Administrator Guide

Device Guardian & Access Management 2.2

Overview

This is the complete guide for administrators responsible for the deployment and management of Device Guardian (DG) and Device Guardian Access Management (DGAM). It provides instructions from initial software installation to daily operations and system administration.

Setup & Installation

Install and configure the necessary software on the mobile devices and kiosks (for DGAM).

Pre-Installation

The following steps must be completed before starting the installation:

  1. System Requirements Verification: The target environment must meet all specified requirements.
  2. Onboarding Email: After the onboarding process is complete, an email is sent from Zebra containing the following:
    • Web Portal URL - The URL for the administration portal
    • Admin Credentials - Initial login credentials for the designated primary administrator.
    • .APK Download Link - A link to download the client application.
    • User Guide - The complete user guide for reference.

Device Installation & Configuration

Install and configure the necessary software on the mobile devices and kiosks (for DGAM).

For All Devices:

  1. Install, Enroll and Configure via EMM: This process installs the DG/DGAM app, registers the device with the cloud server, and applies the necessary configurations. Follow the guide corresponding to the EMM in use:
  2. Install Identity Guardian & Related Tool (if required): Identity Guardian enables user authentication and must be installed in the following use cases:
    • DGAM: Download and install Identity Guardian via EMM. This is required for secure user authentication and device accountability.
    • DG with SSO: To use Single Sign-On (SSO) for user authentication:
      1. Configure DG to integrate with the SSO provider.
      2. Download and install Identity Guardian (v2.0 or higher) via EMM.
      3. Follow the appropriate SSO Configuration procedure based on the supported identity provider.
    • Tool for Shared Device Mode: If using Identity Guardian's Shared Device mode, download and install zCreator via EMM. This tool generates the necessary user authentication assets (barcodes or NFC cards).
  3. Install ZDNA Cloud Client (if required): This step is required for both DGAM (Mandatory) and DG with ZDNA Cloud. The following steps apply to both scenarios:

For DGAM Only - Additional Device Setup:

  • Grant Permissions: Grant all necessary permissions for both kiosks and devices.
  • Import DataWedge Profile: Import the specified DataWedge profile to enable barcode scanning for device registration and recovery.
    1. Download the DataWedge Profile.
    2. Copy the File to Your Device: Transfer the DataWedge profile to the device’s internal storage.
    3. Import the Profile into DataWedge: Open the DataWedge app on your device (installed by default). image
      • From the top-right menu, select Settings. image
      • Select Import Profile. Browse to the file location from step 2. The profile is imported.
        image        image
    4. Verify Import: Return to the main screen of DataWedge to ensure the profile named "DGAM” is listed. image

Identity Guardian Setup

Configuration of Identity Guardian is mandatory for DGAM and optional for DG (if SSO is used)

  1. Choose the Device Access Mode: Select the appropriate access mode based on the intended device usage.
  2. Create and Deploy Configuration Profile: Based on the access mode, create and deploy the necessary enrollment and authentication profiles. Refer to the Shared Device or Personally Assigned Device guides; for configuration details, refer to Managed Configurations guide.

Key settings to configure include:

  • Primary, Secondary, and Fallback Authentication Methods
  • The comparison source for identity matching (e.g. facial capture, barcode)
  • An Admin Bypass Passcode for use emergency access
  • SSO configurations
  • Device lock screen behavior
  • Store user application credentials (Guardian Safe)

System Configuration

Core Portal & Site Configuration

  1. Add Sites: Create a unique site for each location where devices are used.
  2. Add Access Points (APs): Register APs and assign each one to its corresponding site. Use a descriptive friendly name (e.g., "Shipping Dept, Floor 1") to make device location searches easier.
  3. Add Devices (DG Only): For DG, add device information into the server.
  4. Configure Kiosks (DGAM Only):
    • Assign Kiosks to a Site: Assign each kiosk to the appropriate site for monitoring and management.
    • Register Devices to Kiosk: To monitor devices from a kiosk, register them using one of these methods:
  5. Add Users (DG Only): Add administrators and managers to the web portal. Note: End users do not need to be added.
  6. Add Device Users (DGAM Only): Follow the procedure in the Device Users section to deploy the ZDNA Config Token and add device users.

