Setup for iPads
Background
iPad use in schools is notably higher for lower grade levels. Their intuitive design and touchscreen make them a great candidate for combining technology and education in the classroom. The one thing that remains a sticking point is authentication. It’s difficult if not impossible, for an entire classroom of kindergartners to log in in order to get internet connectivity through the school’s web filter. The only workarounds we’ve seen in the field are either assigning an IP-based policy that would reduce logging visibility (and not work off-site) or having the teacher and teacher’s aide log the students into the iPads each morning. In an effort to combat this issue, Securly developed “User-Injection” for SmartPac. User-Injection allows the school’s IT admin to add a URL parameter to the SmartPac via MDM (iPads) or GPO (Windows) which will automatically authenticate the student and allow them access to the Internet without losing attribution for the student’s browsing activity.
Note that you will need to contact the Securly support team at support@securly.com to enable this feature for you.
Prerequisites
- Confirm if MDM supports variable payloads with iPad configuration profile. The variable will be used for SmartPac to inject the username. For example, Securly MDM uses the “$email” variable to pass the email address. (See the list of variables for other MDMs below.)
- Make sure the MDM has an email address associated with each user.
Generic Examples Using Securly MDM Payload Variable:
Format: SMART PAC URL + &user= + MDM variable (in lower case)
Example:
https://www.securly.com/smart.pac?fid=admin@securlyqa1.com&user=$email
To break it down:
Smart PAC URL: https://www.securly.com/smart.pac?fid=admin@securlyqa1.com
Constant variable used by Securly: &user=
MDM Variable: $email (lower case)
On your iPad, the PAC URL will display the actual user's email of the user assigned to the iPad.
Setup for Windows
For Windows, we can pass the logon user. This is great for shared Windows Labs to filter and report each student's activity when they are logged in.
Windows - %USERNAME%@schooldomain.com
https://www.securly.com/smart.pac?fid=securly@schooldomain.tld&user=%USERNAME%@schooldomain.com
Note: If you are on Windows build 1903, you will need to set the PAC URL to HTTP, not HTTPS. You can refer to this forum to read more. It is speculated Windows may revert to this change and once again support PAC URLs over HTTPS. If they do, we will update this article.
Setup for shared accounts
In addition to using a variable for user injection, a shared account can be used in the SmartPac URL. Shared accounts must exist in Google Workspace or AD/Azure to auto-authenticate with Securly. Using a shared account can be done if the MDM solution does not support using payload variables.
Example:
Shared Account = https://www.securly.com/smart.pac?fid=securly@schooldomain.com&user=sharedaccount@schooldomain.com
Additional Info
We have a running list of variable payloads with iPad configuration profiles:
Securly MDM: $email (lower case)
Jamf: $EMAIL
Meraki: $OWNEREMAIL
Jamf School (formerly ZuluDesk): %Email%
Lightspeed: %email%
Filewave %email%
Mosyle - %Email%
Airwatch MDM - {EmailAddress}
Other- Try %email%
Windows - %USERNAME%@<schooldomain.com> (Ex: %USERNAME%@k12publicschools.org)
Supporting links:
https://docs.jamf.com/jamf-school/deploy-guide-docs/Payload_Variables.html
https://docs.jamf.com/9.9/casper-suite/administrator-guide/iOS_Configuration_Profiles.html
https://support.zuludesk.com/hc/en-us/articles/115002302573-Payload-Variables
https://kb.filewave.com/display/KB/Parameterized+Profile
https://help.apple.com/profilemanager/mac/5.4/#/apd073333AA-30C6-4FD2-B2E0-E0C95658A2C4
Comments
Article is closed for comments.