SOTI Surf

Use this dialog box to configure settings for the SOTI Surf app when:

The SOTI Surf app is shut down (according to the delay set in Delay Application Update) and relaunched each time the SOTI Surf profile configuration is updated and assigned.

Note: This profile configuration is not supported for AMAPI-enrolled devices.

General

Branding

Click the Configure button to open the Brand Settings pane, where you can define SOTI Surf branding options.

Enable Customized Branding When this toggle is turned on, the branding options are displayed for editing.
Primary Color Select the primary (background) color for the SOTI Surf page, which appears when the app is loading.
Text Color Select the text color for the SOTI Surf page, which appears when the app is loading.
Upload Logo Browse for an image to serve as the app logo. Alternatively, drag the image file and drop in into the field.
Use White Background When this toggle is turned on, white background is applied on the splash screen.
Preview This section enables you to preview the branding options you define. You can switch from a phone to a tablet image by clicking the corresponding icon on the section toolbar.

Home Screen

Add home screen catalog entries, a home screen website, or corporate bookmarks for the SOTI Surf app.

If website filtering is enabled on the profile configuration, websites configured as the home screen or as part of the home screen catalog are automatically whitelisted.

Note: If a device is assigned multiple profiles containing SOTI Surf, conflicts between the configured settings are resolved in the following manner:
  • If a device has multiple home screen websites enabled, the profile that was assigned first will supersede all others.
  • If a device has multiple home screen catalogs enabled, all websites from all profiles will be added to the catalog on the device.
  • If a device has a website and a catalog enabled, the home screen website will supersede the catalog.
  • If a device has a profile with the home screen enabled and another with it Allowd, the enabled home screen will supersede the Allowd setting.
  • Corporate bookmarks from multiple profiles will be unioned.

Turn on the Enable Home Screen toggle and you can control how the home screen of the SOTI Surf app appears to device users. Then choose either Catalog or Website.

Choose Catalog

  • Choose Catalog if you want to provide a set of websites (as links on the home screen of the app. You can group links into folders.
  • Choose Website if you want the home screen of the app to be a single website.
Table 1. Catalog
Websites Add websites and they'll appear as links on the SOTI Surf home page.

Click New in the Websites table to add a new catalog entry.

To delete a website, hover over its row and click Delete.

Use the arrows to arrange the order in which the websites appear in the SOTI Surf home screen.

Add Folders Group websites into different folders. If you have a lot of websites, you can simplify the app home screen by placing websites links into folders.

Click New in the Add Folders table to create a new folder. On the Add Folders screen, enter a name for the folder and click New to add websites to the folder. Click OK once you've finished adding websites.

You can add multiple folders and then arrange their order of appearance on the device screen.

Show websites before folders in catalog Turn on to show website links before folders on the home screen of the app.
Table 2. Website
Home screen URL Enter the URL for the website that you want as the SOTI Surf home page.
Configure Corporate Bookmarks Add websites as bookmarks to SOTI Surf. Click New in the Configured Corporate Bookmarks table to create a new row. Enter a display name and the website's URL. Listed websites are added as corporate bookmarks.

To delete a bookmark, hover over its row and click Delete.

Use the arrows to arrange the order in which the websites appear in the SOTI Surf bookmarks menu.

Settings

Important: If you want to prevent device users from reversing a setting in the SOTI Surf app, make sure to also Allow the User Configurable toggle for the applicable setting.
Table 3. Accessibility
Auto Hide Top and Bottom Bar When enabled, device users cannot see or access the top and bottom bars of SOTI Surf.
Full screen mode When enabled, SOTI Surf remains in full screen mode.
Text Scaling Enter a percentage value from 50 - 200 to set the text size in the app.
Tip: On Android devices, you can also send a script to change the zoom level in the SOTI Surf app: sendinfo net.soti.action.surf BROWSERZOOMLEVEL 400 where 400 is a percentage value.
Table 4. Advanced
Restore tabs on startup When enabled, tabs from a previous session are automatically loaded the next time the SOTI Surf app is launched.
Open links in new tab When enabled, links are opened in a new tab instead of the current tab.
Open Files Automatically after Downloading When enabled, files downloaded by the device user are automatically opened in the applicable app.
URL suggestion When enabled, SOTI Surf suggests websites as the device user types in the address bar.
Download Location The location on the device where SOTI Surf saves files downloaded from the internet. This option only applies to files downloaded from sites that are not routed through ERG. Downloads from sites routed through ERG are saved in an application sandbox.

