Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Subscribers 5 subscribers
  • Views 20419 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Suggested feature requests / changes for SMC

RL

Hi,

We've recently moved from a competitors product to Sophos Mobile Control, and thus far we're quite impressed. However after doing some usability testing the following valid points (in our opinion) have come up...

1. In order to make the URL easier to remember for the Self Service Portal it should be accessible without the /SSP, and instead the SMC Management portal should have something like an /Admin switch

E.g.

https://smc.domain.com = SSP page

https://smc.domain.com/admin = SMC Management portal

2. In order to avoid a user accidentally choosing the wrong device type the user should be forced to select either private or corporate. This is instead of the SSP defaulting to 'private'.

3. You should be able to set a different default SSP Task bundle for private and corporate devices

4. And the most annoying of all - the shear fact that the user must open and re-close the Sophos Control application before the application can be activated from the portal, and therefore check the device for compliance.

With all of these shortcomings we have chosen not to use the Self Service Portal. It’’’’s a nice idea but its usability is quite poor.

If anyone from Sophos product management want's to discuss these points then feel free to contact me.

Thanks,

John

:40499


This thread was automatically locked due to age.
Parents
  • 0

    Hi Thomas,

    Appreciate you getting back to this post.

    I'll try and pick up on the points in the order raised...

    Point 1: I've voted for this request in the Sophos Features & Ideas Laboratory. Sorry, I wasn't aware that it existed until now. 

    Point 2-3: I've raised these as features requests in the Sophos Features & Ideas Laboratory as suggested.

    Point 4: Apple have forced this, then say no more ;)

    Point 5:  Also voted for in the Sophos Features & Ideas Laboratory

    Point 6. Now this is where I am confused....

    Previously we had 4 different LDAP groups set-up in the SSP for 1 customer. Let's call that customer "Staff". Each LDAP group was populated with users that required different profiles, tasks, compliance settings, etc.

    Two examples being:"Standard_Staff", "VIP_Staff".

    The order of the grouping in the SSP for the "Staff" Customer was:

    1. 'Standard_Staff' LDAP group at the top

    2. 'VIP_Staff' LDAP group below

    3. 'Default' group at the bottom

    NB: We forced the SSP customer selection to "Staff", so that's one piece of information the users didn't need to remember.

    The end result in the SSP was that a member of the "Standard_Staff" LDAP/AD group could log on, but a member of the "VIP_Staff" LDAP/AD group could not. 

    I then trawled through the umpteen guides again, and the Sophos KB's, but could not find any reference to the error. I then noticed a post in the SMC forums pointing out that only one group could be set for a customer.

    Knowing that I wanted to achieve the goals below, I raised a request with Sophos Tech for confirmation:

    GOALS:

    A. Create 4 different LDAP groups and assign a relevant Device Group and Task Bundle to each of them.

    B. Remove the need for the users to remember a customer ID (This is understandably a new concept to them)

    It was then confirmed by Sophos Technical support that a customer can only have 1 group assignment in the SSP, and was referred to section 20.2 in the Admin guide. Apologies if I have quoted the section incorrectly as I'm typing this from memory. Though for the life of me I could not find a note to a limit of 1 group, rather the ability to use wild cards for the groups.

    As a result I was forced to set-up SMC from scratch (again) and created 4 separate customers and assigned the relevant LDAP group to each. Ensuring that when I created the customers that the settings were cloned from the Multi Tenancy admin settings.

    NB: As a side note here. I understand, and had part expected the reason for not providing a drop down box for the customer ID's as being one of data privacy, but still believe that us admins should be given a selectable choice if we want to enable the drop down option.

    It's hard enough for a user to remember their password, let alone a "Customer" ID!? Especially when they are panicking that they have lost their phones.

    Now that we have 4 "Customers" the users will need to remember their Customer ID, and there's no way around it. Having 1 customer with the use of the 4 LDAP groups, each with their own settings, would have been better IMHO.

    For obvious reasons I am not suggesting this 'drop down customer' selection setting be enabled in the SMC SaaS option, but for the customers that have their own onsite installation. I'll take the risk that there is a drop down box called "VIP_Staff", "General_Staff", etc Vs a user having to remember their Customer ID any day.

    Thanks again,

    John

    :40613
Reply
  • 0

    Hi Thomas,

    Appreciate you getting back to this post.

    I'll try and pick up on the points in the order raised...

    Point 1: I've voted for this request in the Sophos Features & Ideas Laboratory. Sorry, I wasn't aware that it existed until now. 

    Point 2-3: I've raised these as features requests in the Sophos Features & Ideas Laboratory as suggested.

    Point 4: Apple have forced this, then say no more ;)

    Point 5:  Also voted for in the Sophos Features & Ideas Laboratory

    Point 6. Now this is where I am confused....

    Previously we had 4 different LDAP groups set-up in the SSP for 1 customer. Let's call that customer "Staff". Each LDAP group was populated with users that required different profiles, tasks, compliance settings, etc.

    Two examples being:"Standard_Staff", "VIP_Staff".

    The order of the grouping in the SSP for the "Staff" Customer was:

    1. 'Standard_Staff' LDAP group at the top

    2. 'VIP_Staff' LDAP group below

    3. 'Default' group at the bottom

    NB: We forced the SSP customer selection to "Staff", so that's one piece of information the users didn't need to remember.

    The end result in the SSP was that a member of the "Standard_Staff" LDAP/AD group could log on, but a member of the "VIP_Staff" LDAP/AD group could not. 

    I then trawled through the umpteen guides again, and the Sophos KB's, but could not find any reference to the error. I then noticed a post in the SMC forums pointing out that only one group could be set for a customer.

    Knowing that I wanted to achieve the goals below, I raised a request with Sophos Tech for confirmation:

    GOALS:

    A. Create 4 different LDAP groups and assign a relevant Device Group and Task Bundle to each of them.

    B. Remove the need for the users to remember a customer ID (This is understandably a new concept to them)

    It was then confirmed by Sophos Technical support that a customer can only have 1 group assignment in the SSP, and was referred to section 20.2 in the Admin guide. Apologies if I have quoted the section incorrectly as I'm typing this from memory. Though for the life of me I could not find a note to a limit of 1 group, rather the ability to use wild cards for the groups.

    As a result I was forced to set-up SMC from scratch (again) and created 4 separate customers and assigned the relevant LDAP group to each. Ensuring that when I created the customers that the settings were cloned from the Multi Tenancy admin settings.

    NB: As a side note here. I understand, and had part expected the reason for not providing a drop down box for the customer ID's as being one of data privacy, but still believe that us admins should be given a selectable choice if we want to enable the drop down option.

    It's hard enough for a user to remember their password, let alone a "Customer" ID!? Especially when they are panicking that they have lost their phones.

    Now that we have 4 "Customers" the users will need to remember their Customer ID, and there's no way around it. Having 1 customer with the use of the 4 LDAP groups, each with their own settings, would have been better IMHO.

    For obvious reasons I am not suggesting this 'drop down customer' selection setting be enabled in the SMC SaaS option, but for the customers that have their own onsite installation. I'll take the risk that there is a drop down box called "VIP_Staff", "General_Staff", etc Vs a user having to remember their Customer ID any day.

    Thanks again,

    John

    :40613
Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML