Product Documentation

Configuring Notifications

Oct 20, 2015

You can use notifications in Device Manager to do the following:

  • Communicate with select groups of users easily from the Device tab, such as all iOS device users, users whose devices are out of compliance, all users with employee-owned devices, all users with unmanaged devices, and so on.
  • Enroll users and their devices into Device Manager.
  • Automatically notify your users (through Automated Actions) when certain conditions are met, such as when a user's device is about to be blocked from corporate access due to compliance policy violations, or when a user's device has been jailbroken or rooted.

Notifications are used to send messages over three different channels: SMTP, SMS, and Agent Push (currently iOS only).

Before you can send notifications, you must configure a notifications server and a SMS gateway and carrier SMS gateway. Also, you must select a notification channel in the notification template.

Note: Port 25 must be opened from the Device Manager server located in your DMZ to point back to the SMTP server on your internal network in order for notifications to be sent successfully.

Sending Ad-Hoc Notifications

You can send a one time, ad-hoc notifications in Device Manager to single or multiple users directly to their devices using SMTP, SMS, or Agent Push (iOS only).
  1. On the Devices tab, select a single device or select multiple devices. You can choose to filter the list of devices depending on your purpose. For example, you might want to send a message to all users who have jailbroken devices, or send a message to all users whose devices are listed as Out Of Compliance.
  2. Select the devices to which you want to send notifications and then click Notification.
  3. In the Notifications dialog box, enter the following information:
    1. From. The sender of the notification (optional).
    2. To. The users associated with the devices you selected will automatically be added to the notification recipient list. If you want to add other users beyond the list of devices you selected, you can enter the user's email address as known by Device Manager (case-sensitive) and then click the plus icon to add the user.
    3. Template. You can choose a template to fit the purpose of your notification. For example, if you want to notify users whose devices have been jailbroken and are out of compliance, you can select a custom ad hoc notification template built for this purpose.
    4. Message. You can enter text, or if you choose a notification template, this field is populated with the text from the template.
    5. Channel. Select the communication channel you want to use to send the message: SMTP, SMS, or Agent Push
  4. Before you send the notification, if you are sending the message via SMS, and you do not have a Nexmo subscription or SMS gateway server configured in Device Manager, click the Detailed Device List button to check if the recipients you have selected can be contacted through the Notification mechanism.
  5. In the Detailed Device List dialog box, you can troubleshoot any of the devices that show red lights, which indicate channels of communication that are not currently working to send notifications. The red lights indicate the recipients who may not receive the notification unless you add a carrier SMS gateway and address to use for sending the notification. The green lights in the SMTP column indicate that the SMTP server is functioning and will send the notification via email.
  6. To manually enter an SMS carrier gateway and address, select the recipient and fill out the appropriate information.
  7. When you are finished adding the SMS information, click Close.
  8. Click Send to send the notification. Device Manager either delivers the message or queues it for sending. If the message is queued, the Sent Notification Log report indicates the results. Queuing occurs because either the system is busy (sending automated action notifications) or SMS sending has bandwidth restrictions. Only one SMS per second is supported.

To create a custom notification template in Device Manager

  1. Click Options.
  2. Click Notification Templates and then click New.
  3. In the Create a Notification Template dialog box, on the Settings tab, enter the following information for your template:
    • Name. Enter a name for the template that indicates its use and purpose. For example, if this is a warning message regarding banned apps, you could name it Banned App Notification.
    • Description. Enter a brief description of this notification's purpose.
    • Notification Type. Determines the Automated Action event type the template is used with.
    • Channel. Select the channels through which you want to send the notification. Agent Push is currently for iOS only.
  4. Click the SMTP tab and then enter the following information:
    • From. (Optional) Name used in the email From field. Only enter a value here if you do not want to use the default value from the Notification Server definition.
    • To. An email address, system macro, or list (delimited by semicolons). System macros are used when sending Automated Action notifications. The system macro ${user.email} is the default To field.
    • Subject. Enter a generic subject line for the message.
    • Message. Enter message text. If you want to use system macros in your custom notification template, open one of the predefined notification templates and borrow one of the commonly used macros, such as the macros used for users or devices.
  5. Click the SMS tab and then enter the following information:
    • To. A system macro or mobile number. There are two system macros for use in enrollment templates and non-enrollment templates. For enrollment templates, use ${user.mobile}. For non-enrollment templates, use ${firstnotnull(device.TEL_NUMBER,user.mobile)} .
    • Message. Enter a message text that the user will see when the message is received.
  6. Click the Agent tab and then enter the following information to be used for Agent Push notifications (iOS only):
    • To. Enter the following variable - ${device.TOKEN} - for the device's token ID, which is used to identify and communicate with the device via Agent Push notification.
    • Message. Enter a message text that the user will see when the message is received.
    • Sound File. Select a sound file to be played when the user receives the push notification on their device.
  7. When you are finished, click Create.

