SOTI Surf

Use this dialog box to configure settings for the SOTI Surf app when:

The SOTI Surf app shuts down (according to the delay set in Delay Application Update) and relaunches each time you update and assign the SOTI Surf profile configuration.

Note: This profile configuration is not supported for AMAPI-enrolled devices.

General

Branding

Select the Configure button to open the Brand Settings pane, where you can define SOTI Surf branding options.


Enable Customized Branding	Turn this toggle on to display the branding options.
Primary Color	Select the primary background color for the SOTI Surf page, which appears when the app is loading.
Text Color	Select the text color for the SOTI Surf page, which appears when the app is loading.
Upload Logo	Browse for an image to serve as the app logo. You can also drag the image file and drop it into the field.
Use White Background	Turn this toggle on to display a white background on the splash screen.
Preview	This section enables you to preview the branding options you define. You can switch from a phone to a tablet image by selecting the corresponding icon on the section toolbar.

Home Screen

Add home screen catalog entries, a home screen website, or corporate bookmarks for the SOTI Surf app.

With website filtering enabled on the profile configuration, websites configured as the home screen or as part of the home screen catalog are automatically added to the "allow" list.

Note: If a device has more than one profile containing SOTI Surf, conflicts between the configured settings get resolved in the following manner:

If a device has more than one home screen website enabled, the profile assigned first supersedes all others.
If a device has more than one home screen catalog enabled, SOTI Surf adds all websites from all profiles to the catalog on the device.
If a device has a website and a catalog enabled, the home screen website supersedes the catalog.
If a device has a profile with the home screen enabled and another with it disabled, the profile with the enabled home screen supersedes the disabled setting.
Corporate bookmarks from more than one profile become "unioned."

Turn on the Enable Home Screen toggle to control how the home screen of the SOTI Surf app appears to device users. Next, choose one of the following options:

Catalog: provides a set of websites as links on the home screen of the app. You can group links into folders.
Website: The home screen of the app is a single website.

Table 1. Catalog
Websites	Add websites to appear as links on the SOTI Surf home page. Select New in the Websites table to add a new catalog entry. To delete a website, hover over its row and select Delete. Use the arrows to arrange the order websites appear on the SOTI Surf home screen.
Add Folders	Group websites into different folders. If you have a lot of websites, you can simplify the app home screen by placing website links into folders. Select New in the Add Folders table to create a new folder. On the Add Folders screen, enter a name for the folder and select New to add websites to the folder. Select OK once you've finished adding websites. You can add many folders and then arrange their order of appearance on the device screen.
Show Websites Before Folders in Catalog	Show website links before folders on the home screen of the app.

Table 2. Website
Home Screen URL	Enter the URL of the website that you want as the SOTI Surf home page.
Configure Corporate Bookmarks	Add websites as bookmarks to SOTI Surf. Select New in the Configured Corporate Bookmarks table to create a new row. Enter a display name and the website's URL. Listed websites appear as corporate bookmarks. To delete a bookmark, hover over its row and select Delete. Use the arrows to arrange the order websites appear on the SOTI Surf bookmarks menu.

Scripting

You can send JavaScript scripts to the SOTI Surf browser to customize the behavior of certain URL's web applications.

Select the Configure button to open the Scripting pane.


Enable Customized Scripting	When enabled, you can configure a Javascript script to send to SOTI Surf. Once received, SOTI Surf uses the Javascript script to customize the behaviour of specified URLs. Select to add and configure a new script. When you configure a new script, you need to do the following: For the URL field, enter a URL that receives customization/content of the JavaScript. Tip: You can enter URL, URL and ports, domains, and the `` wildcard. You can enter `.` to apply the JavaScript to all URLs accessed by SOTI Surf. Likewise, if you enter `.google.*`, all Google websites receive the script. Select the Manage Scripts dialog box to add/edit/delete a script. See Manage Scripts for details. From the dropdown menu beside Execute Script, choose a script to use. Preview the script to confirm its contents. Select OK to complete the script selection. Once you have at least one script selected, you can choose to enable/disable URL-script name associations as needed. Note: When a URL receives more than one script, the script contents do not replace another. Instead, each of the script's contents combine. When there are scripts with conflicting changes, the last in order (the most lowest URL-script name association row) script executes. Then select Save to complete the script assignment.

Settings

Important: If you want to prevent device users from reversing a setting in the SOTI Surf app, make sure to also enable the User Configurable toggle for the applicable setting.

Table 3. Accessibility
Auto Hide Top and Bottom Bar	When enabled, device users can not see or access the top and bottom bars of SOTI Surf.
Full Screen Mode	When enabled, SOTI Surf remains in full-screen mode.
Text Scaling	Enter a percentage value from 50 to 200 to set the text size in the app. Tip: On Android devices, you can also send a script to change the zoom level in the SOTI Surf app: `sendinfo net.soti.action.surf BROWSERZOOMLEVEL 400` where 400 is a percentage value.

