SOTI Surf | Configuration Details (Windows Modern)

Use the SOTI Surf profile configuration to configure settings for your SOTI Surf app when:

This app closes based on the delay configured in the Delay Application Update settings and restarts once you update and assign the SOTI Surf profile configuration.

General

Home Screen

Add home screen catalog entries, a home screen website, or corporate bookmarks for the SOTI Surf app.

With website filtering enabled on the profile configuration, websites configured as the home screen or as part of the home screen catalog are automatically added to the "allow" list.

Note: If a device has more than one profile containing SOTI Surf, conflicts between the configured settings get resolved in the following manner:

If a device has more than one home screen website enabled, the profile assigned first supersedes all others.
If a device has more than one home screen catalog enabled, SOTI Surf adds all websites from all profiles to the catalog on the device.
If a device has a website and a catalog enabled, the home screen website supersedes the catalog.
If a device has a profile with the home screen enabled and another with it disabled, the profile with the enabled home screen supersedes the disabled setting.
Corporate bookmarks from more than one profile form into a unified set.

Activate the Enable Home Screen option to manage how SOTI Surf's home screen displays to device users. Then, select one of the following options:

Catalog: Provides a set of websites as links on the SOTI Surf home page. You can group links into folders.
Website: The home screen of the app is a website.

Table 1. Catalog
Websites	Add websites to appear as links on the SOTI Surf home page. Select New in the Websites table to add a new catalog entry. To delete a website, hover over its row and select Delete. Use the arrows to arrange the order in which websites appear on the SOTI Surf home screen.
Add Folders	Group websites into different folders. If you have many websites, you can simplify the app home screen by organizing website links into folders. Select the new icon in the Add Folders table to create a new folder. On the Add Folders screen, enter a name for the folder and select the (new) icon to add websites to the folder. Select OK once you have finished adding websites. You can add many folders and then arrange their order of appearance on the device screen.
Show Websites Before Folders in Catalog	Show website links before folders on the home screen of the app.

Table 2. Website
Home Screen URL	Enter the website URL to use as the SOTI Surf home page.
Configure Corporate Bookmarks	Add websites as bookmarks to SOTI Surf. Select New in the Configured Corporate Bookmarks table to create a new row. Enter a display name and the website's URL. Listed websites appear as corporate bookmarks. To delete a bookmark, hover over its row and select Delete. Use the arrows to arrange the order in which websites appear on the SOTI Surf bookmarks menu.

Table 3. Authentication
Enable Certificate Authentication	Option to map the certificate to a domain for automatic authentication in the SOTI Surf application.

Settings

Important: If you want to prevent device users from reversing a setting in the SOTI Surf app, enable the User Configurable toggle for the applicable setting.

Table 4. Accessibility
Full Screen Mode	When enabled, SOTI Surf remains in full-screen mode.

Table 5. Advanced
Restore Tabs on Startup	When enabled, tabs from an earlier session are automatically loaded the next time you launch the SOTI Surf app.
Open Links in New Tab	When enabled, links open in a new tab instead of the current tab.
Open Files Automatically after Downloading	When enabled, files downloaded by the device user are automatically opened by the applicable app.
URL Suggestion	When enabled, SOTI Surf suggests websites as the device user types in the address bar.
Download Location	The device location where SOTI Surf saves files downloaded from the internet. This option only applies to files downloaded from sites that are not routed through ERG. Downloads from sites routed through ERG get saved in an application sandbox. The download location must be a location in the device's internal storage, for example, %sdcard% or a defined directory path. Directory paths can not begin or end with `/` or `\`. They also can not contain any of the following characters: ' " ` % \ + : * ? < > Note: To save downloads to the root level, leave the download location field blank. If a device has many profiles with conflicting download location settings, it uses settings from the profile created first.


Hide Reset Settings	When enabled, device users can not see or access the Reset Settings option in the SOTI Surf app.

Table 6. Network Type
Browsing on Cellular	When enabled, the SOTI Surf app can use cellular networks.
Browsing on LAN	When enabled, the SOTI Surf app can use local area networks.
Browsing on WiFi	When enabled, the SOTI Surf app can use Wi-Fi networks.


