Zebra DNA Cloud Setup

Zebra DNA Cloud 4.2

Overview

This section covers the Zebra DNA Cloud (ZDNA) setup process and the first few steps for its use. For complete details about ZDNA usage, see the Usage Guide.

Setup Synopsis

  1. Configure the organization's network
  2. Register with Zebra.com and create a Zebra DNA Cloud "instance"
  3. Create at least one "New Device Setup" Profile
  4. Enroll one or more devices using the setup Profile made in Step 3
  5. Apply license(s) to device(s)

System Requirements

Admin Console

  • Computer with Windows 10 or later
  • Google Chrome (v101.0 or later) Pop-ups must be enabled
  • An account on Zebra.com (Register now)
  • Firewall or network proxy server configured as required (see below)

Supported Devices

  • Zebra device(s) running Android 11 (or later) updated as follows:
    • 6490-platform devices: 11-12-31.00-RG-U00-STD-ATH-04 (or later)
    • ET40/ET45 tablet: 11-13-14.00-RG-U00 (or later)
    • SDM660-platform: 11-26-05.00-RG-U00 (or later)
    • TC15 devices: 11-14-13.00-RG-U00 (or later)
    • TC53/TC58 devices: 11-12-31.00-RG-U00 (or later)
    • WS50 wearable: 11-19-19.00-RN-U00 (or later)
  • Updated device software as indicated in the Admin Requirements section of the Usage Guide
  • OPTIONAL: Management of a mixed-owner device population requires the following LifeGuard updates:
    • 6375 (ET40, ET45): GO_FULL_UPDATE_11-23-29.00-RG-U00-STD-GSE-04.zip (or later)
    • 6375 (TC15): GR_FULL_UPDATE_11-23-23.00-RG-U00-STD-GRT-04.zip (or later)
    • 6490 (TC53, TC58): AT_FULL_UPDATE_11-21-27.00-RG-U03-STD-ATH-04.zip (or later)
    • SDM660-platform (see all): HE_FULL_UPDATE_11-35-05.00-RG-U00-STD-HEL-04.zip (or later)

See all Zebra devices by platform

See all Zebra devices supported by Zebra DNA Cloud

NOTICE: Devices intended to be fully managed using Zebra DNA Cloud must be factory fresh (or factory-reset) before enrollment to ensure that all features work correctly. This is not applicable to devices managed using a third-party EMM solution and that use ZDNA to deploy Zebra apps and OS updates, monitor battery health and perform other administrative functions.

Naming Conventions in this Guide

  • Setup Profile - A group of settings relating to an app and/or one or more app configuration files.
  • Settings Profile - A group of settings for configuring one or more devices.
  • Job - A task to update the Android version running on one or more devices.

I. Configure Network

The Zebra DNA client app communicates with the ports and domain names listed below.

The client network must be configured using wildcards as follows:

  • Open an HTTPS port (443 by default) between device client and app servers
  • Allow these domain names through the firewall or proxy server:
    • *.zebra.com
    • connectivitycheck.gstatic.com
    • *.googleapis.com
    • *.firebaseio.com
    • *.cloudfunctions.net
    • *.firebaseapp.com

The asterisk character (*) indicates a wildcard, which accepts any value for a particular section of a port assignment. If wildcards are NOT supported by the system (or are otherwise prohibited by the organization), please contact Zebra Support for special instructions.

Remote Support

For organizations planning to view and/or control device screens remotely, the following WebSockets port and domain must remain accessible:

  • wss://global.vss.twilio.com/signaling

II. Register with Zebra.com

This part of the process is required for all DNA Cloud users in an organization.

Already have a login for Zebra.com? Skip to Section IV.

Create Zebra.com Account

1. Visit Zebra.com and click the "Login" link: image Click image to enlarge; ESC to exit.

2. Click "Register Now" and follow the prompts: image Click image to enlarge; ESC to exit.

3. Enter and confirm an email address to be associated with the account.
Then click "Submit" button: image Click image to enlarge; ESC to exit.

4. After receiving a confirmation email, return to the login screen and log in.
Continue to follow prompts and click "OK" where necessary.
Be sure to click "Sign In" just once to avoid errors. image Click image to enlarge; ESC to exit.