The download location must be a location in the device's internal storage, for example, %sdcard% or a defined directory path. Directory paths cannot begin or end with / or \. They also cannot contain any of the following characters: ' " ` % \ + : * ? < >

Note: To save downloads to the root level, leave the download location field blank.

If a device has multiple profiles with conflicting download location settings, settings from the profile that was created first will be used.

Hide Reset Settings When enabled, device users cannot see or access the Reset Settings option in the SOTI Surf app.
Open Same Link in Same Tab Enable the device user to open the same link in same tab if the link is already open
Table 5. Network Type
Browsing on Cellular When enabled, the SOTI Surf app can use cellular networks.
Roaming When enabled, the SOTI Surf app can use cellular networks while roaming.
WiFi When enabled, the SOTI Surf app can use WiFi networks.
Table 6. Authentication
Enable Certificate Authentication Option to map certificate to a domain for automatic authentication in the SOTI Surf application.
Export browsing history Enable this option and then, in the File Location field, enter a location on the device's internal storage where you want to store browser history from the SOTI Surf app.

If a device has multiple profiles with conflicting file location settings, settings from the profile that was created first will be used.

Use LDAP Login When enabled, devices users must use their LDAP credentials to log into SOTI Surf. You must have intranet gateway settings configured to use this option.

Specify the user inactivity time (in minutes), after which the user will be logged out. Enter 0 to Allow inactivity timeout for the browser.

If a device has been assigned multiple SOTI Surf configurations with conflicting Enable LDAP Login settings, the configuration with LDAP enabled applies. If multiple SOTI Surf configurations have LDAP enabled but with differing inactivity timeouts, the timeout period specified in the configuration that was applied first supersedes the subsequent configurations.

Delay Application Update Specify the time (in minutes) between when a configuration change is pushed to the device and when the app is forced to shut down and apply the update, requiring device users to log in again. Devices will automatically relaunch once the update has been applied.

If a device has been assigned multiple SOTI Surf configurations with conflicting app shutdown times, the configuration that was created first applies.

Open New Tab in Background When enabled, when a device user clicks a link to open it in a new tab, the new tab will always open in the background.
Note: If multiple profiles are assigned to a device but have conflicting tab opening settings, the setting of the profile that was created first will apply.
Allow Zoom Gestures When enabled, devices users cannot use gestures to zoom in and out in web pages.
Set Browser Zoom Level Set the default magnification for all websites displayed in the SOTI Surf browser. The zoom level can be set from 50% to 500%. 100% is the standard zoom level.
Allow Media Auto-play When enabled, videos and audio clips are prevented from automatically starting playback. Muted videos, however, are still auto played.
Hide Address Bar When enabled, the address bar in the SOTI Surf browser is hidden, preventing device users from manually entering or editing website URLs, thus restricting user access to websites in the Home screen catalog.
Allow Pull to Refresh When the toggle is turned on, refreshing web page by the pull-down gesture is Allowd.
Auto-Refresh When the toggle is turned on, the web page is refreshed automatically with the defined frequency.
Refresh Interval Define the auto-refresh interval for web pages.
Search Engine Select a default search engine for SOTI Surf. Any searches initiated from the address bar are run through the specified search engine.

If a device has been assigned multiple profiles that have conflicting settings, the search engine from the profile that was assigned first will apply.

Mixed Content Select Always Allow to permit both HTTP and HTTPS content to load when displaying a web page. If you select Compatibility Mode, Android WebView allows some insecure content types while other types might be blocked.

If you assign more than one profile to a device, each having a different Mixed Content setting, the profile created first (based on the first Creation Date rule) will be considered to resolve the conflict. For example, profile A, created first, has a Mixed Content value of Never Allow. Profile B has the value configured as Compatibility Mode. The device will follow Never Allow, as this profile was created first.

Allow Debugging When enabled, users are allowed to debug web pages displayed in SOTI Surf. For more information on this process, see Debugging web sites and web apps in SOTI Surf on Android Devices.