Using Notification Templates

You can use notification templates in Device Manager when you do the following:

  • Send enrollment invitations inviting users to enroll their devices.
  • Send ad hoc notifications notifying users that their devices are jailbroken or letting users know important IT information, without using a template.
  • Configure Automated Actions to send notifications, such as an automatic notification when a user's device has a blacklisted app or has moved beyond an organization-defined geo-fencing policy.

Device Manager comes with a set of predefined templates that reflect the capabilities of the Automated Actions feature. Each template reflects a distinct type of event that Device Manager automatically responds to for each and every device in the system.

You can modify a predefined notification template, but you cannot delete a predefined template. Citrix recommends that you do not edit or modify the macros (for example, ${user.mail}) used inside of predefined templates, or they may not work.

The following table describes the predefined notification templates that come with Device Manager:

Template name Description

Android Download Link

Provides a download link Web address for users who are enrolling their Android devices into Device Manager.

Enrollment

Provides a Web address to the Device Manager server that allows users to enroll their devices.

Enrollment URL

Provides a special enrollment Web address that allows users to enroll their devices securely, combined with other forms of authentication, depending on the chosen enrollment mode.

Enrollment PIN

Provides a one-time generated PIN that is used in PIN-based enrollment modes

iOS Download Link

Provides a download link Web address for users who are enrolling their iOS devices into Device Manager.

Jailbroken Device

Provides a message indicating that a specific device has been jailbroken.

Location Perimeter Breach

Provides a message informing a user that the device has gone outside of a predefined geo-fencing perimeter and thus could be blocked from corporate access.

Location Services Disabled

Provides a message informing a user that the device has had its location services turned off and thus could be blocked from corporate access.

Non-Compliant Blacklist/Whitelist

Provides a message informing a user that their device has an app installed that violates a corporate blacklist or whitelist policy.

Revoked Device

Provides a message informing a user that the device has been revoked and that any further connection from the device to Device Manager is prohibited. The device is barred from reenrollment unless it is reauthorized by an administrator.

Roaming Domestic

Provides notification when device is roaming domestically across carrier network, indicating both device and user name associated with the device.

Roaming International

Provides notification when device is roaming internationally across carrier network, indicating both device and user name associated with the device.

SMG Blocked

Provides a message stating that a specific user's device has been blocked because it has violated a specific compliance policy.

Unmanaged Device

Provides a message indicating that a specific user's device has become unmanaged (possible due to uninstallation of the agent or certificates) and must be reenrolled by a specific date or the device will no longer have access to corporate email.

System Macros in Device Manager Notification Templates

Notification templates in Device Manager use the following system macros when you use the Automated Actions feature for automated sending. Citrix recommends that you do not modify macros in templates or else the notifications may not work.

  • Notifications are sent to the correct SMTP recipient address. For example, ${user.mail}.
  • Enrollment invitation Web addresses use the proper syntax to ensure secure authentication. For example, ${enrollment.url}.
  • Enrollment PINs can be generated. For example., ${enrollment.pin}.
  • The correct Device Manager server host name is used. For example, http://${zdmserver.hostPath}/enroll.
  • The correct user device (ID, name, and so on) is used when sending notifications. For example, ${firstnotnull(device.TEL_NUMBER,device.serialNumber)}.
  • The cause of an automated notification is given to the user. For example, ${outofcompliance.reason(smg_block)}.