||
Skip to end of metadata
Go to start of metadata

A work profile creates a containerized environment in a BYOD device to run corporate data and applications. This enables device admins to take control of the corporate data and applications running on the device without preventing the device owner from using the primary profile functionality.

Before you begin

  • Make sure to have an Android device that supports the Lollipop version or upwards.

    WSO2 IoT Server implements data containerization using the Android Managed Profile feature, which is only available on Android Lollipop OS version and above.

  • Do you have work profile that is already running on your device? If yes, on your device, go to Settings > Accounts and remove it. Else, you run into errors.

  • Start the WSO2 IoT Server core profile.

    cd <IoT_HOME>/bin sh iot-server.sh
  • Download the Android agent.

     Click here for more information.

    Follow the steps given below to get the Android Agent. 

    1. Sign in to the Device Management console.

       Click here for more information.
      Follow the instructions below to sign in to the WSO2 EMM device management console:
      1. If you have not started the server previously, start the server.

      2. Access the device management console.

        • For access via HTTP: 
          http://<IOTS_HTTP_HOST>:9763/devicemgt/ 

          For example: http://localhost:9763/devicemgt/
        • For access via secured HTTP: 
          https://<IOTS_HTTPS_HOST>:9443/devicemgt/ 
          For example: https://localhost:9443/devicemgt/ 
      3. Enter the username and password, and sign in.

        The system administrator will be able to log in using admin for both the username and password. However, other users will have to first register with WSO2 EMM before being able to log into the device management console. For more information on creating a new account, see Registering with WSO2 IoT Server.

        By logging in you agree with the WSO2 IoT Server 3.3.0 cookie policy and privacy policy.

      4. Further, you need to provide consent for the details you want WSO2 IoT Server to use.
      5. Click LOGIN. The respective device management console will change, based on the permissions assigned to the user.
        For example, the device management console for an administrator is as follows:

    2. Click Enroll New Device.

      If you are an Admin user, click the menu icon, and select DEVICE MANAGEMENT, to access the ENROLL DEVICE button.

    3. Click Android to enroll your device with WSO2 IoT Server.
    4. Enroll the device.
      1. Click Enroll Device.
      2. Scan the QR code to download the Android agent onto your Android device.

        You need to make sure that your Android device and the IoT Server are on the same network, else you will not be able to download the Android agent.

        After scanning the QR code you will be directed to a web page. When this page appears, the web browser will typically display an "insecure connection" message, which requires your confirmation before you can continue.

         Click here for more information.

        The WSO2 IoT Server consoles are based on the HTTPS protocol, which is a combination of HTTP and SSL protocols. This protocol is generally used to encrypt the traffic from the client to server for security reasons. The certificate it works with is used for encryptiononly,and does not prove the server identity, so when you try to access these consoles, a warning of untrusted connection is usually displayed. To continue working with this certificate, some steps should be taken to "accept" the certificate before access to the site is permitted. If you are using the Mozilla Firefox browser, this usually occurs only on the first access to the server, after which the certificate is stored in the browser database and marked as trusted. However, with other browsers, the insecure connection warning might be displayed every time you access the server.

        This scenario is suitable for testing purposes, or for running the program on the company's internal networks. If you want to make these consoles available to external users, your organization should obtain a certificate signed by a well-known certificate authority, which verifies that the server actually has the name it is accessed by and that this server belongs to the given organization.

    5. Click Download Android Agent.

    1. Sign in to the Device Management console.

       Click here for more information.
      Follow the instructions below to sign in to the WSO2 EMM device management console:
      1. If you have not started the server previously, start the server.

      2. Access the device management console.

        • For access via HTTP: 
          http://<IOTS_HTTP_HOST>:9763/devicemgt/ 

          For example: http://localhost:9763/devicemgt/
        • For access via secured HTTP: 
          https://<IOTS_HTTPS_HOST>:9443/devicemgt/ 
          For example: https://localhost:9443/devicemgt/ 
      3. Enter the username and password, and sign in.

        The system administrator will be able to log in using admin for both the username and password. However, other users will have to first register with WSO2 EMM before being able to log into the device management console. For more information on creating a new account, see Registering with WSO2 IoT Server.