5. Select "My Zebra" from the user menu: image Click image to enlarge; ESC to exit.

6. Click on the desired app to launch:
image Click image to enlarge; ESC to exit.

If a link to ZDNA does not appear, use Chrome to visit DNAcloud.zebra.com.

7. Log in using the Zebra SSO credentials.
image Click image to enlarge; ESC to exit.

III. Manage Users, Roles

The Super Admin (formerly Tenant Owner) creates Users in the ZDNA system using email addresses registered using the process above. Admins can perform all tasks within the system and create Roles as needed to restrict a user's access to specific ZDNA features.

Create Users

If the creation of Users, Roles and/or connected services (i.e. Google Drive) is NOT required at this time, skip to Step IV to begin enrolling devices.

Instructions for the login screen below are found in the Legacy Login section. image Deprecated. This process is scheduled to be discontinued soon.

To Create a User:

1. Point a browser to the Zebra DNA Cloud server log in using Zebra.com credentials: image Click image to enlarge; ESC to exit.

2. Click user icon for menu and select "Manage All Users" from the menu: image Click image to enlarge; ESC to exit.

3. In All Users screen, click "Add User": image Click image to enlarge; ESC to exit.

4. Select the user's Role from the drop-down and their email address (both are required). Then click "Add"; An invitation to join DNA Cloud is sent to the address.
Before any Roles are created by an organization, only the Admin and Manager Roles are available for selection. If one or more custom Roles are desired, Create Roles before proceeding. The Roles drop-down list updates instantly upon creation. image Click image to enlarge; ESC to exit.

5. Prior to enrolling, newly invited users appear as "invited" the list of Users (as seen in the image below).
User-name Notes
   • User names appear automatically for invited users already registered with Zebra.com.
   • Names of unregistered invitees appear as "Invited User" until they register (required).
   • To edit a user name, click the icon.
   • User name fields accept alphanumeric, Unicode and some special characters. image Click image to enlarge; ESC to exit.

6. In the My Services section, click "Connect" on the desired service(s) and follow prompts.
Services activated here are available for use in setup Profiles, but only an Admin can create, edit or disable them. See My Services notes below.

Before connection of services:

image Click image to enlarge; ESC to exit.

After connection of services:

image Click image to enlarge; ESC to exit.

If the Google Drive account is disconnected, the term “Tenant Owner” might be displayed on the Google Drive and User Page tooltips when hovering over the Browse button (and over the disabled Remove button for Admins). When the account is connected, the term also might be seen in the Google Drive Service Info section. In documentation for ZDNA 4.0 (and later), the Tenant Owner is referred to as the Super Admin.

Create Roles

ZDNA 4.0 (and later) supports User Roles, which allows Admins to configure access to specific DNA Cloud features while preventing access to others. Configurable features and access levels are shown below.

Configurable Features

  • New Device Setup
  • My Devices
  • Device Users (Identity Guardian users only)
  • Device Settings
  • My Apps
  • Android Updates
  • Licensing
  • My Services*
  • Users*
    * Designated as sensitive, prompting a warning when granting permission.

The ZDNA Dashboard is visible to all Users regardless of Role. Android Updates and New Device Setup sections appear "greyed out" for users with "No Access" permission.

Roles are visible only to the Super Admin and to users assigned the Admin Role.

Access Levels

  • No Access - Section name appears “greyed out” in the navigation pane and is unresponsive to clicks (default for areas deemed "sensitive"). A tool tip displays “permission required” when hovering.
  • Editable - Full access to all section features (default for areas not deemed "sensitive").
  • View Only - Section is visible when clicking its name in the navigation pane but permits no interaction except to download (where applicable). A tool tip displays “permission required” when hovering over unavailable features.
  • View with Remote Support - Same as "View Only" plus the ability to perform the "Remote Support" action (applies only to "My Devices" section).

Rules and Behaviors

  • Changes to Role permission(s) take effect the next time the user logs in.
  • Users can view their assigned Role on their User Profile page.
  • The Super Admin (formerly Tenant Owner)* has full access to all areas and features; this Role cannot be changed or deleted.
  • The "Manager" Role cannot be deleted; its default permissions can be edited.
  • Only an Admin can create additional users with Admin-level permissions.
  • The Roles section is accessible ONLY by the Admin and users assigned the Admin Role.
  • Only the Super Admin can reauthorize services.
  • Only an Admin can grant Admin permission; Managers and manager-level custom roles cannot grant Admin permission to themselves or other users.

