Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Berlin hackathon 2023 device management #2453

Merged
merged 11 commits into from
Sep 26, 2023
22 changes: 22 additions & 0 deletions docs/basics/acct-team-mgmt/private-device-mgmt-find-bundle-id.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
---
id: private-device-mgmt-find-bundle-id
title: Find iOS Bundle ID
sidebar_label: Find iOS Bundle ID
---

import useBaseUrl from '@docusaurus/useBaseUrl';

## Retrieving the BundleID for Allow-listing Your Apps

To prevent our cleaning from removing your application after every session, this guide will help you to obtain the bundleID for these applications.

Follow these steps during live testing:

1. Open a Live Testing session with an iOS Device.
2. Open Device logs in VERBOSE mode.
3. Clean the device logs.
4. Copy-paste this string in the search bar `SBApplicationStateDisplayIDKey`.
5. Open the application you want to be allow-listed.
6. Check the values of `SBApplicationStateDisplayIDKey`, which is the bundleID for any given app that has been launched.

<img src={useBaseUrl('img/basics/bundle-id.png')} alt="Bundle ID" width="800"/>
82 changes: 74 additions & 8 deletions docs/basics/acct-team-mgmt/private-device-mgmt.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,28 +8,94 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';

Private device management allows an organization admin to view and manage the private devices in an organization by assigning them to teams. This reduces contention for scarce devices, and provides better visibility to which team is using a device at any given time.
<br/><p><span className="sauceGreen">Private Devices Only</span></p>

- By default, a device is not assigned to any team, which means it can be used by anyone in the organization. Default assignement allows the organization admin to view all the devices as long as they are not assigned to a specific team.
- If you choose to assign a device to a team, only members of that team can access the device. This also means that if the organization admin is not part of that team, they will not be able to see the device in their dashboard and run tests on the device. This applies to live test sessions, automated test sessions, and other connection methods like [Virtual USB](/mobile-apps/features/virtual-usb).
- At any time, you can reassign your private device to another team or remove the team assignment altogether from the [Team Management](https://app.saucelabs.com/team-management/devices) panel.
- If a team with devices is deleted, the devices assigned to that team return to the unassigned state. (For more information about managing teams, see [Adding and Deleting Teams](/basics/acct-team-mgmt/adding-deleting-teams).)
Private device management allows an organization admin to view and manage the private devices in an organization via the [Private Device Management](https://app.saucelabs.com/team-management/devices) panel. These features can improve device availability and optimize manual and automation workflows.

Private devices are not included in VM or RDC concurrency limits. (For more information about concurrency, see [Concurrency Limits and Team Accounts](/basics/acct-team-mgmt/concurrency-limits).)
- Assign a private device to a team.
- Customize a private device to allow apps, system apps, and accounts to persist between sessions.

:::important

- Everyone in an organization can access a device in the the default unassigned state.
- **Only** organization admins can manage private devices.
- An organization admin can always re-assign a device to another team or set a device to the default unassigned state.
- **Only** team members can access a device assigned to a team.
- This rule is enforced for all roles!
- i.e., to access a device, an organization admin **must** be a member of the team a device is assigned to.
- Devices automcatically return to the default unassigned state if their assigned team is deleted.

:::

:::note
For more information about managing teams, see [Adding and Deleting Teams](/basics/acct-team-mgmt/adding-deleting-teams).

Private devices are not included in VM or RDC concurrency limits.
For more details, please see [Concurrency Limits and Team Accounts](/basics/acct-team-mgmt/concurrency-limits).
:::

## Viewing an Organization’s Private Devices

1. On Sauce Labs, click **ACCOUNT** and then click **Team Management**.
<img src={useBaseUrl('img/team-mgmt/team-mgmt-nav.png')} alt="Team management navigation" width="400"/>
<img src={useBaseUrl('img/team-mgmt/team-mgmt-nav.png')} alt="Team management navigation" width="450"/>
2. Click the **DEVICES** tab. The devices assigned to your organization will be listed.
<img src={useBaseUrl('img/team-mgmt/device-mgmt-devices-tab.png')} alt="Devices tab" width="600"/>

## Assigning a Private Device to a Team

:::note
A device can be assigned to only 1 team at a time.
A device can be assigned to only 1 team at a time.
:::

1. On Sauce Labs, click **ACCOUNT** and then click **Team Management**.
2. On the **DEVICES** tab, in the **Team** dropdown, select a team to assign the device to.
<img src={useBaseUrl('img/team-mgmt/device-mgmt-assign-team.png')} alt="Assign a team" width="600"/>

## App Allow List

The [device cleaning process](/mobile-apps/real-device-cleaning) will remove apps installed from [Sauce Storage](/mobile-apps/app-storage) and the App Store/Play Store between sessions. To have installed apps and app data persist between sessions, update this setting for each of the application identifiers. This might be the app you are testing or dependent apps, e.g. MFA app, Microsoft Authenticator, etc.

