Mist Marvis Agent Onboarding

Prerequisites

Network policy configuration

Be sure to configure network firewall settings to allow agent connection to these destinations:

If your Mist data/organization resides in AWS cloud (default)

• wss://client-terminator.mistsys.net:443/ws, or protocol WSS (websocket) port 443 for domain/path
• https://api.mist.com, or HTTPS protocol port 443 for domain

If your Mist data/organization resides in GCP cloud

• wss://client-terminator.gc1.mist.com/ws, or protocol WSS (websocket) port 443 for domain/path
• https://api.gc1.mist.com/, or HTTPS protocol port 443 for domain

Getting QR code / secret value to onboard agent

Refer to https://www.mist.com/documentation/mist-sdk-faq/ for additional details to the SDK secret/token and QR code.

1 – On Mist Dashboard , navigate to Organization > Mobile SDK

2 – Click create invitation & give it a name, if not using an existing one, otherwise, select an existing one to use.

• If sideloading agent installation (developer/debugging mode use), click view link on invitation to see the QR code and keep this open for subsequent steps, or otherwise save/screenshot QR code as image for later use.

• If MDM deployment of agent, copy down the secret value of desired invitation

Sideloading

These steps are for internal/developer/debugging use/testing. Not meant for official customer deployments. These steps also involve manual intervention at each device being onboarded with the agent.

These steps are also a last resort option & last step for MDM deployments where the MDM vendor/solution does not support executing Android intents to programmatically inject the QR code / secret information to the agent upon installation.

• Install/sideload APK to device (via ADB, MDM, or file manager browsing local device storage or SD card containing the transferred APK)

• Open Marvis client/agent application on device

• Tap the Marvis icon about 7-8 times to bring up a special debug menu

Onboard agent with the QR code / secret value

• QR code route: tap the Scan Organization icon to bring up the camera for scanning QR code. Allow camera permission when prompted. Once QR code scanned, the matching secret value will be inserted to the secret text field and applied to the agent automatically. A brief popup message will appear indicating the application of the secret.

• Secret value route: paste or type in the secret value to the text field where the secret value resides. It defaults to empty. After filling in the value, tap START MARVIS (grey) button to apply the changes. A brief popup message will appear indicating the application of the secret.

At this point, the Marvis agent is considered onboarded successfully.

You can additionally confirm the secret value took effect by closing and/or killing the running agent in the OS and then launching it again, going through the debug menu (7-8 taps on icon), to verify the secret value is still stored in the text field and not empty. An empty secret value field will indicate the data did not persist (as is the case on some MDM deployments that wipe out application data upon user logout, etc.). If the data is not persisted, you will have to go through the steps to apply the secret value again, or configure the application deployment to not wipe out the application data.

If there is issue with not getting data on the Mist UI dashboard after onboarding the agent and waiting at least 10-15 minutes for data to propagate to the Mist cloud, that indicates a problem in the agent workflow of collecting data and sending it to the Mist cloud, and would preferably require a live debug session with Mist support and/or collecting the agent logs to send to Mist support. Agent logs can be collected using logcat or ADB, contact Mist support for details.

For debugging with Mist support, please send to Mist support the agent UUID that is also displayed on the agent debug mode screen. Copy/paste the value or take a screenshot. The UUID is used to track the flow of data from agent to Mist cloud, if it ever makes it to the cloud.

MDM deployment

For any issues after MDM deployment with regards to agent onboarding, refer to the ending step of sideload instructions. Basically, if agent is onboarded successfully, any issues that come up is a different problem to contact Mist support about.

SOTI

We do not cover the overall generic Android app deployment process with SOTI, only covering the customization of Android apps information needed to complete agent deployment.

Customizing APK package deployment with Intent action to set Mist SDK secret token

This is a prerequisite if we wish to deploy the client with SDK secret token preconfigured and auto-launched upon installation. Otherwise, can skip this step if just deploying client, and separately launching it and configuring secret token.

Once you deploy the customized application package with SOTI, the agent will be fully preconfigured & onboarded for operation.

Prerequisites:

• Download SOTI’s MobiControl Package Studio (McStudio.exe)
• Windows computer or virtual machine, Package Studio only runs on Windows

General steps:

1. Open or create new (package) Project
2. Add APK
3. Add Script
   1. Script Engine > Legacy
   2. Script Type > Post-Install
   3. Browse for script file
4. Build Package

More detailed steps:

Create new package project with the following settings:

• Processor > All (unless need to target specific CPU/device types)
• Platform > Android
• OS version > 5 to 13 (unless restricting deployment to specific IT/business approved versions)
• Version String > set to same versioning as APK version
• Vendor > Mist Systems, Inc.
• Optional space requirements specification (i.e. fail to install if requirements no met)

Post-Install script content (saved as a file to select/import in Package Studio)

sendintent -a "intent:#Intent; action=android.intent.action.MAIN;component=com.mist.marvisclient/.MainActivity;S.MOBILE_SDK_SECRET=TheSecretValueHere;end;"

AirWatch / VMWare Workspace ONE

Note that for AirWatch, we have only assisted a customer to verify that the method works, but exact steps are for you to figure out as Mist has not had the opportunity to fully test/validate in-house.

We do not cover the overall generic Android app deployment process with AirWatch, only covering the specific steps needed to complete agent deployment.

Intent command to run/execute with AirWatch

mode=explicit,broadcast=false,action=android.intent.action.MAIN,package=com.mist.marvisclient,class=com.mist.marvisclient.MainActivity,extraString=MOBILE_SDK_SECRET=TheSecretValueHere

Deploy intent command following these as references:

• If after Marvis client is already deployed on device, try Configuring Automatic Launch for Android Mobile Devices
• For new deployments of our APK installer to devices, try RunIntent Action, File-Action Android

Other MDMs

You are on your own here if the MDM used is not listed above as Mist has not tested interoperability with the given MDM.

In general the agent deployment process should be straightforward with the MDM. The big question is whether the MDM offers a way to execute Android intents, and if not, you would have to follow through the sideloading steps manually regarding QR code and secret value for each deployed agent device to complete the onboarding.

In terms of executing Android intents, besides the examples for SOTI and AirWatch, here is another example for ADB based (developer/debug) deployment, that can be used to adapt to your MDM of choice:

adb shell am start -n "com.mist.marvisclient/com.mist.marvisclient.MainActivity" -a android.intent.action.MAIN -c android.intent.category.LAUNCHER --es "MOBILE_SDK_SECRET" "TheSecretValueHere" -t "text/plain"