS without granting the user the ability to alter the permissions in any way.

After these parameters are entered, click the “Save” button in the blue bar in the LINK Controller. Tap the refresh button on your device to ensure that these changes are propagated into your active LINK session.

...

Add LINK as an app in Intune and deploy it to your target user group

Login to https://endpoint.microsoft.com, your Intune management console. Under “All Services” or “Favorites”, select “Apps”. Click “All Apps”, “Add” … and select the following:

...

After entering this password on the Settings tab in the LINK Controller, launch emails will only be valid on Intune-enrolled devices.

-END-