:::important
This setting does **NOT** install the app. You must manually or via automation install the desired version of the matching app.

- For iOS devices, use the Bundle ID.
- [How to find the bundle ID on a Sauce Labs device](/basics/acct-team-mgmt/private-device-mgmt-find-bundle-id)
- For Android devices, use the package name.

`com.google.chrome.ios`
`com.apps.app1`
`com.ios.app2`
:::

## System App Allow List (iOS)

Certain iOS preinstalled apps are hidden by default, e.g. Messages, Mail, Notes. To access iOS preinstalled applications, add the bundle ID for each app.

:::important
For a list of native iPhone and iPad apps and their corresponding bundle IDs, please follow the reference link below.
https://support.apple.com/en-gb/guide/deployment/depece748c41/web

`com.apple.MobileSMS`
`com.apple.mobilenotes`
:::

## Account Allow List

Update this setting for each account email to preserve store and payment account sign-ins between sessions.

- Google accounts signed into the Play Store/Google Pay/In-App Purchase can be preserved between sessions.
- Apple IDs signed into the device and App Store/TestFlight/Apple Pay/In-App Purchase can be preserved between sessions.

:::important
`[email protected]`
`[email protected]`
:::

## Enable Apple Pay

Enable this setting to test Apple Pay.

:::important
This feature **requires** setting the Account Allow List.
Please see [Testing Apple Pay](/mobile-apps/live-testing/testing-apple-pay) for more information.
:::
2 changes: 1 addition & 1 deletion docs/mobile-apps/live-testing/testing-apple-pay.md
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ There are important differences between the Apple Pay Real Device and Simulator

## Requirements

- You need to use [Private devices](#apple-pay-on-real-private-devices) with Apple Payment enabled.
- You need to use [Private devices](#apple-pay-on-real-private-devices) with Apple Payment enabled.
- [Instrumentation](#disable-instrumentation) needs to be disabled.
- You need to add your Sauce Labs hosted Private device [UDID](#apple-pay-on-real-private-devices) to your own provisioning profile.
- Devices with Assistive touch enabled. In this case, you need to accept Apple Payment confirmation through assistive touch!
Expand Down
31 changes: 7 additions & 24 deletions docs/mobile-apps/mdm-support.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,16 +6,16 @@ sidebar_label: MDM Support on iOS Real Devices

import useBaseUrl from '@docusaurus/useBaseUrl';

<br/><p><span className="sauceGreen">Real Devices Only</span></p>
<br/><p><span className="sauceGreen">Real Devices Only</span></p>
<br/><p><span className="sauceGreen">Private Devices Only</span></p>

With our MDM support, you gain the ability to install your internal application through MDM onto our private devices, enabling seamless policy enforcement and application management.
With our MDM support, you gain the ability to install your internal application through MDM onto our private devices, enabling seamless policy enforcement and application management.

## What You'll Need

- A Sauce Labs account ([Log in](https://accounts.saucelabs.com/am/XUI/#login/) or sign up for a [free trial license](https://saucelabs.com/sign-up)).
- Access to private devices.
- Service account to access your MDM(Intune) account.
- Service account to access your MDM(Intune) account.

## Key Features

Expand All @@ -25,14 +25,11 @@ You can seamlessly apply and download the MDM profile to our private iOS devices
**App Policy Enforcement**
Sauce Labs supports the enforcement of app policies, allowing you to define and apply specific policies for each testing session. These policies are consistently reapplied to maintain a consistent testing environment.

**App Allowlisting**
You have the option to allowlist your applications, ensuring that only approved apps are installed and available for testing.

**App VPN Support**
Setting up App VPNs is made easy, enabling you to connect to your internal firewalls without the need for Sauce Connect. Certain applications, like Edge, will automatically configure VPN extensions.

**Retained App Data**
All apps can be retained on the devices of your choice, and the Apple ID used for App Store login can also be retained on the device.
**App, System App, and Account Allow List**
See [Private Device Management](/basics/acct-team-mgmt/private-device-mgmt) for information on customizing app and account allow lists.

