This article applies to organisations with a 'Hybrid' setup (both On-Premise Appliance and Cloud), as well as On-Premise only and Cloud only setups.
This article outlines the steps for installing Cloud Filter on iPads. You can protect iPads by ensuring the Smoothwall Browser is the only web browser used on these devices, allowing Cloud Filter to scan text that users enter into web pages.
During deployment, you must remove all browsers, including Safari, as these browsers cannot monitor the text that users enter into web pages.
Before you begin
Your iPads should be:
- Using Smoothwall Browser 39.3 or higher.
- On iPadOS 14 or higher.
- Enrolled in a MDM.
Step 1: Push the Smoothwall Browser to iPads
- In your MDM, select Show or Hide Apps.
- Disable Safari and other browser apps (such as Google Chrome, Microsoft Edge, and Brave). For more information on disabling access to Safari, refer to your MDM's documentation.
- Push the Smoothwall Browser app via 1to1 (recommended in most cases), Shared in Apple Terms or ‘grab and go’ Shared iPads, with these minimum settings:
- Your UNCL Serial number for Smoothwall On-Premise Appliance.
- The username of the student assigned to the iPad.
- Your OrgID/TenantID for Smoothwall On-Premise Appliance if you are part of a multi-tenant setup. You can find this in the Admin panel in Cloud Filter.
Most MDMs will identify the Bundle ID automatically when you add the Smoothwall Browser app. If your MDM requires an explicit association of the Bundle ID, use ‘com.smoothwall.ios.Firefox’ (case sensitive).
MDM Configuration Fields
Fields with a name starting with "Smoothwall" contain data supplied by Smoothwall. All other fields are for data provided by you or your organisation.
Tip: You can control whether other apps are allowed to display web content: Limiting access to in-app browsers on iPad
Field Name |
Field Type |
Purpose |
Examples |
SmoothwallSerialNumber |
String |
Required. Contains the Smoothwall Serial number for the organisation. Starts with "UNCL" |
UNCLTESTTESTTEST |
SmoothwallTenantID |
String (Case insensitive) |
Required only for a multi-tenant setup. Smoothwall TenantID (UUID) of your Tenant. |
0040007a-f99d-0000-dbdb-70024c4bb000 |
UserID |
String |
Required. A user identifier to appear in alerts, log activity, and used to group users with an identifier automatically filled in by your MDM with your users’ information. If these are shared iPads deployed via Apple School Manager, use the steps in Additional Configuration Options for Shared iPads instead of the steps here. |
%Email% (JAMF School) {{userprincipalname}} (Intune) |
HomePageURL |
String |
Optional. Set the home page when the user opens the Smoothwall Browser. Type the web address with the leading ‘https://’. The user cannot change the home page settings. |
https://www.google.com |
Step 2: Create a manual Properties list (plist)
If your MDM does not have a User Interface for configuring individual fields, upload a 'plist’ file to the iPads.
The UserID field is required to determine the user shown in the logs and alerts. To have the correct value, do not hard-code a string; let your MDM push the users’ variables into the plist instead. For example, you can push the user’s variable %Email% in JAMF School and {{userprincipalname}} for the UPN in Intune.
To find the variables for your MDM provider, consult their documentation:
If you use the Apple School Manager to manage shared iPads, see Additional Configuration Options for Shared iPads for more information.
MDM Plist Examples
Jamf Pro
Unset
<dict>
<key>SmoothwallSerialNumber</key>
<string></string>
<key>SmoothwallTenantID</key>
<string></string>
<key>UserID</key>
<string></string>
<key>UniqueDeviceID</key>
<string>$DEVICENAME</string>
<key>HomePageURL</key>
<string>https://www.google.com</string>
</dict>
Jamf School
Unset
<plist>
<dict>
<key>SmoothwallSerialNumber</key>
<string></string>
<key>SmoothwallTenantID</key>
<string></string>
<key>UserID</key>
<string></string>
<key>UniqueDeviceID</key>
<string>%Name%</string>
<key>HomePageURL</key>
<string>https://www.google.com</string>
</dict>
</plist>
Lightspeed
Unset
<dict>
<key>SmoothwallSerialNumber</key>
<string></string>
<key>SmoothwallTenantID</key>
<string></string>
<key>UserID</key>
<string></string>
<key>UniqueDeviceID</key>
<string>%device_name%</string>
</dict>
Intune
Unset
<dict>
<key>SmoothwallSerialNumber</key>
<string></string>
<key>SmoothwallTenantID</key>
<string></string>
<key>UserID</key>
<string></string>
<key>UniqueDeviceID</key>
<string>{{DeviceName}}</string>
<key>HomePageURL</key>
<string>https://www.google.com</string>
</dict>
Step 3: Verify the installation
Open the Smoothwall Browser on an iPad.
- If the installation is successful, you will be able to open a website. Check that the Diagnostics page shows Mode 2, to confirm the configuration and blocklist are running as expected and that the user is showing as the correct person.
- If the installation fails, you will be prompted for the user configuration details. To resolve the issue, check your MDM variables for case sensitivity and completeness, then redeploy the installation.