NOTE: This topic applies to iOS Workflows. For Android Workflows, see this article.
You’ll need to create three Workflows for iOS devices: Device Prep, Return, and Check Out.
Device Prep
As part of Device Prep, you will perform the basic provisioning of the device. At a minimum, you should include the following actions:
- Perform MDM command – This will delete the device which ensures that the enrollment is treated as “new”. – Pre- Enrollment Action > Delete from MDM.
- Erase
- Add WiFi
- Set Name
- Set Language and Locale – This will skip this set up screen on the device
- DEP Enrollment
- Check in Action
Your MDM should install the Imprivata Locker app on enrollment for these devices.
Important! Ignore the warning and do not include a Wi-Fi profile in the Return and Checkout Workflows. Your device will already have a Wi-Fi profile from the Prep Workflow, and reinstalling the Wi-Fi profile during the return or check out process may cause the Workflow to fail.
Return
This workflow locks down devices when connected, without needing to run a full prep workflow. Include the following actions:
- Check In Device — Launches and locks the Imprivata Locker app, sets the status to “Checked In” and clears the Device User attribute.
- Set Wallpaper — a black wallpaper is a visual clue that devices are locked. You may wish to use this intimidating wallpaper.
- On Failure — In the event the check in fails, Imprivata recommends adding an On Failure action to your workflow to ensure your device is locked and checked in.
- Under Advanced, add an On Failure action. Select Retry this workflow option only and select the number of attempts you would like. Three (3) attempts is a best practice.
- Configure a Workflow action to run after the number of failures is exceeded.
- Perform MDM Command > Clear Passcode — if you are using passcodes in your organization, you must clear the passcode via MDM in order to check successfully in devices. For more information, see the Clearing Passcodes article.
Check Out
This Workflow unlocks the device after a successful badge tap. When the Workflow is run, the attribute “[Device User]” will have the username of the person checking out the device.
Include the following actions:
- Check Out Device — this action unlocks the Imprivata Locker app, displays a green screen with the user’s ID, and sets the device status to “Checked Out”. If you have Smart Hub services enabled, it will also rapidly flash the white LED next to the device.
BEST PRACTICE: Imprivata recommends displaying the user’s name on the device at check out. Set the text to display to “Ready for [Imprivata Display Name]” or something similar.
BEST PRACTICE: Imprivata recommends keeping the Suppress blue LED on Smart Hub during Check Out option selected. Instead of displaying the blue LED indicating a “deployment in progress”, the Smart Hub will flash the white LED, indicating that the device is ready to be removed from the dock.
- Set Wallpaper — if you used the black wallpaper above, then on check out you will want to add your friendly wallpaper with your organization’s logo. Imprivata also recommends embedding text onto the Lock Screen stating “Checked Out to [Device User]”, or something similar.