## Installing MDM

Expand All @@ -44,27 +41,13 @@ All apps can be retained on the devices of your choice, and the Apple ID used fo
6. Once installed, click on the **Home Screen**.
7. Confirm that all the apps related to your company-managed profile have been successfully downloaded.

## Retrieving the BundleID for Allow-listing Your Apps

To prevent our cleaning from removing your application after every session, this guide will help you to obtain the bundleID for these applications.

Follow these steps during live testing:

1. Open a Live Testing session with an iOS Device.
2. Open Device logs in VERBOSE mode.
3. Clean the device logs.
4. Copy-paste this string in the search bar `SBApplicationStateDisplayIDKey`.
5. Open the application you want to be allow-listed.
6. Check the values of `SBApplicationStateDisplayIDKey`, which is the bundleID for any given app that has been launched.

<img src={useBaseUrl('img/mobile-apps/bundle-id.png')} alt="Bundle ID" width="800"/>

## Restrictions and Recommendations

While our MDM support offers a robust framework for device management, certain limitations and recommendations should be considered during implementation:

- **Sauce-Specific MDM Policy** - You should create a Sauce-specific MDM policy, emphasizing requirements such as passcode lock settings, OS version compatibility, and application installation preferences.
- **Passcode Lock and Setup** - Avoid enforcing passcode lock or device setup to maintain user flexibility.
- **OS Version Compatibility** - Ensure compatibility with a range of iOS versions, not exclusively the latest.
- **USB Data Transfer**- Maintain USB data transfer functionality for efficient interactions.
- **Screen Recording**- We recommend that the screen recording feature is enabled.
- **Screen Recording**- We recommend that the screen recording feature is enabled.
- **Application Installation** - Enable installation of applications to the device.
19 changes: 2 additions & 17 deletions docs/mobile-apps/real-device-cleaning.md
Original file line number Diff line number Diff line change
Expand Up @@ -57,23 +57,8 @@ We use a proprietary process that wipes every real device clean at the end of th
## Private Devices

:::caution
On Private devices, access to some parts of the device settings is restricted: Wifi and Network Settings, Profile and Device Management, Passcode/Biometrics Settings, Developer options, Resetting device options, Creating AppleIDs, Battery Options, and Display Settings. These restrictions apply to iOS/Android private devices.
On Private Devices, access to some parts of the device settings is restricted: Wifi and Network Settings, Profile and Device Management, Passcode/Biometrics Settings, Developer options, Resetting device options, Creating AppleIDs, Battery Options, and Display Settings. These rules apply to both iOS and Android public devices.
:::

Private Devices follow the same process as Public Devices. However, the customer can adjust the following as desired through our support:
While both Private and Public Devices follow the same cleaning process, Private Devices can be configured to allow applications and accounts to persist between sessions. Please see [Private Device Management](/basics/acct-team-mgmt/private-device-mgmt) for details.

App allowlist:

- Apps installed on the device can be selected, by name/bundleID/package name, to be preserved between sessions. These apps and their data will not be cleaned. They can be uploaded by the customer from Sauce Storage, or installed from the App Store/Play Store.

Account allowlist:

With the account allowlist you will be able:
- Google accounts signed into the Play Store/Google Pay/In-App Purchase can be preserved between sessions.
- Apple IDs signed into the device and App Store/TestFlight/Apple Pay/In-App Purchase can be preserved between sessions.

System app allowlist:

By default, we are removing most of the system applications from iOS, to ensure our cleaning service run faster.
You can get back your Messages, Mail, Notes applications on private devices easily, by submitting a support request.
Here you can find the list of system apps you can get access back to: https://support.apple.com/en-gb/guide/deployment/depece748c41/web
2 changes: 1 addition & 1 deletion sidebars.js
Original file line number Diff line number Diff line change
Expand Up @@ -827,10 +827,10 @@ module.exports = {
items: [
'basics/acct-team-mgmt/adding-deleting-teams',
'basics/acct-team-mgmt/assigning-removing-users-teams',
'basics/acct-team-mgmt/private-device-mgmt',
'basics/acct-team-mgmt/sauce-connect-proxy-tunnels',
],
},
'basics/acct-team-mgmt/private-device-mgmt',
{
type: 'category',
label: 'Billing and Subscriptions',
Expand Down
File renamed without changes
Loading