SOTI Surf

Use this dialog box to configure settings for the SOTI Surf app when:

The SOTI Surf app shuts down (according to the delay set in Delay Application Update) and relaunches each time you update and assign the SOTI Surf profile configuration.

Note: This profile configuration is not supported for AMAPI-enrolled devices.

Branding

Select the Configure button to open the Brand Settings pane, where you can define SOTI Surf branding options.


Enable Customized Branding	Turn this toggle on to display the branding options.
Primary Color	Select the primary background color for the SOTI Surf page, which appears when the app is loading.
Text Color	Select the text color for the SOTI Surf page, which appears when the app is loading.
Upload Logo	Browse for an image to serve as the app logo. You can also drag the image file and drop it into the field.
Use White Background	Turn this toggle on to display a white background on the splash screen.
Preview	This section enables you to preview the branding options you define. You can switch from a phone to a tablet image by selecting the corresponding icon on the section toolbar.

Home Screen

Add home screen catalog entries, a home screen website, or corporate bookmarks for the SOTI Surf app.

With website filtering enabled on the profile configuration, websites configured as the home screen or as part of the home screen catalog are automatically added to the "allow" list.

Note: If a device has more than one profile containing SOTI Surf, conflicts between the configured settings get resolved in the following manner:

If a device has more than one home screen website enabled, the profile assigned first supersedes all others.
If a device has more than one home screen catalog enabled, SOTI Surf adds all websites from all profiles to the catalog on the device.
If a device has a website and a catalog enabled, the home screen website supersedes the catalog.
If a device has a profile with the home screen enabled and another with it disabled, the profile with the enabled home screen supersedes the disabled setting.
Corporate bookmarks from more than one profile become "unioned."

Turn on the Enable Home Screen toggle to control how the home screen of the SOTI Surf app appears to device users. Next, choose one of the following options:

Catalog: provides a set of websites as links on the home screen of the app. You can group links into folders.
Website: The home screen of the app is a single website.

Table 1. Catalog
Websites	Add websites to appear as links on the SOTI Surf home page. Select New in the Websites table to add a new catalog entry. To delete a website, hover over its row and select Delete. Use the arrows to arrange the order websites appear on the SOTI Surf home screen.
Add Folders	Group websites into different folders. If you have a lot of websites, you can simplify the app home screen by placing website links into folders. Select New in the Add Folders table to create a new folder. On the Add Folders screen, enter a name for the folder and select New to add websites to the folder. Select OK once you've finished adding websites. You can add many folders and then arrange their order of appearance on the device screen.
Show Websites Before Folders in Catalog	Show website links before folders on the home screen of the app.

Table 2. Website
Home Screen URL	Enter the URL of the website that you want as the SOTI Surf home page.
Configure Corporate Bookmarks	Add websites as bookmarks to SOTI Surf. Select New in the Configured Corporate Bookmarks table to create a new row. Enter a display name and the website's URL. Listed websites appear as corporate bookmarks. To delete a bookmark, hover over its row and select Delete. Use the arrows to arrange the order websites appear on the SOTI Surf bookmarks menu.

Settings

Important: If you want to prevent device users from reversing a setting in the SOTI Surf app, make sure to also enable the User Configurable toggle for the applicable setting.


Auto Hide Top and Bottom Bar	When enabled, device users can not see or access the top and bottom bars of SOTI Surf.
Full Screen Mode	When enabled, SOTI Surf remains in full-screen mode.


Restore Tabs on Startup	When enabled, tabs from an earlier session are automatically loaded the next time you launch the SOTI Surf app.
Open Links in New Tab	When enabled, links open in a new tab instead of the current tab.
URL Suggestion	When enabled, SOTI Surf suggests websites as the device user types in the address bar.


Hide Reset Settings	When enabled, device users can not see or access the Reset Settings option in the SOTI Surf app.
Open Same Link in Same Tab	Enable the device user to open the same link in the same tab if the link is already open.
Set User Agent	Select the User Agent used by SOTI Surf to access web applications. Use this feature when your devices can not accurately render certain web page applications by SOTI Surf. You can choose from: Default: SOTI Surf's built in User Agent. Desktop: The desktop version of SOTI Surf's User Agent. Restriction: From the SOTI Surf on your device, you can not later disable the Desktop site when viewing websites. Chrome: SOTI Surf renders webpages identically to how Google Chrome would render them. Restriction: From the SOTI Surf on your device, you can not later enable the Desktop site when viewing websites. Custom: Enter a User Agent string to customize SOTI Surf on how to render a webpage. See What is my User Agent to see the User Agent string for your current web browser.

Table 3. Authentication
Enable Certificate Authentication	Option to map the certificate to a domain for automatic authentication in the SOTI Surf application.


Browsing on Cellular	When enabled, the SOTI Surf app can use cellular networks.
WiFi	When enabled, the SOTI Surf app can use WiFi networks.


