**This guide is for Ivanti Neurons and EPMM customers deploying CAPTOR for Android Enterprise


Prerequisite

Ivanti Neurons / EPMM must be enabled for Android Enterprise (AE) in order to use AE  apps.To enable Ivanti to provide Android Enterprise features, you must perform setup steps with Google, Ivanti Support, and Ivanti Core/Cloud Admin Console. Please ensure these steps are completed first.

Overview

CAPTOR™ enables the secure capture and control of sensitive business-related content. Use CAPTOR as a business camera app, a document scanning app, and an audio recording app.


-Scan multi-page documents with smart edge detection, edit, annotate, and save as PDF.

-Capture high resolution photos.

-Record videos.

-Record ambient audio.

-Read QR codes and launch secure browser.

-Annotate photos and documents with arrows, drawings, highlighters, and text labels.

-Informative captions can be automatically applied to photos.

-IT policies to enforce authentication, sharing, file naming, etc.

-Capture content even in situations with no connectivity.

-Encrypted data container protects content and enables IT administrator to wipe data if device is lost or stolen.

-Completely separate work content from personal to support BYOD/COPE, and enabling personal privacy (GDPR compliance).

-Secure Content Copy: Backup content to a network drive using OneDrive, SMB, SFTP, or WebDAV.

CAPTOR is used to solve complex use cases in industries such as healthcare, legal, government, law enforcement, insurance, construction, and financial services.

Package Name: com.inkscreen.android.captor

App availability

Google Play:

https://play.google.com/store/apps/details?id=com.inkscreen.android.captor

Device compatibility

This app requires version Android 10 or newer.

App Deployment

  1. Import the app into Ivanti.

Ivanti Admin Portal > Apps > App Catalog > Store Import  > Google Play > Google Play Store Search for the app (search for “Inkscreen CAPTOR” for best results)  > click Import

  1. Enable Android Enterprise for your app.

Ivanti Admin Portal > Apps > App Catalog > Search for your app > Edit App > In “Android Enterprise” section > Enable “Install this app for Android Enterprise”

  1. Configuring the app

Ivanti Admin Portal -> Apps -> App Catalog -> Search for your app -> Edit App -> In “Configurations” section -> List of key-value pairs will be pre-populated

  1. Apply Label to App 

Ivanti Admin Portal -> Apps -> App Catalog -> Select your app -> More Actions -> Apply Label


*There are many keys with values that support substitution variables. Please review the Ivanti/MobileIron substitution variable options here: https://help.ivanti.com/mi/help/en_us/CORE/11.x/appwk/AppsAtWork/iOS_managed_app_configur.htm


App-specific configuration

Key

Description

Default if not configured

License

License key for use of application used to determine and track number of devices provisioned. 

IMPORTANT:  The application must be able to reach https://api.backendless.com/ in order to authenticate the license. Please check firewall settings to ensure devices can reach this domain. 

REQUIRED FOR ACTIVATION

Go to www.inkscreen.com/trial or email sales@inkscreen.com to request a license.

CAPTOR will not function without a valid license key.

Username

Links the username field within the app to either the email address or user ID for that user as listed in MobileIron Core. The app user will not be able to change the app username once this key-pair is set. The MobileIron admin can change this value any time without negatively impacting users. Value entered should be either $USERID$ or $EMAIL$. Please note:  the username can be displayed on the photo as a caption, and inserted as metadata.

REQUIRED FOR ACTIVATION

If key-value pair is not configured, the app will not be able to authenticate against the license server.

Filename Base

Sets a base name for captured content. The nomenclature system appends the base with the time and date of capture (ex. CAPTOR_07_21_2018_11_21_33.JPG). Value can be an alpha-numeric string 1-20 characters with no spaces, or $USERID$

ADDING THIS KEY-VALUE PAIR IS HIGHLY RECOMMENDED

If key-value pair is not configured, the default filename base will be CAPTOR and the user can edit.

Time til Empty Trash

Sets a value (in days) to wait before permanently deleting media content that a user has moved to the Trash folder in the app. Value entered should be a whole number 0 - 999. Entering “0” means the Trash folder will be emptied each time the app is launched.

If key-value pair is not configured, the default setting is to delete contents of the Trash folder that are older than 30 days.

Show Caption

Enforces the printed caption on the border of photos. The caption includes 1) username of who captured the media, 2) time and date of capture, 3) location where media was captured (lat/long or city/state/country), and a note (up to 255 char). Please note:  this feature does not impact Documents or Audio.


Version (PDF)

Sets the version of PDF that will be created when sharing documents or photos in the PDF file format. Value entered may be:

1.3

1.4

1.5

1.6

1.7

PDF/A-1a

PDF/A-1b

PDF/A-2a

PDF/A-2b

PDF/A-2u

PDF/A-3a

PDF/A-3b

PDF/A-3u

If key pair is not configured, the default will be 1.3 and the user will be able to adjust.

Watermark

Adds a semi-transparent alpha/numeric string (up to 50 characters) across photos and pages of document.



Watermark Time/DateAdds a second line to the watermark with the time and date of capture
Allow BiometricsAllows the user to authenticate using biometrics (facial recognition, fingerprint recognition)

Default Capture ModeEstablishes a default mode which the app will open to. Options include Photo, Video, Audio, and Doc.
If the key pair is not configured, the user can select a default capture mode.



Secure Content Copy Backup Service

Secure Content Copy is an optional service enabling the backup of CAPTOR content to a server or network drive. 

Before setting up the service, you must establish a server on your network to receive the content. Additionally, the server must be configured to include folders for each CAPTOR user which can be mapped to.  If you utilize the key “Username” with value $USERID$, the folders on your backup server should be named the same way. 