Use Log In	Toggle on this option to enable user login. Once enabled, choose between LDAP and IDP for authentication. Lightweight Directory Access Protocol (LDAP): Device users must use their LDAP credentials to log into SOTI Surf. Inactivity Timeout: Enable this toggle to specify the user inactivity time (in minutes) before the user gets logged out. Enter 0 to enable inactivity timeout for the browser. Note: If a device gets assigned many SOTI Surf configurations with conflicting Enable LDAP Login settings, the configuration with LDAP enabled applies. If many configurations have LDAP enabled but with differing inactivity timeouts, the timeout period specified in the configuration applied first supersedes the later configurations. IDP: Add a user group. You can Manage Services to set up a connection to SOTI Identity and use its SSO authentication. After you have successfully connected to a SOTI Identity, you can then search for user groups to add. You can use other IDPs as this feature is available for SOTI Identity only. Access Token Validity Period: Specify the access token validity period. The default value is five minutes. You can set the validity period in minutes, hours, or days. The allowed ranges are: Minutes: 5 to 59 Hours: 1 to 23 Days: 1 to 365 If these fields are left empty, the "Required" validation applies. Refresh Token Validity Period: Specify the refresh token validity period. The default value is 28 days. You can set the validity period in days. The allowed range is 1 to 365 Days. Troubleshooting: If the access token value is equal to or greater than the refresh token value, the following validation message appears: `Access token value should be less than refresh token value`. Similarly, if the refresh token value is less than the access token value, the following validation message appears: `Refresh token value should be higher than the access token value`. If the access and refresh token values are the same, the following error message appears: `Refresh token value should be higher than the access token value`. Inactivity Timeout: Enable this toggle to specify the user inactivity time (in minutes) before the user gets logged out. Enter 0 to enable inactivity timeout for the browser.
Delay Application Update	Specify the time (in minutes) between when a configuration change gets pushed to the device and when the app must shut down and apply the update. If this happens, device users must log in again. The device automatically relaunches after the update finishes. If a device gets assigned many SOTI Surf configurations with conflicting app shutdown times, the first configuration created applies.
Open New Tab in Background	When enabled, selecting a link opens a new tab in the background. Note: If a device has many assigned profiles but has conflicting tab opening settings, the setting of the profile created first applies.
Allow Zoom	When enabled, device users can use gestures to zoom in and out on web pages.
Set Browser Zoom Level	Set the default magnification for all websites displayed in the SOTI Surf browser. You can set the zoom level to be between 50 and 500 percent. 100 percent is the standard zoom level.
Allow Media Auto-play	Disabling this feature prevents videos and audio clips from automatically starting playback. Muted videos are still autoplayed.
Hide Address Bar	Enabling this option hides the address bar in the SOTI Surf browser. This prevents device users from manually entering or editing website URLs, restricting user access to websites in the Home screen catalog.
Auto-Refresh	Enabling this option refreshes the web page automatically according to the defined frequency.
Refresh Interval	Define the auto refresh interval for web pages.
Search Engine	Select a default search engine for SOTI Surf to run searches from the address bar. If a device assigned to more than one profile has conflicting settings, the search engine from the first assigned profile applies.
Allow Debugging	When enabled, users can debug web pages displayed in SOTI Surf. For more information on this process, see Debugging Web Sites and Web Apps in SOTI Surf on Android Devices. If you assign more than one profile to a device, each having a different allow debugging setting, SOTI Surf uses the profile with the earliest creation date. For example, profile A, created first, has allow debugging enabled. Profile B has allow debugging disabled. The device allows debugging as profile A is the earliest.

Privacy

The privacy settings section for the SOTI Surf profile configuration enables you to dictate the browsing capabilities of your device users.

If you assign more than one profile with differing SOTI Surf configurations to the same device, the most restrictive version of the setting applies. In general, settings enabled in the Privacy section are more restrictive, with some noted exceptions.


Allow Copy from Browser	When enabled, device users can copy content from within a browser, both to other web pages and to apps outside of the browser. Note: Enabling this option also enables Allow Screen Capture when Browsing and Allow Sharing of Downloaded Files. Both options can be enabled without also disabling Allow Copy from Browser.
Allow Screen Capture when Browsing	When enabled, device users can take screenshots of their device screen while SOTI Surf is the active app.
Allow Downloading of Files	When enabled, device users can download any files from within the SOTI Surf app. Note: Enabling this option also enables the Allow Sharing of Downloaded Files setting. However, you can deselect this option independently of Allow Downloading of Files.
Restrict File Types	Enter file extensions for the file types that you want to block device users from downloading. Separate file extensions with a comma. For example: `.pdf`, `.docx`, `*.txt`.
Allow Printing	When enabled, device users can print any content from within the browser. Note: Allow Printing does not allow cloud printing on sites such as Gmail, where printing options are available.
Allow JavaScript	When disabled, JavaScript does not run on any web pages. Note: Device users may experience significant limitations when navigating the internet due to the prevalence of JavaScript.
Allow Popups	When disabled, SOTI Surf prevents websites from opening any popup windows. Websites can display alerts or confirmation boxes, but cannot open new web pages.
Clear Cookies on Launch	When enabled, when a browser relaunches, SOTI Surf clears cookies from the earlier browser session. Note: You can enable Clear Cookies on Launch independently of Allow Cookies.
Allow Website Cache	When disabled, the browser does not cache website data when the app closes or the user navigates away from a web page.
Allow Auto Fill	When disabled, web pages with forms or fillable fields no longer retain any previously entered information.
Allow Safe Search	When disabled, SOTI Surf turns off the safe search filter (normally active on SOTI Surf) to block inappropriate/explicit images and videos. Device users can access all web content if it is not blocked by other web filtering settings. Allow Safe Search applies to search results only. Note: When checked, Allow Safe Search is more restrictive.
Allow Access to Websites with Invalid SSL Certificate	When disabled, device users cannot access websites with SSL security certificate errors.
Allow Invalid SSL Certificate Warnings	When disabled, warnings about invalid SSL certificates are not shown to device users. Warning: This may lead to data security issues. You cannot use this option if you turned off Allow Access to Websites with invalid SSL certificate.
Clear History on Launch	When enabled, SOTI Surf clears browsing history from earlier sessions when you launch the SOTI Surf app. Note: If a device has more than one profile with conflicting Clear History on Launch settings, the profile with the setting enabled takes precedence.
Allow Bookmarks	When disabled, device users cannot save web pages as new bookmarks or edit existing bookmarks in the SOTI Surf app. Note: If a device has more than one profile with conflicting Allow Bookmarks settings, the profile with the setting disabled takes precedence.