Use Log In	When enabled, select from LDAP or IDP. LDAP: Device users must use their LDAP credentials to log into SOTI Surf. You must have intranet gateway settings configured to use this option. IDP: Add () a user group. You can Manage Services to set up a connection to SOTI Identity and can use its SSO authentication. After you have successfully connected to a SOTI Identity, you can then search for user groups to add. You can use other IDPs as this feature is available for SOTI Identity only. Specify the user inactivity time (in minutes), before the user gets logged out. Enter 0 to enable inactivity timeout for the browser. After the profile is successfully assigned to a device, the following scenarios could happen: LDAP: If a device gets assigned many SOTI Surf configurations with conflicting Enable LDAP Login settings, the configuration with LDAP enabled applies. If many configurations have LDAP enabled but with differing inactivity timeouts, the timeout period specified in the configuration applied first supersedes the later configurations. IDP: After a device sign in once, SOTI Surf receives access to all available web applications from SOTI Identity.
Delay Application Update	Specify the time (in minutes) between when a configuration change gets pushed to the device and when the app must shut down and apply the update. If this happens, device users must log in again. The device automatically relaunches after the update finishes. If a device gets assigned many SOTI Surf configurations with conflicting app shutdown times, the first configuration created applies.
Open New Tab in Background	When enabled, when a device user selects a link to open it in a new tab, the new tab always opens in the background. Note: If a device has many assigned profiles but has conflicting tab opening settings, the setting of the profile created first applies.
Allow Zoom Gestures	When enabled, device users can use gestures to zoom in and out in web pages.
Allow Media Auto-play	Disabling this feature prevents videos and audio clips from automatically starting playback. Muted videos are still autoplayed.
Hide Address Bar	Enabling this option hides the address bar in the SOTI Surf browser. This prevents device users from manually entering or editing website URLs, restricting user access to websites in the Home screen catalog.
Allow Pull to Refresh	Enabling this option lets the user refresh the web page using the pulldown gesture.
Auto-Refresh	Enabling this option refreshes the web page automatically according to the defined frequency.
Refresh Interval	Define the autorefresh interval for web pages.
Search Engine	Select a default search engine for SOTI Surf to run any searches from the address bar. If a device assigned to more than one profile has conflicting settings, the search engine from the first assigned profile applies.

Privacy

The privacy settings section for the SOTI Surf profile configuration enables you to dictate the browsing capabilities of your device users.

If you assign more than one profile with differing SOTI Surf configurations to the same device, the most restrictive version of the setting applies. In general, settings enabled in the Privacy section are more restrictive with some noted exceptions.


Allow Copy from Browser	When enabled, device users can copy content from within a browser - both to other web pages and to apps outside of the browser. Note: Enabling this option also enables Allow Screen Capture when Browsing and Allow Sharing of Downloaded Files. Both options can be enabled without also disabling Allow Copy from Browser.
Allow Downloading of Files	When enabled, device users can download any files from within the SOTI Surf app. Note: Enabling this option also enables the Allow Sharing of Downloaded Files setting. However, you can deselect this option independently of Allow Downloading of Files.
Allow Sharing of Downloaded Files	When enabled, device users can share any files they have downloaded in SOTI Surf with another person or another app.
Restrict File Types	Enter file extensions for the file types that you want to block device users from downloading. Separate file extensions with a comma. For example: `.pdf`, `.docx`, `*.txt`.
Allow Printing	When enabled, device users can print any content from within the browser. Note: Allow Printing does not allow cloud printing on sites such as Gmail, where printing options are available.
Allow JavaScript	When disabled, JavaScript does not run on any web pages. Note: Device users may experience significant limitations when navigating the internet due to the prevalence of JavaScript.
Allow Popups	When disabled, SOTI Surf prevents websites from opening any popup windows. Websites permit the use of alerts or confirmation boxes but block other websites from calling new web pages.
Allow Cookies	When disabled, websites cannot store any cookies on SOTI Surf.
Clear Cookies on Launch	When enabled, when a browser relaunches, SOTI Surf clears cookies from the earlier browser session. Note: You can enable Clear Cookies on Launch independently of Allow Cookies.
Allow Website Cache	When disabled, the browser does not cache website data when the app closes or the user navigates away from a web page.
Allow Safe Search	When disabled, SOTI Surf turns off the safe search filter (that is normally active on SOTI Surf) to block inappropriate/explicit images and videos. Device users can access all web content - if it is not blocked by other web filtering settings. Allow Safe Search applies to search results only. Note: When checked, Allow Safe Search is more restrictive.
Allow Access to Websites with Invalid SSL Certificate	When disabled, device users cannot access websites with SSL security certificate errors.
Allow Invalid SSL Certificate Warnings	When disabled, warnings about invalid SSL certificates are not shown to device users. Warning: This may lead to data security issues. You cannot use this option if you turned off Allow Access to Websites with invalid SSL certificate.
Clear History on Launch	When enabled, SOTI Surf clears browsing history from earlier sessions when you launch the SOTI Surf app. Note: If a device has more than one profile with conflicting Clear History on Launch settings, the profile with the setting enabled takes precedence.
Allow Bookmarks	When disabled, device users cannot save webpages as new bookmarks or edit existing bookmarks in the SOTI Surf app. Note: If a device has more than one profile with conflicting Allow Bookmarks settings, the profile with the setting disabled takes precedence.
Open Files in Third Party Applications	When enabled, device users can open SOTI Surf-editor-unsupported files with third-party applications instead. Open Files in Third Party Applications is more restrictive when disabled. Devices with conflicting settings use the disabled setting and block the opening of files in third-party applications.

