Mobile Provision Code
Contents
Mobile Provision Code Overview
Swivel Core Verion information
Swivel version 3.10.4
Swivel version 3.10
Swivel version 3.10 onwards supports one step Mobile Client Provisioning using a Provision URL and a Site ID.
Swivel version 3.8
From Swivel 3.8 onwards the Swivel Mobile client must be provisioned to allow the Mobile client to download security strings for a user. The advantages of this are:
- A user cannot download another persons security strings
- Provisioning a mobile device prevents a user from downloading security strings to another device without being provisioned.
Each username may have one Mobile Client Provisioned. A request to provision a new mobile device or re-provision an existing mobile device that reaches the Swivel server will invalidate the current security strings. This article explains how to provision or re-provision a Swivel Mobile client.
This document supplements the existing documents for individual phone types.
For information on how a user can self provision or request a new provision code see Mobile Re-Provision How to Guide
Requirements
Supported Mobile device
Swivel Mobile Client installed that supports Swivel 3.8 or higher provisioning, see Mobile Phone Client
Swivel appliances will need their proxy upgrade to handle the provisioning, see Appliance Proxy Server Upgrade
If a Swivel cluster is configured with multiple servers, then session sharing should be enabled, otherwise the provision code is stored in memory and only valid on the Swivel instance that it is generated.
Ensure Provision code settings are configured across multiple Swivel instances.
Swivel Configuration
Mobile Provisioning
Swivel 3.8 and higher requires each mobile phone to be provisioned so it can be uniquely identified. Ensure that all Mobile Client users have suitable Transports configured to receive their Provision Code. To provision the mobile client on the Swivel Administration Console select User Management, locate the required user, click on the user to reveal the management functions and click Reprovision. The code sent to the user is valid for a length of time set under: Swivel Administration Console select Policy/Self-Reset. Earlier versions of Swivel do not need to use a Mobile Provision. From version 3.9.7 the user is sent a Provision URL.
On the Swivel Administration Console log a message should indicate that the Mobile Provision Code has been successfully sent to the user:
Message sent to user: username, destination: username@emailaddress.com.
User "username" can now reprovision their mobile device.
Message added to message queue for user: username, destination: username@emailaddress.com.
Provision code created for user "username"
Mobile Self Provisioning
A user can be permitted to provision their own mobile device. To allow this, on the Swivel Administration Console select Policy/Self-Reset then set the following parameters as required:
Allow user self-provision of mobile client: Default No, Options Yes/No
Log device information when provisioning: Default No, Options Yes/No
Provision Code Validity period (seconds): Default 600, Options 10-1000000 Note: this value is for all Mobile Provision Codes.
To configure the self Provision/Re-provision see the Mobile Re-Provision How to Guide
Obtaining a Provision code using the Self Provisioning feature
A user should be able to access the Provision page of either the User Portal or from the resetPIN utility using https://ApplianceIP:8443/reset/provision.jsp. From version 3.9.7 this can sbe sent as a Provision URL.
Mobile Client Configuration
If a SSD has been configured then the settings can be automatically pulled from the Swivel server, together with any Mobile Client Policies.
Mobile clients may have some variation.
Note: Re-Provisioning a mobile client will invalidate the current security strings for the client.
From the Swivel Mobile Client select settings, then select Re-Provision. A text box should appear to enter the Mobile Provision Code.
Enter the Mobile Provision Code and observe the screen input for a Provisioning. Please wait... message. When complete a Device Provisioned message briefly appears on the screen.
Verify Device Provisioning
On the Swivel Administration console, check the logs for a provisioning message:
User "gfield" provisioned successfully
Error Messages
Error Server, Unknown Server ID
The Site ID may not exist or may not have been entered.
Error Server Connection
The server details are missing or incorrect
Invalid Username
The User may not exist on the Swivel server.
Invalid Provision Code
The provision code is not valid or has already been used.
User not set
No username has been entered under options. Enter the username and retry.
Error Dowloading Security Strings
The user may not be a member of an appropriate group with Mobile Client authentication enabled
Failure Please check your settings or try again later. Message: Provision Failure
The following log message may be seen in the Swivel Administration Console:
User "gfield" provision failed, A valid session could not be loaded or created for the user.
This can be caused by an incorrect Mobile Provision Code, or the time allowed for provisioning a device has been exceeded.
Note: The security strings on the mobile phone will be invalid until a successful provision is carried out and a new set of security strings are downloaded.
AgentXML request failed, error: No suitable authentication method for the user "qwerty" was found. The user may be missing from the user repository or a synchronisation has not yet occurred.
or
Mobile request from unknown user; the user needs to reprovision
A Mobile Provision Code was entered for a user who is not present on the Swivel user database.
