Prerequisite
MobileIron Core/Cloud (now Ivanti) must be enabled for Android Enterprise (AE) in order to use AE apps.To enable MobileIron Core/Cloud to provide Android Enterprise features, you must perform setup steps with Google, MobileIron Support, and MobileIron Core/Cloud Admin Console. Please ensure these steps are completed first.
Core Admin Guide: https://community.mobileiron.com/docs/DOC-3664
Cloud Admin Guide: https://community.mobileiron.com/docs/DOC-2999
Overview
CAPTOR™ enables the secure capture and control of sensitive business-related content. Use CAPTOR as a business camera app, a document scanning app, and an audio recording app.
-Scan multi-page documents with smart edge detection, edit, annotate, and save as PDF.
-Capture high resolution photos.
-Record videos.
-Record ambient audio.
-Read QR codes and launch secure browser.
-Annotate photos and documents with arrows, drawings, highlighters, and text labels.
-Informative captions can be automatically applied to photos.
-IT policies to enforce authentication, sharing, file naming, etc.
-Capture content even in situations with no connectivity.
-Encrypted data container protects content and enables IT administrator to wipe data if device is lost or stolen.
-Completely separate work content from personal to support BYOD/COPE, and enabling personal privacy (GDPR compliance).
-Secure Content Copy: Backup content to a network drive using OneDrive, SMB, SFTP, or WebDAV.
CAPTOR is used to solve complex use cases in industries such as healthcare, legal, government, law enforcement, insurance, construction, and financial services.
Package Name: com.inkscreen.android.captor
App availability
Google Play:
https://play.google.com/store/apps/details?id=com.inkscreen.android.captor
Device compatibility
This app requires version Android 10 or newer.
App Deployment
- Import the app into MobileIron Core.
MobileIron Core Admin Portal > Apps > App Catalog > Store Import > Google Play > Google Play Store Search for the app (search for “Inkscreen CAPTOR” for best results) > click Import
- Enable Android Enterprise for your app.
MobileIron Core Admin Portal > Apps > App Catalog > Search for your app > Edit App > In “Android Enterprise” section > Enable “Install this app for Android Enterprise”
- Configuring the app
MobileIron Core Admin Portal -> Apps -> App Catalog -> Search for your app -> Edit App -> In “Configurations” section -> List of key-value pairs will be pre-populated
- Apply Label to App
MobileIron Core Admin Portal -> Apps -> App Catalog -> Select your app -> More Actions -> Apply Label
*There are many keys with values that support substitution variables. Please review the Ivanti/MobileIron substitution variable options here: https://help.ivanti.com/mi/help/en_us/CORE/11.x/appwk/AppsAtWork/iOS_managed_app_configur.htm
App-specific configuration
Key | Description | Default if not configured |
License | License key for use of application used to determine and track number of devices provisioned. IMPORTANT: The application must be able to reach https://api.backendless.com/ in order to authenticate the license. Please check firewall settings to ensure devices can reach this domain. REQUIRED FOR ACTIVATION Go to www.inkscreen.com/trial or email sales@inkscreen.com to request a license. | CAPTOR will not function without a valid license key. |
Username | Links the username field within the app to either the email address or user ID for that user as listed in MobileIron Core. The app user will not be able to change the app username once this key-pair is set. The MobileIron admin can change this value any time without negatively impacting users. Value entered should be either $USERID$ or $EMAIL$. Please note: the username can be displayed on the photo as a caption, and inserted as metadata. REQUIRED FOR ACTIVATION | If key-value pair is not configured, the app will not be able to authenticate against the license server. |
Filename Base | Sets a base name for captured content. The nomenclature system appends the base with the time and date of capture (ex. CAPTOR_07_21_2018_11_21_33.JPG). Value can be an alpha-numeric string 1-20 characters with no spaces, or $USERID$ ADDING THIS KEY-VALUE PAIR IS HIGHLY RECOMMENDED | If key-value pair is not configured, the default filename base will be CAPTOR and the user can edit. |
Time til Empty Trash | Sets a value (in days) to wait before permanently deleting media content that a user has moved to the Trash folder in the app. Value entered should be a whole number 0 - 999. Entering “0” means the Trash folder will be emptied each time the app is launched. | If key-value pair is not configured, the default setting is to delete contents of the Trash folder that are older than 30 days. |
Show Caption | Enforces the printed caption on the border of photos. The caption includes 1) username of who captured the media, 2) time and date of capture, 3) location where media was captured (lat/long or city/state/country), and a note (up to 255 char). Please note: this feature does not impact Documents or Audio. | |
Version (PDF) | Sets the version of PDF that will be created when sharing documents or photos in the PDF file format. Value entered may be: 1.3 1.4 1.5 1.6 1.7 PDF/A-1a PDF/A-1b PDF/A-2a PDF/A-2b PDF/A-2u PDF/A-3a PDF/A-3b PDF/A-3u | If key pair is not configured, the default will be 1.3 and the user will be able to adjust. |
| Watermark | Adds a semi-transparent alpha/numeric string (up to 50 characters) across photos and pages of document. | |
| Watermark Time/Date | Adds a second line to the watermark with the time and date of capture |
Secure Content Copy Backup Service
Secure Content Copy is an optional service enabling the backup of CAPTOR content to a server or network drive.
Before setting up the service, you must establish a server on your network to receive the content. Additionally, the server must be configured to include folders for each CAPTOR user which can be mapped to. If you utilize the key “Username” with value $USERID$, the folders on your backup server should be named the same way.
Here is an overview of the process to set up the backup service:
- Select the best data transfer protocol. CAPTOR currently supports SMB, SFTP, and WebDAV.