* The Admin (formerly the Tenant Owner) has privledges above all others. This user is referred to in documentation as the "Super Admin" to differentiate it from users assigned the Admin Role. Such users are referred to simply as "Admins" in TechDocs.

To Create a Role:

1. Log in as an Admin, click the user icon and select "Roles" from the menu: image The 'Admin' Role has full access to all features and cannot be edited. Click image to enlarge; ESC to exit.

2. Click the "Add Role" button: image Click image to enlarge; ESC to exit.

3. Enter a name and a brief description, if desired. When finished, click "Add" button.
Description may contain up to 250 characters. image Click image to enlarge; ESC to exit.

4. With the new Role highlighted, select the desired Permissions for each feature as needed for the user role.
When finished, click "Save Changes" button. image Click image to enlarge; ESC to exit.

5. A warning appears if granting permission to sensitive services.
Click "Confirm" to proceed. image Click image to enlarge; ESC to exit.

The new Role can now be assigned when creating new Users: image Click image to enlarge; ESC to exit.

Zebra recommends adding no more than 20 Roles for maximum system performance.

To Delete a Role:

1. Log in as an Admin, click the user icon and select "Roles" from the menu: image Click image to enlarge; ESC to exit.

2. With the unwanted Role highlighted, click the "Delete Role" button: image Click image to enlarge; ESC to exit.

3. A warning appears, similar to the image below.
   To delete the selected Role: Check "Confirm" and click "Delete"
   To cancel: Click outside the message box image Click image to enlarge; ESC to exit.

Users associated with a deleted Role automatically inherit default permissions for the "Manager" Role, which could increase their access.

Legacy Login

image Click image to enlarge; ESC to exit.

The legacy login process is deprecated and scheduled to be discontinued soon. Until then, the legacy login dialog (above) remains operational and behaves as described below.

Legacy Login Behavior

  • Users assigned an Admin role can log in as an "Administrative User" with their current credentials.
  • Such users can modify their own role and those of other Admins and Managers.
  • These users have the same permissions as the Super Admin but cannot:
    • Modify Super Admin permissions or settings
    • Reauthorize Zebra Services

Return to Create Users section.

My Services

The My Services section contains information about connection services associated with a ZDNA instance. Such services are governed by the rules and behaviors listed below.

Service Rules and Behaviors

  • Settings for connected services (i.e. Google Drive) are available only to Admins and to users with a Role that has been granted permission to access the "My Services" section.
  • Managers and other roles NOT granted permission to access My Services can browse files accessible through connected services ONLY if an Admin had previously established the connection and logged into the service through ZDNA.
  • If an Admin logs out of a connected service, all users lacking access to My Services are denied access to that service until an Admin logs in again.
  • Roles with permission to access My Services can perform all My Services-related actions using their own credentials.
  • Changes to a Google Drive account could cause Profiles accessing that account to be seen as "read only" by users accessing those Profiles (indicated by ). To resolve this condition, the Profile(s) must be edited by a user with My Services permission to reflect the new connected service information.

Zebra strongly recommends using dedicated accounts for access to connected services from within ZDNA. Sharing accounts and/or login credentials among users and Roles is strongly discouraged, and could result in unexpected disruptions in ZDNA services for some or all users.

Switching Google Accounts

If it becomes necessary to switch among multiple Google accounts for managing files deployed to the ZDNA server, use the process shown below to switch from one to another.

To switch Google accounts:

  1. In the ZDNA console, click on the User Account drop-down (upper-right corner) and click My Profile. A screen appears similar to the image below.
    Click "Disconnect" if the account was already connected. Otherwise, skip to Step 2.
    image Click image to enlarge; ESC to exit.

  2. Click "Connect" and follow prompts for Google login.
    When prompted, select both boxes (as shown, below) and click "Continue" to proceed: image Click image to enlarge; ESC to exit.

A screen as below indicates a successful connection:

image Click image to enlarge; ESC to exit.