Filtering

Intranet Gateway Settings

Use this dialog box to set up an Enterprise Resource Gateway (ERG) for SOTI Surf. ERG routes your web traffic through a proxy server and grants device users access to your internal network. You must have ERG configured on a proxy server to use this feature. Once you have set up ERG, you can link your server to the SOTI Surf app through the SOTI Surf configuration.

Refer to Installing the SOTI Apps Server Extension for more information.

Note: You can assign more than one profile to the same device with different SOTI Surf configuration settings. If one profile has Use Intranet Gateway enabled and another profile that targets the same device does not, then only the enabled profile applies. Also, if you assign more than one proxy server to the same device through many profiles, the device does not use all proxy servers. The device uses the first assigned proxy server's settings and ignores all other proxy servers. However, if the profiles share the same proxy settings (IP address/FQDN {fully qualified domain name} and port number), then all the domains of each matching profile are applicable.

Toggle on Enable Intranet Gateway Settings and enter your ERG proxy address as an IP address/FQDN and its port number in the Enterprise Resource Gateway fields.

To specify which domains you want to route through the ERG, select Add in the Add a Domain table to add a new row.

Tip: Select Import to upload a .csv or .txt file with a list of domains to SOTI MobiControl. To delete a domain, hover over its row and select Delete.

Website Restrictions

You can block users from accessing websites based on specific URLs or by website content. You can create a blocklist, an allowlist, or block websites based on content type.

When you apply a blocklist, any site on the blocklist redirects the device user to the default URL of blocked websites or a blank page, depending on your settings.

An allowlist is more restrictive than a blocklist. The device user can only access the sites specified on the allowlist. When the device user accesses any non-allowed sites, SOTI Surf redirects them to the default URL or a blank page, depending on your settings. Redirect URLs are automatically allow listed.

You can not apply both a blocklist and an allowlist within the same profile configuration. If a device receives a blocklist and an allowlist from two different profiles, the allowlist overrides the blocklist. If a device receives more than one blocklist or more than one allowlists from different profiles, then SOTI Surf combines all the websites (and the exceptions) from the profiles.

Turn on Enable Website Restrictions and select a type: Blocklist or Allowlist.

To specify which websites you want to filter, select Add in the Websites table to add a new row.

Tip: Select Import to upload a .csv or .txt file with a list of websites to SOTI MobiControl.

To delete an entry, hover over its row and select Delete.

In the Redirection URL for Blocked Websites/Categories, enter a website URL. When device users try to access an unauthorized website, they are automatically redirected to the entered URL.

Turn on Exclude websites from the filter and select (add) in the Websites table to add a new website exception to your blocklist or allowlist.


Disable Message on Redirection	Select this option to disable the access-restricted toast message. Restriction: Enabling this disables the Show Pop-up while Redirection toggle.
Show Pop-up on Redirection	Display a pop-up message, prompting the user to stay on the existing page when SOTI Surf blocks a website. Restriction: This disables the Disable Message on Redirection toggle.

Website Categories to Block enables the restriction of websites by content category. Choose one or more categories from the pre-defined list, such as News. SOTI Surf blocks all sites related to each selected category.

Note: Choosing Select All blocks websites from all categories in the pre-defined list.

Add a website to the exception list of an Allowlist web filter to create an exception for web content categories.

Note: Enabling the Uncategorized setting prevents device users from accessing websites not listed in any of the pre-defined categories.

Devices with blocked categories in many profiles receive all blocked categories from each applied profile.

Kiosk Mode

Kiosk mode limits SOTI Surf functionality, reducing device users' access to websites and SOTI Surf app settings. This mode disables the address bar, and users can only navigate forward through hyperlinks and backward using the back button. The long-press context menu is also disabled.

If you assign more than one kiosk mode setting to a device, the most restrictive one applies.

Turn on Enable Kiosk Mode to start.


Hide App Top Bar	When enabled, device users cannot access the top bar of the SOTI Surf app. The top bar includes the forward and backward navigation buttons, plus the home and the app menu icons. Selecting this option causes the Hide App Menu and Clear Cookies with Home options to become automatically selected.
Hide App Menu	When enabled, device users cannot access the app menu.
Clear Cookies with Home	When enabled, whenever the device user navigates to the home screen, SOTI Surf clears browser cookies. Note: This option is redundant if you select Allow Cookies in the Configure Privacy Settings section.
Allow Multiple Tabs	When enabled, the device user can access more than one tab in kiosk mode.