- Establish a server on your network to receive the content. Create folders for each user, named to match the CAPTOR usernames.
- Create a MobileIron Sentry and AppTunnel to encrypt and control the traffic into your network from the CAPTOR app.
- Establish the key/value pairs in Core or Cloud to enable and configure the service. At a minimum, you must enter a value for “Backup Enabled” matching your selected data transfer protocol.
- Launch CAPTOR on a test device and review the configuration by going to Settings>Backup Config. Depending on your configuration you may have to complete the settings for the selected transfer protocol and/or Advanced Config options.
Key | Description | Default if not configured |
Backup Enabled | This is the master switch to turn on the backup service. The value entered identifies which transfer protocol will be used. Only one protocol can be established at a time, so the remaining protocols will be disabled. Values entered may be: webdav sftp smb onedrive | If key pair is not configured, the backup service will be disabled. |
Backup | The backup process can be automated, or allowed to be conducted by the user on demand. Values entered may be: auto manual | If key pair is not configured and enable backup is configured, the default will be manual. |
Automated Backup After (Days) | If you intend the backup process to be automated, this key is required. The value entered indicates how long the system will wait before backing up content. For example, setting a value “7” means that the system will backup content that was captured at least 7 days prior. Entering a value “0” will backup content in the next user session. Values entered may be 0-30. | If key pair is not configured and backupmethod is set to “auto”, the default will be 1. |
Delete Backed-up Content After (Days) | When configured this will move backed-up content to the CAPTOR Trash folder after a specified number of days after it was backed up. For example, a value “3” would instruct the system to trash an item three days after it was backedup. A value “0” instructs the system to trash items immediately after backup. Values entered can be 0-30. | If key pair is not configured, the default is set to never delete content after it is backedup. |
Content Quality | Sets the quality of the content that is backedup. The system uses the same quality standards as the normal sharing options . Values entered maybe: low med high | If key pair is not configured, the default is high. |
Backup Protocol Key/Value Pairs
The next step is to set the key pairs related to the backup transfer protocol that you selected. You may only use one protocol for any specific label.
WebDAV
Key | Description | Default if not configured |
webdavuser | Assigns the username for authentication of backup server. For most customers the value entered should be $USERID$ | If key pair is not configured, the user will be allowed to set the username within the app. |
webdavpassword | Assigns the password for authentication of backup server. MobileIron no longer supports $PASSWORD$ as a standard attribute so consider creating a custom attribute or allowing the user to enter the password within the app. | If key pair is not configured, the user will be allowed to set the password within the app. |
webdavurl | Assigns the URL to the backup server. Value entered should be a valid url; for example “https://23-22.companynet.com" | If key pair is not configured, the user will be allowed to set the URL within the app. |
webdavpath | Assigns the directory path for the user’s folder on the backup server. *Please note, the user folders must be created on the server by the IT Admin prior to setting this configuration. For most customers, the value entered should be: /$USERID$/ | If key pair is not configured, the user will be allowed to set the path within the app. |
SMB
Key | Description | Default if not configured |
smbhost | Assigns the IP address for the backup server. | If key pair is not configured, the user will be allowed to set the host within the app. |
smbuser | Assigns the username for authentication of backup server. For most customers the value entered should be $USERID$ | If key pair is not configured, the user will be allowed to set the username within the app. |
smbpassword | Assigns the password for authentication of backup server. MobileIron no longer supports $PASSWORD$ as a standard attribute so consider creating a custom attribute or allowing the user to enter the password within the app. | If key pair is not configured, the user will be allowed to set the password within the app. |
smbshare | Assigns the SMB share name. This field may not be required for all implementations. | If key pair is not configured, the user will be allowed to set the share within the app. |
smbpath | Assigns the directory path for the user’s folder on the backup server. *Please note, the user folders must be created on the server by the IT Admin prior to setting this configuration. For most customers, the value entered should be: $USERID$ | If key pair is not configured, the user will be allowed to set the path within the app. |
For more detailed instructions on setting up SMB backups please visit the following knowledge base article: https://inkscreen.freshdesk.com/support/solutions/articles/1000316184-captor-smb-backup-configuration-guide
SFTP
Key | Description | Default if not configured |
sftphost | Assigns the IP address or URL for the backup server. | If key pair is not configured, the user will be allowed to set the host within the app. |
sftpuser | Assigns the username for authentication of backup server. For most customers the value entered should be $USERID$ | If key pair is not configured, the user will be allowed to set the username within the app. |
sftppassword | Assigns the password for authentication of backup server. MobileIron no longer supports $PASSWORD$ as a standard attribute so consider creating a custom attribute or allowing the user to enter the password within the app. | If key pair is not configured, the user will be allowed to set the password within the app. |
sftpport | Assigns the network port. Value entered should be numeric (for example: 22). | If key pair is not configured, the user will be allowed to set the port within the app. |
sftppath | Assigns the directory path for the user’s folder on the backup server. *Please note, the user folders must be created on the server by the IT Admin prior to setting this configuration. For most customers, the value entered should be: /$USERID$ | If key pair is not configured, the user will be allowed to set the path within the app. |
Security Controls
CAPTOR supports Lockdown policies and other security controls described in this documentation.
MobileIron Core: https://community.mobileiron.com/docs/DOC-3664
Secure Tunneling Support
If backup is enabled, you have the option to utilize AppTunnel to secure and monitor the data traffic as content is copied to the network. This is not required.
Overview: https://community.mobileiron.com/docs/DOC-3829
Contact Details
For support, please go to www.inkscreen.com/support or email support@inkscreen.com. Inkscreen is based in Austin, Texas USA in the Central Daylight Time Zone (UTC-5).