IV. New Device Setup

The New Device Setup process creates the minimum settings required to allow a device to communicate with the internet for further configuration and management by ZDNA or a third-party EMM system (DNA Cloud 2.6 and later). This process also downloads the ZDNA client app to the device and enrolls it in the ZDNA system. To stage a device with these settings, create a new Settings Profile and use the device to scan the barcode that appears at the end of the process.

This process can be repeated for different device types, network configurations, office locations, etc.

After enrolling a device, Zebra recommends downloading the resulting enrollment barcode sheet (.pdf) for later enrollment of similar devices.

Create Enrollment Profile

Zebra DNA Cloud 3.1 (and later) supports "mixed populations" of devices, which includes some devices for which the company's own EMM system is the Device Owner, and others that have DNA Cloud set as the Device Owner. This allows administrators to use ZDNA to manage all devices in a single console, with access to some ZDNA features for all devices.

When managing mixed populations, some features are NOT available on all devices. Learn more before proceeding.
Mixed-population management might require a software update. See Supported Devices of Requirements section, above.

To create an enrollment Profile:

After logging in as an Admin, proceed to Step 1. image Click image to enlarge; ESC to exit.

1. In the New Device Setup section, click the "Set Up Device" button and select Enrollment Type.
IMPORTANT: If managing "mixed populations" of devices (see above), select "Set up Device (for 3rd Party EMM)" to proceed.
image Click image to enlarge; ESC to exit.

2a. Enter the network and Proxy settings for the device in its intended location.
To use existing internet connectivity settings on target device(s): SKIP TO STEP 3.
For WS50 devices: Always select "Do not change."
Click "Next" button when finished. image Click image to enlarge; ESC to exit.

2b. For non-cellular devices, confirm default "None" in the APN section and SKIP TO STEP 3.
Select "Manual" and enter the Access Point Name (APN) and other carrier network information for the device in its intended location.
Only ONE (1) APN can be entered during initial setup. Multiple APNs can be added later using the Advanced Settings Wizard or a company's own EMM.

Errors could result when staging non-cellular devices if information is entered in this section.
Click "Next" button when finished. image Click image to enlarge; ESC to exit.

3a. For third-party EMM enrollment: Select the EMM in use and populate fields as required.
If the desired EMM system is not listed, select "Custom" and enter values as needed for the EMM system in use.
If a device was previously enrolled in ZDNA, a Factory Reset MUST be performed on the device before it can be enrolled into any third-party EMM.
When finished, click "Next" button and SKIP TO STEP 4.

image Click image to enlarge; ESC to exit.

3b. For ZDNA enrollment: Leave "LifeGuard Over the Air" box CHECKED (default).
Unchecking this box PREVENTS the device from being maintained using the Android Updates feature through ZDNA.
Click "Next" button when finished. image Click image to enlarge; ESC to exit.

4. Enter the following information as indicated below:
    a. Enrollment Profile Name - use auto-generated name or enter a custom name.
    b. Administrator message - to appear on barcode page and Profile listings as enrollment guidance.
    c. Device Group Association - helps organize devices by model, function, dept. etc.
Click "Next" button when finished. image Click image to enlarge; ESC to exit.

5. Review settings. If necessary, click "Edit" to modify.
Click "Next" button when finished. image Click image to enlarge; ESC to exit.

6. With the StageNow app running on the device, scan the generated barcode to configure and enroll the device.
When finished click "Done" button. image Click image to enlarge; ESC to exit.

Initial device staging and enrollment are complete.
Zebra recommends downloading barcodes (PDFs) for distribution and/or later enrollment. Barcode PDFs can be distributed for application in the field.

Configure for a Mixed Population

For organizations managing a mixed-owner device population, the ZDNA client app must be manually installed and configured after the device(s) are enrolled in the company's own EMM system. This process is required to allow EMM-enrolled devices to coexist and be managed along with ZDNA-enrolled devices from the same ZDNA console.

NOTE: management of a mixed-owner device population might require a device software update. See Supported Devices in Requirements section, above.

After enrolling in a third-party EMM:

  1. In the My Services screen (within the User Profile), copy the Zebra DNA Configuration Token: image Click image to enlarge; ESC to exit.

  2. In the EMM system, install and configure the Zebra DNA Cloud client app (available from Google Play) using the Zebra DNA Configuration Token copied in Step 1.