If you assign more than one profile to a device, each having a different Allow Debugging setting, the profile created first (based on the first Creation Date rule) will be considered to resolve the conflict. For example, profile A, created first, has Allow Debugging enabled. Profile B has Allow Debugging disabled. The device will allow debugging as that profile was created first.

ProGlove Integration When enabled, allows the integration of ProGlove wearable scanners with SOTI Surf. See Integrating ProGlove Scanners with SOTI Surf for more information.

Privacy

The privacy settings section for the SOTI Surf profile configuration allows you to dictate the browsing capabilities of your device users.

If you assign multiple profiles with differing SOTI Surf configurations to the same device, the most restrictive version of the setting applies. In general, settings in the Privacy section are more restrictive when they are enabled. Exceptions are noted.

Allow Copy from Browser When enabled, devices users cannot copy content from within browser - both to other web pages and to apps outside of the browser.
Note: Enabling this option also enables Allow Screen Capture when Browsing and Allow Sharing of Downloaded Files. Both options can be subsequently Allowd without also disabling Allow Copy from Browser.
Allow Screen Capture when Browsing When enabled, device users cannot take screenshots of their device screen while SOTI Surf is the active app.
Allow Downloading of Files When enabled, device users cannot download any files from within the SOTI Surf app.
Note: Enabling this option also enables the Allow Sharing of Downloaded Files setting though it can be deselected independently of Allow Downloading of Files.
Allow Sharing of Downloaded Files When enabled, device users cannot share any files they have downloaded in SOTI Surf with another person or another app.
Restrict File Types Enter file extensions for the files types that you want to block device users from downloading. Separate file extensions with a comma.

For example: *.pdf, *.docx, *.txt.

Preview Files When enabled, device users can preview files before downloading them.
Allow Printing When enabled, devices users cannot print any content from within the browser.
Note: Allow Printing does not Allow Cloud Printing on sites such Gmail, where printing options are available.
Allow JavaScript When enabled, JavaScript does not run on any web pages.
Note: Device users may experience significant limitations when navigating the internet due to the prevalence of JavaScript.
Allow Popups When enabled, SOTI Surf prevents websites from opening any popup windows. Websites that use alerts or confirmation boxes are allowed but any websites that call new web pages are blocked.
Allow Cookies When enabled, websites cannot store any cookies on SOTI Surf.
Clear Cookies on Launch When enabled, cookies from previous browser sessions will be cleared when the browser is relaunched.
Note: Clear Cookies on Launch can be enabled independently of Allow Cookies.
Allow Third Party Cookies When enabled, cookies from third-party domains (that is, domains beyond the site the user is currently visiting) are blocked on SOTI Surf.
Allow Website Cache When enabled, the browser does not cache website data when the app closes or the user navigates away from a web page.
Allow Auto Fill When enabled, web pages with forms or fillable fields do not remember any previously entered information.
Allow Safe Search When enabled, the safe search filter (that is normally active on SOTI Surf) to block inappropriate or explicit images and videos is turned off. Device users can access all web content - if it is not blocked by other web filtering settings. Allow safe search applies to search results only.
Note: Allow Safe Search is more restrictive when it is unchecked.
Allow Access to Websites with invalid SSL certificate When enabled, device users cannot access websites with SSL security certificate errors.
Allow Invalid SSL Certificate Warnings When enabled, warnings about invalid SSL certificates are not shown to device users.
Note: This may lead to data security issues.

You cannot use this option if Allow Access to Websites with invalid SSL certificate is turned on.

Clear History on Launch When enabled, when the SOTI Surf app is launched, the browsing history from previous sessions is cleared.
Note: If multiple profiles are assigned to a device but have conflicting clear history on launch settings, the profile with the setting enabled will apply.
Allow Bookmarks When enabled, device users cannot save webpages as new bookmarks or edit existing bookmarks in the SOTI Surf app.
Note: If multiple profiles are assigned to a device but have conflicting Allow bookmarks settings, the profile with the setting enabled will apply.
Open Files in Third Party Applications When enabled, devices users can open files that are unsupported by the SOTI Surf editor in third party applications instead. Open Files in Third Party Applications is more restrictive when Allowd; devices with conflicting settings will use the Allowd setting and block the opening of files in third party applications.