        By logging in you agree with the WSO2 IoT Server 3.3.0 cookie policy and privacy policy.

      4. Further, you need to provide consent for the details you want WSO2 IoT Server to use.
      5. Click LOGIN. The respective device management console will change, based on the permissions assigned to the user.
        For example, the device management console for an administrator is as follows:

    2. Click Invite by Email.
    3. Enter the email address of the users who needsto enroll their device with WSO2 IoT Server, and click Send Invite(s).
      If you entered your email address, you will receive the registration email.
    4. Click on the link in the email to download the Android agent.
    5. Click Download Android Agent.

    1. Signin tothe Device Management console.

       Click here for more information.
      Follow the instructions below to sign in to the WSO2 EMM device management console:
      1. If you have not started the server previously, start the server.

      2. Access the device management console.

        • For access via HTTP: 
          http://<IOTS_HTTP_HOST>:9763/devicemgt/ 

          For example: http://localhost:9763/devicemgt/
        • For access via secured HTTP: 
          https://<IOTS_HTTPS_HOST>:9443/devicemgt/ 
          For example: https://localhost:9443/devicemgt/ 
      3. Enter the username and password, and sign in.

        The system administrator will be able to log in using admin for both the username and password. However, other users will have to first register with WSO2 EMM before being able to log into the device management console. For more information on creating a new account, see Registering with WSO2 IoT Server.

        By logging in you agree with the WSO2 IoT Server 3.3.0 cookie policy and privacy policy.

      4. Further, you need to provide consent for the details you want WSO2 IoT Server to use.
      5. Click LOGIN. The respective device management console will change, based on the permissions assigned to the user.
        For example, the device management console for an administrator is as follows:

    2. Click Download APK.
    3. Copy the downloaded file to your mobile device.

Follow the instructions given below to set up the Android work profile:

  1. Tap INSTALL to start installing the Android agent.

  2. Tap OPEN, once the WSO2 Android Agent is successfully installed.

  3. Tap SETUP WORK-PROFILE to proceed with registering the Android device via the Work-Profile.

  4. Tap SET UP.

    If your device was not encrypted previously, you will be prompted to encrypt the device.

  5. Enter the server address based on your environment, in the text box provided and tap START REGISTRATION. A confirmation message appears.

    • Developer Environment - Enter the server IP as your server address.
      Example: 10.10.10.123:8280
    • Deployment Environment - Enter the domain as your server address.

      The Android Agent app's default port is 8280. If you are using any other port, the server address should state the new port in the following format: www.abc.com:<PORT>, e.g., if the port is 8289 the server IP is as follows: www.abc.com:8289.

  6. Enter your details and tap SIGN IN.
    • Organization - Enter the organization name only if the server is hosted with multi-tenant support or enter the default carbon.super, which is the default organization name on a non-multi-tenant environment.
    • Username - Enter the WSO2 IoTS username.
    • Password - Enter the WSO2 IoTS password.

    Read the policy agreement, and tap AGREE to accept the agreement.  
  7. Tap ALLOW to allow the WSO2 Android agent to access photos, media, and files, make and manage phone calls, and access the device location respectively.

  8. Set a PIN code of your choice with a minimum of 4 digits. A confirmation message appears.

    You will be prompted to provide a PIN code only if your device is a BYOD device. The PIN code will be used to secure your personal data. Thereby, WSO2 IoT server will not be able to carry out critical operations on your personal data without using this PIN. 

    Example: A device management admin cannot wipe your device or remove data from the device without the PIN code. You have to provide the PIN code to get your device wiped or you can log into the device management console and wipe your device by entering the PIN code.

  9. You have now successfully registered your Android device. Tap Device Information to get device specific information, and tap Unregister if you wish to unregister your device from WSO2 IoT Server.


Once the registration process is complete, navigate to the launcher of your device. Notice the duplication of application icons. The applications with red icons are the ones used by WSO2 IoT Server.

To deactivate Android Work Profile:

  1. Navigate to Settings > Accounts on your device.
  2. Click Remove work profile.
  3. Tap DELETE and proceed with the deactivation.

    Once the deactivation is complete, navigate to the launcher of the device. Notice the disappearance of the applications with red icons.



  • No labels