Here is an overview of the process to set up the backup service:

  1. Select the best data transfer protocol. CAPTOR currently supports SMB, SFTP, and WebDAV. 
  2. Establish a server on your network to receive the content. Create folders for each user, named to match the CAPTOR usernames. 
  3. Create a MobileIron Sentry and AppTunnel to encrypt and control the traffic into your network from the CAPTOR app. 
  4. Establish the key/value pairs in Core or Cloud to enable and configure the service. At a minimum, you must enter a value for “Backup Enabled” matching your selected data transfer protocol. 
  5. Launch CAPTOR on a test device and review the configuration by going to Settings>Backup Config. Depending on your configuration you may have to complete the settings for the selected transfer protocol and/or Advanced Config options. 

Key

Description

Default if not configured

Backup Enabled

This is the master switch to turn on the backup service. The value entered identifies which transfer protocol will be used. Only one protocol can be established at a time, so the remaining protocols will be disabled. Values entered may be:

webdav

sftp

smb

onedrive

If key pair is not configured, the backup service will be disabled.

Backup

The backup process can be automated, or allowed to be conducted by the user on demand. Values entered may be:

auto

manual

If key pair is not configured and enable backup is configured, the default will be manual.

Automated Backup After (Days)

If you intend the backup process to be automated, this key is required. The value entered indicates how long the system will wait before backing up content. For example, setting a value “7” means that the system will backup content that was captured at least 7 days prior. Entering a value “0” will backup content in the next user session. Values entered may be 0-30.

If key pair is not configured and backupmethod is set to “auto”, the default will be 1.

Delete Backed-up Content After (Days)

When configured this will move backed-up content to the CAPTOR Trash folder after a specified number of days after it was backed up. For example, a value “3” would instruct the system to trash an item three days after it was backedup. A value “0” instructs the system to trash items immediately after backup. Values entered can be 0-30. 

If key pair is not configured, the default is set to never delete content after it is backedup. 

Content Quality

Sets the quality of the content that is backedup. The system uses the same quality standards as the normal sharing options . Values entered maybe:

low

med

high

If key pair is not configured, the default is high.



Backup Protocol Key/Value Pairs

The next step is to set the key pairs related to the backup transfer protocol that you selected. You may only use one protocol for any specific label.


WebDAV

Key

Description

Default if not configured

webdavuser

Assigns the username for authentication of backup server. For most customers the value entered should be $USERID$

If key pair is not configured, the user will be allowed to set the username within the app.

webdavpassword

Assigns the password for authentication of backup server. MobileIron no longer supports $PASSWORD$ as a standard attribute so consider creating a custom attribute or allowing the user to enter the password within the app.

If key pair is not configured, the user will be allowed to set the password within the app.

webdavurl

Assigns the URL to the backup server. Value entered should be a valid url; for example “https://23-22.companynet.com"

If key pair is not configured, the user will be allowed to set the URL within the app.

webdavpath

Assigns the directory path for the user’s folder on the backup server. *Please note, the user folders must be created on the server by the IT Admin prior to setting this configuration. For most customers, the value entered should be:  /$USERID$/

If key pair is not configured, the user will be allowed to set the path within the app.


SMB

Key

Description

Default if not configured

smbhost

Assigns the IP address for the backup server. 

If key pair is not configured, the user will be allowed to set the host within the app.

smbuser

Assigns the username for authentication of backup server. For most customers the value entered should be $USERID$

If key pair is not configured, the user will be allowed to set the username within the app.

smbpassword

Assigns the password for authentication of backup server. MobileIron no longer supports $PASSWORD$ as a standard attribute so consider creating a custom attribute or allowing the user to enter the password within the app.

If key pair is not configured, the user will be allowed to set the password within the app.

smbshare

Assigns the SMB share name. This field may not be required for all implementations.

If key pair is not configured, the user will be allowed to set the share within the app.

smbpath

Assigns the directory path for the user’s folder on the backup server. *Please note, the user folders must be created on the server by the IT Admin prior to setting this configuration. For most customers, the value entered should be:  $USERID$

If key pair is not configured, the user will be allowed to set the path within the app.


For more detailed instructions on setting up SMB backups please visit the following knowledge base article:  https://inkscreen.freshdesk.com/support/solutions/articles/1000316184-captor-smb-backup-configuration-guide


SFTP

Key

Description

Default if not configured

sftphost

Assigns the IP address or URL for the backup server. 

If key pair is not configured, the user will be allowed to set the host within the app.

sftpuser

Assigns the username for authentication of backup server. For most customers the value entered should be $USERID$

If key pair is not configured, the user will be allowed to set the username within the app.

sftppassword

Assigns the password for authentication of backup server. MobileIron no longer supports $PASSWORD$ as a standard attribute so consider creating a custom attribute or allowing the user to enter the password within the app.

If key pair is not configured, the user will be allowed to set the password within the app.

sftpport

Assigns the network port. Value entered should be numeric (for example:  22). 

If key pair is not configured, the user will be allowed to set the port within the app.

sftppath

Assigns the directory path for the user’s folder on the backup server. *Please note, the user folders must be created on the server by the IT Admin prior to setting this configuration. For most customers, the value entered should be:  /$USERID$

If key pair is not configured, the user will be allowed to set the path within the app.


Microsoft OneDrive

**Implemented with MSAL

Key

Description

Default if not configured

onedrivepath

Assigns the directory path for the user’s folder. *Please note, the user folders must be created on the server by the IT Admin prior to setting this configuration.

If key pair is not configured, the user will be allowed to set the path within the app.


Contact Details

For support, please go to www.inkscreen.com/support or email support@inkscreen.com. Inkscreen is based in Austin, Texas USA in the Central Daylight Time Zone (UTC-5).