Filtering

Intranet Gateway Settings

Use this dialog box to set up an Enterprise Resource Gateway (ERG) for SOTI Surf. ERG routes your web traffic through a proxy server and grants device users access to your internal network. You must have ERG configured on a proxy server to use this feature. Once you have set up ERG, you can link your server to the SOTI Surf app through the SOTI Surf configuration.

Refer to Installing the SOTI Apps Server Extension for more information.

Note: You can assign more than one profile to the same device with different SOTI Surf configuration settings. If one profile has Use Intranet Gateway enabled and another profile that targets the same device does not, then only the enabled profile applies. Also, if you assign more than one proxy server to the same device through many profiles, the device does not use all proxy servers. The device uses the first assigned proxy server's settings and ignores all other proxy servers. However, if the profiles share the same proxy settings (IP address/FQDN {fully qualified domain name} and port number), then all the domains of each matching profile are applicable.

Turn on Enable Intranet Gateway Settings and enter your ERG proxy address as an IP address/FQDN and its port number in the Enterprise Resource Gateway fields.

To specify which domains you want to route through the ERG, select Add in the Add a Domain table to add a new row.

Restriction: You cannot specify domains in iOS profiles.

Select Import to upload a .csv or .txt file with a list of domains to SOTI MobiControl.

To delete a domain, hover over its row and select Delete.

Website Restrictions

You can block users from accessing websites based on specific URLs or by website content. You can create a blocklist, an allowlist, or block websites based on content type.

When you apply a blocklist, any site on the blocklist redirects the device user to the default URL of blocked websites or a blank page, depending on your settings.

An allowlist is more restrictive than a blocklist. The device user can only access the sites specified on the allowlist. When the device user accesses any non-allowlisted sites, SOTI Surf redirects the device user to the default URL or a blank page, depending on your settings. Redirect URLs are automatically allowlisted.

You can not apply both a blocklist and an allowlist within the same profile configuration. If a device receives a blocklist and an allowlist from two different profiles, the allowlist overrides the blocklist. If a device receives more than one blocklist or more than one allowlists from different profiles, then SOTI Surf combines all the websites (and the exceptions) from the profiles.

Turn on Enable Website Restrictions and select a type: Blocklist or Allowlist.

To specify which websites you want to filter, select Add in the Websites table to add a new row.

Tip: Select Import to upload a .csv or .txt file with a list of websites to SOTI MobiControl.

To delete an entry, hover over its row and select Delete.

In the Redirection URL for Blocked Websites/Categories, enter a website URL. When device users try to access an unauthorized website, they are automatically redirected to the entered URL.

Turn on Exclude websites from the filter and select Add in the Websites table to add a new website exception to your blocklist or allowlist.

Use the Website Categories to Block section to block websites based on their content. Select any categories you want to block SOTI Surf from accessing or use Select All to block all the content categories.

Choosing Select All severely limits the functionality of the SOTI Surf browser.

You can add an exception to web content categories by adding the website to the exception list of an Allowlist web filter.

Note: When you enable the Uncategorized setting, device users cannot access any website without an assigned website category.

Devices with blocked categories from many profiles receive all the categories from all applied profiles.

Kiosk Mode

Kiosk mode limits SOTI Surf functionality, reducing device users' access to websites and SOTI Surf app settings. This mode disables the address bar, and users can only navigate forward through hyperlinks and backward using the back button. The long-press context menu is also disabled.

If you assign more than one kiosk mode setting to a device, the most restrictive one applies.

Turn on Enable Kiosk Mode to start.


Hide App Bottom Bar	When enabled, device users cannot access the bottom bar of the SOTI Surf app. The bottom bar includes the forward and backward navigation buttons, plus the home and the app menu icons. Selecting this option causes the Hide App Menu and Clear Cookies with Home options to become automatically selected.
Hide App Menu	When enabled, device users cannot access the app menu.
Clear Cookies with Home	When enabled, whenever the device user navigates to the home screen, SOTI Surf clears browser cookies. Note: This option is redundant if you select Allow Cookies in the Configure Privacy Settings section.
Allow Multiple Tabs	When enabled, the device user can access more than one tab in kiosk mode.
Allow Keyboard	When disabled, device users cannot display the keyboard. For example, when they tap on a text field. Note: Device users can still use the keyboard to log in, after which it becomes disabled.