Filtering

Intranet Gateway Settings

Use this dialog box to set up an Enterprise Resource Gateway (ERG) for SOTI Surf. ERG routes your web traffic through a proxy server and grants your device users access to your internal network. You must have ERG configured on a proxy server to use this feature. Once ERG is set up, you can link your server to the SOTI Surf app through the SOTI Surf configuration.

Refer to Installing the SOTI Apps Server Extension for more information.

Note: It is possible to assign multiple profiles to the same device with different SOTI Surf configuration settings. If one profile has Use Intranet Gateway enabled and another profile that targets the same device, does not, then only the enabled profile applies. Also, if you assign multiple proxy servers to the same device through multiple profiles, the device will only use the settings of the first assigned proxy and ignore all subsequent proxy servers. However, if the multiple profiles contain the same proxy settings (as in the same IP address or FQDN and the same port number) then all the domains of each matching profile will be applicable.

Turn on Enable Intranet Gateway Settings and enter the address of the proxy of your ERG as an IP address or as a fully qualified domain name (FQDN) and its port number in the Enterprise Resource Gateway fields.

To specify which domains you want to route through the ERG, click Add in the Add a Domain table to add a new row.

Note: Domains cannot be specified in iOS profiles.

Click Import to upload a .csv or .txt file with a list of domains to SOTI MobiControl.

To delete a domain, hover over its row and click Delete.

Website Restrictions

You can block users from accessing websites based on specific URLs or by website content. You can create a blacklist, a whitelist, or block websites based on content type.

When a blacklist is applied, any sites on the blacklist will redirect the device user to the default URL for blocked websites or a blank page, depending on your settings.

A whitelist is more restrictive than a blacklist. The device user can only access the sites specified on the whitelist. Any attempt by the device user to access non-whitelisted sites redirects the device user to the default URL or a blank page, depending on your settings. Redirect URLs are automatically whitelisted.

You cannot apply both a blacklist and a whitelist within the same profile configuration. If a device receives a blacklist and a whitelist from two different profiles, the whitelist overrides the blacklist. If a device receives multiple blacklists or multiple whitelists from different profiles, then the websites (and the exceptions) from all profiles are unioned.

Turn on Enable Website Restrictions and select a type: Blacklist or Whitelist.

To specify which websites you want to filter, click Add in the Websites table to add a new row.

Tip: Click Import to upload a .csv or .txt file with a list of websites to SOTI MobiControl.

To delete an entry, hover over its row and click Delete.

In the Redirection URL for Blocked Websites/Categories, enter the website device users are taken to when they try to access an unauthorized website.

Turn on Exclude websites from the filter and click Add in the Websites table to add a new website exception to your blacklist or whitelist.

Use the Website Categories to Block section to block websites based on their content. Select any categories you want to block SOTI Surf from accessing or use Select All to block all the content categories.

Choosing Select All severely limits the functionality of the SOTI Surf browser.

You can add an exception to web content categories by adding the website to the exception list of a Blacklist web filter.

Note: When the Uncategorized setting is enabled, device users cannot access any website that does not have a website category assigned.

Devices with blocked categories from multiple profiles will have all categories from all profiles applied.

Kiosk Mode

Kiosk mode limits SOTI Surf functionality, reducing device users' access to websites and SOTI Surf app settings. The address bar is Allowd, and users can only navigate forward through hyperlinks and backwards using the back button. The long-press context menu is also Allowd.

If a device is assigned multiple kiosk mode settings, the most restrictive one will apply.

Turn on Enable Kiosk Mode to start.

Hide App Bottom Bar When enabled, device users cannot access the bottom bar of the SOTI Surf app, which includes the forward and backward navigation buttons, as well as the home and the app menu icons.

Selecting this option causes the Hide App Menu and Clear Cookies with Home options to become automatically selected.

Hide App Menu When enabled, device users cannot access the app menu.
Clear Cookies with Home When enabled, browser cookies are cleared whenever the device user navigates to the home screen.
Note: This option is redundant if Allow Cookies is selected in the Configure Privacy Settings section.
Allow Multiple Tabs

When enabled, allows the device user to use multiple tabs in kiosk mode.

Allow Keyboard When enabled, device users cannot display the keyboard, for example when they tap on a text field.
Note: Device users can use the keyboard to log in, after which it becomes Allowd.