Advanced Configuration & Administration

After setting up Device Guardian and prior to user enrollment and authentication, consider various configuration and administration options for optimal device tracking and device recovery. This section offers further guidance on these considerations.

  • Automate Site Assignments: Streamline site assignments by automatically assigning devices to a site based on their connected AP or IP address range.
  • Implement User Accountability: Integrate Device Guardian with SSO to associate devices with users via login credentials, providing admins real-time visibility into device usage.
  • Map-Based Location Tracking: Enable Map Based Locationing to retrieve GPS coordinates and visualize their locations on a map.
  • Automate Workflow Processes: Configure Device Guardian to automatically update device states based on predefined conditions or thresholds, streamlining workflows and reducing manual oversight.
  • Nearby Lost Device Alerts: Activate Lost Device Nearby notifications to alert users when a missing device is detected in close proximity. Notifications can include audio, vibration, LED, or Android alerts to prompt recovery actions.
  • Offline Device Tracking: Use Secondary Bluetooth Low Energy (BLE) to track device locations even when powered off or with critically low battery (below 5%).
  • Customize Audio Alerts: Personlize audio alert for lost devices by selecting tones, adjusting volume, and setting duration or intervals.
  • Track Bluetooth Accessories: Locate lost Bluetooth accessory scanners with tracking features. Enable Virtual Tethering to alert users when a paired scanner moves out of range from the host device.
  • Device Auto Assignment (DGAM Only): Automatically assign devices to the nearest kiosk within Bluetooth range.
  • One Device Per User (DGAM Only): Restrict users to logging into a single device at a time when managed by a kiosk.
  • Custom App Integration: Use the Device Guardian API to integrate with third-party apps and build custom workflows. The API provides a secure content provider interface, allowing apps to query and retrieve device data for seamless data sharing.

Operational Guide

User Enrollment & Authentication

This section applies to Identity Guardian only. It describes user enrollment and authentication processes when Identity Guardian is utilized for user authentication.

  1. User Enrollment: The process for enrolling users depends on the device access mode configured during setup: Shared or Personally Assigned. Refer to the User Enrollment guide for the detailed procedure.
  2. User Authentication: Once enrolled, users authenticate to the device according to the authentication methods defined in the deployed configuration profiles. Refer to the User Authentication guide for the detailed procedure.

Device & Accessory Recovery

  • Find a Device:
    1. Mark Device to Find: Admins or managers mark a lost device as To Be Found, adding it to the Missing device list for recovery actions.
    2. Search Device: A user selects a device in the Missing state and performs the search process to find the device, using the proximity meter and sending audio alerts.
  • Find a Device via Kiosk (DGAM Only):
    1. Scan QR Code - Scan the missing device's QR Code displyed on the kiosk.
    2. Search Device - Use the proximity meter and audio alerts to find the device.
  • Nearby Lost Device Detection: Receive automatic notifications when a lost device is detected nearby. User can initiate the recovery process directly from the alert.
  • Locate Lost Bluetooth Accessories: Use the finding process to locate lost Zebra Bluetooth scanners.
  • Map Device Location: View GPS coordinates and mapped locations of devices. This feature is accessible to managers and admins via the web portal.
  • Track Powered-Off or Critically Low Battery Devices: Use secondary BLE to find devices that are powered off or have critically low battery.

Administrative Dashboards & Reporting

  • Web Portal Dashboard: Admins and managers can access the web portal dashboard, offering a centralized to view of devices, APs and sites across the organization.
  • Productivity Dashboard: Graphically displays trends of lost and found devices, as well as average lost duration and recovery time, at both company-wide and individual site levels. This is feature is accessible only to admins.
  • DGAM Dashboard (DGAM Only): Offers a centralized view of devices managed by kiosks.
  • Daily Summary Report: The End of Day Device Summary provides a snapshot of device counts by state (e.g., To Be Found, Found, Low Battery) at that moment, aiding daily accountability. Reports can be emailed to designiated recipients with options for scheduled report time, report criteria, and attachments.
  • Events By Site Report: Reports event changes within a site based on device state transitions (e.g., Disconnected, Found, Low Battery). Administrators can view data across all sites, while managers can view data for their assigned site.

See Also