Table 4. Advanced
Restore Tabs on Startup	When enabled, tabs from an earlier session are automatically loaded the next time you launch the SOTI Surf app.
Open Links in New Tab	When enabled, links open in a new tab instead of the current tab.
Open Files Automatically after Downloading	When enabled, files downloaded by the device user are automatically opened by the applicable app.
URL Suggestion	When enabled, SOTI Surf suggests websites as the device user types in the address bar.
Download Location	The device location where SOTI Surf saves files downloaded from the internet. This option only applies to files downloaded from sites that are not routed through ERG. Downloads from sites routed through ERG get saved in an application sandbox. The download location must be a location in the device's internal storage, for example, %sdcard% or a defined directory path. Directory paths can not begin or end with `/` or `\`. They also can not contain any of the following characters: ' " ` % \ + : * ? < > Note: To save downloads to the root level, leave the download location field blank. If a device has many profiles with conflicting download location settings, it uses settings from the profile created first.


Hide Reset Settings	When enabled, device users can not see or access the Reset Settings option in the SOTI Surf app.
Open Same Link in Same Tab	Enable the device user to open the same link in the same tab if the link is already open.
Set User Agent	Select the User Agent used by SOTI Surf to access web applications. Use this feature when your devices can not accurately render certain web page applications by SOTI Surf. You can choose from: Default: SOTI Surf's built in User Agent. Desktop: The desktop version of SOTI Surf's User Agent. Restriction: From the SOTI Surf on your device, you can not later disable the Desktop site when viewing websites. Chrome: SOTI Surf renders webpages identically to how Google Chrome would render them. Restriction: From the SOTI Surf on your device, you can not later enable the Desktop site when viewing websites. Custom: Enter a User Agent string to customize SOTI Surf on how to render a webpage. See What is my User Agent to see the User Agent string for your current web browser.

Table 5. Network Type
Browsing on Cellular	When enabled, the SOTI Surf app can use cellular networks.
Roaming	When enabled, the SOTI Surf app can use cellular networks while roaming.
WiFi	When enabled, the SOTI Surf app can use WiFi networks.

Table 6. Authentication
Enable Certificate Authentication	Option to map the certificate to a domain for automatic authentication in the SOTI Surf application.


Export Browsing History	Enable this option and then, in the File Location field, enter a folder location on the device's internal storage where you want to store SOTI Surf app's browser history. If a device has many profiles with conflicting file location settings, it uses settings from the profile created first.
Use Log In	When enabled, select from LDAP or IDP. LDAP: Device users must use their LDAP credentials to log into SOTI Surf. You must have intranet gateway settings configured to use this option. IDP: Add () a user group. You can Manage Services to set up a connection to SOTI Identity and can use its SSO authentication. After you have successfully connected to a SOTI Identity, you can then search for user groups to add. You can use other IDPs as this feature is available for SOTI Identity only. Specify the user inactivity time (in minutes), before the user gets logged out. Enter 0 to enable inactivity timeout for the browser. After the profile is successfully assigned to a device, the following scenarios could happen: LDAP: If a device gets assigned many SOTI Surf configurations with conflicting Enable LDAP Login settings, the configuration with LDAP enabled applies. If many configurations have LDAP enabled but with differing inactivity timeouts, the timeout period specified in the configuration applied first supersedes the later configurations. IDP: After a device sign in once, SOTI Surf receives access to all available web applications from SOTI Identity.
Delay Application Update	Specify the time (in minutes) between when a configuration change gets pushed to the device and when the app must shut down and apply the update. If this happens, device users must log in again. The device automatically relaunches after the update finishes. If a device gets assigned many SOTI Surf configurations with conflicting app shutdown times, the first configuration created applies.
Open New Tab in Background	When enabled, when a device user selects a link to open it in a new tab, the new tab always opens in the background. Note: If a device has many assigned profiles but has conflicting tab opening settings, the setting of the profile created first applies.
Allow Zoom Gestures	When enabled, device users can use gestures to zoom in and out in web pages.
Set Browser Zoom Level	Set the default magnification for all websites displayed in the SOTI Surf browser. You can set the zoom level to be between 50 and 500 percent. 100 percent is the standard zoom level.
Allow Media Auto-play	Disabling this feature prevents videos and audio clips from automatically starting playback. Muted videos are still autoplayed.
Hide Address Bar	Enabling this option hides the address bar in the SOTI Surf browser. This prevents device users from manually entering or editing website URLs, restricting user access to websites in the Home screen catalog.
Allow Pull to Refresh	Enabling this option lets the user refresh the web page using the pulldown gesture.
Auto-Refresh	Enabling this option refreshes the web page automatically according to the defined frequency.
Refresh Interval	Define the autorefresh interval for web pages.
Search Engine	Select a default search engine for SOTI Surf to run any searches from the address bar. If a device assigned to more than one profile has conflicting settings, the search engine from the first assigned profile applies.
Mixed Content	Select Always Allow to let both HTTP and HTTPS content load when displaying a web page. If you select Compatibility Mode, Android WebView enables some insecure content types while possibly blocking other types. If you assign more than one profile to a device, each having a different mixed content setting, SOTI Surf uses the profile with the earliest creation date. For example, profile A, created first, has a mixed content value of Never Allow. Profile B has the value configured as Compatibility Mode. The device follows Never Allow, as profile A is the earliest.
Allow Debugging	When enabled, users can debug web pages displayed in SOTI Surf. For more information on this process, see Debugging web sites and web apps in SOTI Surf on Android Devices. If you assign more than one profile to a device, each having a different allow debugging setting, SOTI Surf uses the profile with the earliest creation date. For example, profile A, created first, has allow debugging enabled. Profile B has allow debugging disabled. The device allow debugging as profile A is the earliest.
ProGlove Integration	Enable to integrate ProGlove wearable scanners with SOTI Surf. See Integrating ProGlove Scanners with SOTI Surf for more information.