  3. Use the EMM to install and launch the ZDNA client on the device(s).

  4. Use the EMM to add and configure “Zebra OEMConfig powered by MX” (available from Google Play).

  5. To initialize the ZDNA Client service, open the OEMConfig EMM console and go to System Configuration > Configure and paste the following XML into the XML Pass-through command: 

    
<wap-provisioningdoc> 
  <characteristic version="10.5" type="Intent"> 
    <parm name="Action" value="StartActivity" /> 
    <parm name="ActionName" value="android.intent.action.MAIN" /> 
    <parm name="Package" value="com.zebra.zebradna" /> 
    <parm name="Class" value="com.zebra.zebradna.MainActivity" /> 
  </characteristic> 
</wap-provisioningdoc>

  6. In the My Services screen (within the User Profile), copy the Customer Account Token: image Click image to enlarge; ESC to exit.

  7. In the EMM system, install and configure the Zebra Enrollment Manager (available from Google Play) using the Customer Account Token.
    This is done through Managed Configurations exposed by Enrollment Manager:
    Go to Application Configuration > Claim device > Claim device token and paste the customer account token where prompted.
    This enrolls the device in ZDNA and activates LifeGuard services.

The device is now configured to coexist in mixed-owner populations.

Confirm Enrollment

In the ZDNA Console:

Device(s) enrolled in ZDNA appear on the "My Devices" page: image Click image to enlarge; ESC to exit.

On the Device:

Devices newly enrolled into ZDNA indicate in the Notification Bar that the DNA Service is running: image Click image to enlarge; ESC to exit.

V. License Device(s)

To enable remote configuration and management though ZDNA, each device must be licensed.

Please refer to the Licensing Section for further instructions.

DNA Cloud SSO

Zebra DNA Cloud now employs a single sign-on (SSO) for logging into the console, streamlining the process and eliminating separate log-ins for the Admin (formerly Tenant Owner) and Managers (formerly Administrative Users). To log in using the dialog seen below, all users are required to register an email address with Zebra.com. It can be the address they're currently using to access DNA Cloud or a new one. The process* is detailed below, and is the same for a new or existing address. This process is NOT required for users with an email address already registered with Zebra.com.

image DNA Cloud SSO login screen. Click image to enlarge; ESC to exit.
* The DNA Cloud SSO process varies from that of section II. Register with Zebra.com, above.

Register with Zebra SSO

1. Visit Zebra.com and click the "Login" link: image Click image to enlarge; ESC to exit.

2. Click "Register Now" and follow the prompts: image Click image to enlarge; ESC to exit.

3. Enter an email address to be associated with the account and click "Next" button.
Open the email's inbox and look for a confirmation email from "Zebra Service Do Not Reply." image Click image to enlarge; ESC to exit.

4. Enter the verification code from the confirmation email and click "Next" button.
image Click image to enlarge; ESC to exit.

5. Enter the information as indicated and click "Next" button.
image Click image to enlarge; ESC to exit.

6. Select options as needed. When finished, click "Submit" button.
image Click image to enlarge; ESC to exit.

Upon successful registration, a message appears similar to the image below:

image Click image to enlarge; ESC to exit.

The email address can now be used to access DNA Cloud and other Zebra online resources.

Authorization

For the Admin (formerly Tenant Owner) only: When first logging into DNA Cloud following the registration process above, the Admin is prompted with a screen (as shown below) to complete a simple three-step process:

image Click image to enlarge; ESC to exit.

  1. Initiate by clicking "Authorize"
  2. On the next screen, click "Confirm"
  3. Next, click "Allow"

Authorization is complete; all operations can proceed as normal.


Authorization Notes

  • If authorization fails or a prompt is dismissed prematurely, the process repeats at subsequent logins until successful.
  • After dismissing the prompt, authorization also can be completed on the My Services page.
  • Device Settings, Licensing and Android Updates features appear "greyed out" on unauthorized systems.
  • Successful authorization is indicated by a status of "Connected" on the My Services page.

Also See

  • Usage Guide | A complete guide to ZDNA administrative tasks
  • Licensing Guide | Manage, allocate and reclaim licenses for apps and device
  • FAQ | Frequently asked questions about ZDNA