Privacy

The privacy settings section for the SOTI Surf profile configuration enables you to dictate the browsing capabilities of your device users.

If you assign more than one profile with differing SOTI Surf configurations to the same device, the most restrictive version of the setting applies. In general, settings enabled in the Privacy section are more restrictive with some noted exceptions.


Allow Copy from Browser	When enabled, device users can copy content from within a browser - both to other web pages and to apps outside of the browser. Note: Enabling this option also enables Allow Screen Capture when Browsing and Allow Sharing of Downloaded Files. Both options can be enabled without also disabling Allow Copy from Browser.
Allow Screen Capture when Browsing	When enabled, device users can take screenshots of their device screen while SOTI Surf is the active app.
Allow Downloading of Files	When enabled, device users can download any files from within the SOTI Surf app. Note: Enabling this option also enables the Allow Sharing of Downloaded Files setting. However, you can deselect this option independently of Allow Downloading of Files.
Allow Sharing of Downloaded Files	When enabled, device users can share any files they have downloaded in SOTI Surf with another person or another app.
Restrict File Types	Enter file extensions for the file types that you want to block device users from downloading. Separate file extensions with a comma. For example: `.pdf`, `.docx`, `*.txt`.
Preview Files	When enabled, device users can preview files before downloading them.
Allow Printing	When enabled, device users can print any content from within the browser. Note: Allow Printing does not allow cloud printing on sites such as Gmail, where printing options are available.
Allow JavaScript	When disabled, JavaScript does not run on any web pages. Note: Device users may experience significant limitations when navigating the internet due to the prevalence of JavaScript.
Allow Popups	When disabled, SOTI Surf prevents websites from opening any popup windows. Websites permit the use of alerts or confirmation boxes but block other websites from calling new web pages.
Allow Cookies	When disabled, websites cannot store any cookies on SOTI Surf.
Clear Cookies on Launch	When enabled, when a browser relaunches, SOTI Surf clears cookies from the earlier browser session. Note: You can enable Clear Cookies on Launch independently of Allow Cookies.
Allow Third Party Cookies	When disabled, SOTI Surf blocks cookies from third-party domains (cookies from domains beyond the site the user is currently visiting).
Allow Website Cache	When disabled, the browser does not cache website data when the app closes or the user navigates away from a web page.
Allow Auto Fill	When disabled, web pages with forms or fillable fields no longer retain any previously entered information.
Allow Safe Search	When disabled, SOTI Surf turns off the safe search filter (that is normally active on SOTI Surf) to block inappropriate/explicit images and videos. Device users can access all web content - if it is not blocked by other web filtering settings. Allow Safe Search applies to search results only. Note: When checked, Allow Safe Search is more restrictive.
Allow Access to Websites with Invalid SSL Certificate	When disabled, device users cannot access websites with SSL security certificate errors.
Allow Invalid SSL Certificate Warnings	When disabled, warnings about invalid SSL certificates are not shown to device users. Warning: This may lead to data security issues. You cannot use this option if you turned off Allow Access to Websites with invalid SSL certificate.
Clear History on Launch	When enabled, SOTI Surf clears browsing history from earlier sessions when you launch the SOTI Surf app. Note: If a device has more than one profile with conflicting Clear History on Launch settings, the profile with the setting enabled takes precedence.
Allow Bookmarks	When disabled, device users cannot save webpages as new bookmarks or edit existing bookmarks in the SOTI Surf app. Note: If a device has more than one profile with conflicting Allow Bookmarks settings, the profile with the setting disabled takes precedence.
Open Files in Third Party Applications	When enabled, device users can open SOTI Surf-editor-unsupported files with third-party applications instead. Open Files in Third Party Applications is more restrictive when disabled. Devices with conflicting settings use the disabled setting and block the opening of files in third-party applications.

Filtering

Intranet Gateway Settings

Use this dialog box to set up an Enterprise Resource Gateway (ERG) for SOTI Surf. ERG routes your web traffic through a proxy server and grants device users access to your internal network. You must have ERG configured on a proxy server to use this feature. Once you have set up ERG, you can link your server to the SOTI Surf app through the SOTI Surf configuration.

Refer to Installing the SOTI Apps Server Extension for more information.

Note: You can assign more than one profile to the same device with different SOTI Surf configuration settings. If one profile has Use Intranet Gateway enabled and another profile that targets the same device does not, then only the enabled profile applies. Also, if you assign more than one proxy server to the same device through many profiles, the device does not use all proxy servers. The device uses the first assigned proxy server's settings and ignores all other proxy servers. However, if the profiles share the same proxy settings (IP address/FQDN {fully qualified domain name} and port number), then all the domains of each matching profile are applicable.

Turn on Enable Intranet Gateway Settings and enter your ERG proxy address as an IP address/FQDN and its port number in the Enterprise Resource Gateway fields.

To specify which domains you want to route through the ERG, select Add in the Add a Domain table to add a new row.

Restriction: You cannot specify domains in iOS profiles.

Select Import to upload a .csv or .txt file with a list of domains to SOTI MobiControl.

To delete a domain, hover over its row and select Delete.

Website Restrictions

You can block users from accessing websites based on specific URLs or by website content. You can create a blocklist, an allowlist, or block websites based on content type.

When you apply a blocklist, any site on the blocklist redirects the device user to the default URL of blocked websites or a blank page, depending on your settings.

An allowlist is more restrictive than a blocklist. The device user can only access the sites specified on the allowlist. When the device user accesses any non-allowlisted sites, SOTI Surf redirects the device user to the default URL or a blank page, depending on your settings. Redirect URLs are automatically allowlisted.

You can not apply both a blocklist and an allowlist within the same profile configuration. If a device receives a blocklist and an allowlist from two different profiles, the allowlist overrides the blocklist. If a device receives more than one blocklist or more than one allowlists from different profiles, then SOTI Surf combines all the websites (and the exceptions) from the profiles.

Turn on Enable Website Restrictions and select a type: Blocklist or Allowlist.

To specify which websites you want to filter, select Add in the Websites table to add a new row.

Tip: Select Import to upload a .csv or .txt file with a list of websites to SOTI MobiControl.

To delete an entry, hover over its row and select Delete.

In the Redirection URL for Blocked Websites/Categories, enter a website URL. When device users try to access an unauthorized website, they are automatically redirected to the entered URL.

Turn on Exclude websites from the filter and select Add in the Websites table to add a new website exception to your blocklist or allowlist.

Use the Website Categories to Block section to block websites based on their content. Select any categories you want to block SOTI Surf from accessing or use Select All to block all the content categories.

Choosing Select All severely limits the functionality of the SOTI Surf browser.

You can add an exception to web content categories by adding the website to the exception list of an Allowlist web filter.

Note: When you enable the Uncategorized setting, device users cannot access any website without an assigned website category.

Devices with blocked categories from many profiles receive all the categories from all applied profiles.

Kiosk Mode

Kiosk mode limits SOTI Surf functionality, reducing device users' access to websites and SOTI Surf app settings. This mode disables the address bar, and users can only navigate forward through hyperlinks and backward using the back button. The long-press context menu is also disabled.

If you assign more than one kiosk mode setting to a device, the most restrictive one applies.

Turn on Enable Kiosk Mode to start.


Hide App Bottom Bar	When enabled, device users cannot access the bottom bar of the SOTI Surf app. The bottom bar includes the forward and backward navigation buttons, plus the home and the app menu icons. Selecting this option causes the Hide App Menu and Clear Cookies with Home options to become automatically selected.
Hide App Menu	When enabled, device users cannot access the app menu.
Clear Cookies with Home	When enabled, whenever the device user navigates to the home screen, SOTI Surf clears browser cookies. Note: This option is redundant if you select Allow Cookies in the Configure Privacy Settings section.
Allow Multiple Tabs	When enabled, the device user can access more than one tab in kiosk mode.
Allow Keyboard	When disabled, device users cannot display the keyboard. For example, when they tap on a text field. Note: Device users can still use the keyboard to log in, after which it becomes disabled.