Install Smoothwall Browser on iPadOS devices – Help Centre

This article applies to organisations with a 'Hybrid' setup (both On-Premise Appliance and Cloud), as well as On-Premise only and Cloud only setups.

This article outlines the steps for installing Smoothwall Browser on iPads so that you can run Cloud Filter.

Before you begin

Remove all other browsers (such as Safari, Google Chrome, Microsoft Edge, and Brave), as they can’t monitor the text users enter into web pages. Smoothwall Browser must be the only web browser on the device. You can do this by selecting Show or Hide Apps in your Mobile Device Management (MDM) platform.
Ensure your iPads run iPadOS 14 or higher.

Step 1: Install the Smoothwall Browser

On each iPad

Download and install the Smoothwall Browser from the App Store.

Using an MDM

Push the Smoothwall Browser to 1-to-1 iPads, Shared iPads or ‘grab and go’ iPads using your MDM.

Most MDMs will identify the Bundle ID automatically when you add the Smoothwall Browser app. If your MDM requires an explicit association, enter this case sensitive Bundle ID: com.smoothwall.ios.Firefox

Step 2: Set up the iPad to report on user activity

Using your MDM

Configure Smoothwall Browser with the fields below using your MDM.

Field Name	Field Type	Purpose	Examples
SmoothwallSerialNumber	String	Required. Your Unified Client Serial Number (UNCL).	UNCLTESTTESTTEST
SmoothwallTenantID	String (Case insensitive)	Required only for a multi-tenant setup. Your Tenant ID.	0040007a-f99d-0000-dbdb-70024c4bb000
UserID	String	Required. Add a user identifier to be used in alerts and log activity and to group users.	%Email% (JAMF School) {{userprincipalname}} (Intune)
HomePageURL	String	Optional. Set the home page when the user opens the Smoothwall Browser. Enter the web address with the leading ‘https://’. The user can’t change this setting.	https://www.google.com

Using a manual Properties list (plist)

If your MDM doesn’t have a User Interface for configuring individual fields, upload a 'plist’ file to the iPads. We have provided some examples below.

Refer to your MDM provider’s documentation for appropriate variable formats:

Note

You must use the UserID field to identify users in logs and alerts. To have the correct value, don’t hard-code a string. Let your MDM push the users’ variables into the plist instead. For example, you can push the user’s variable %Email% in JAMF School and {{userprincipalname}} for the UPN in Intune.

Jamf Pro

Unset

<dict>
<key>SmoothwallSerialNumber</key>
<string></string>
<key>SmoothwallTenantID</key>
<string></string>
<key>UserID</key>
<string></string>
<key>UniqueDeviceID</key>
<string>$DEVICENAME</string>
<key>HomePageURL</key>
<string>https://www.google.com</string>
</dict>

Jamf School

Unset

<plist>
<dict>
<key>SmoothwallSerialNumber</key>
<string></string>
<key>SmoothwallTenantID</key>
<string></string>
<key>UserID</key>
<string></string>
<key>UniqueDeviceID</key>
<string>%Name%</string>
<key>HomePageURL</key>
<string>https://www.google.com</string>
</dict>
</plist>

Lightspeed

Unset

Intune

Unset

<dict>
<key>SmoothwallSerialNumber</key>
<string></string>
<key>SmoothwallTenantID</key>
<string></string>
<key>UserID</key>
<string></string>
<key>UniqueDeviceID</key>
<string>{{DeviceName}}</string>
<key>HomePageURL</key>
<string>https://www.google.com</string>
</dict>

Using Apple School Manager

On Shared iPads managed by Apple School Manager, you can’t push user-specific MDM configurations to individual apps. Instead, all users on an iPad share the same settings. For the Smoothwall Browser to identify users with the UserID, you need to make users sign into your organisation’s Single Sign-on (SSO) instance using the settings below.

Field Name	Field Type	Purpose
SSOProvider	String	Recommended. Use the specified SSO provider instead of the userID. There are two options: Microsoft: Sign in with Office 365 or Microsoft 365 accounts using the Microsoft Authenticator app on the iPad. If that app is unavailable, Smoothwall Browser will fall back to a web-based sign-in. You can’t use personal Microsoft accounts. Google: Sign in using Google Sign-in. You can’t automatically prevent users from signing in with personal accounts, so you should also use UsersIDsAllowedToSSOSignIn Important You must still supply a value for UserID, but it will be ignored.
UsersIDsAllowedToSSOSignIn	Array of String	Required if SSOProvider is supplied and set to Google. If this field is not supplied or is empty, any SSO account can be used to sign in. Add a list of case-insensitive usernames allowed to sign in to Smoothwall Browser. If your MDM solution does not support arrays, you can use a comma-separated string. Use * as the first character of a string to match to any username matching the remainder of the string. For example, *@myschool.org allows sign-ins from anyone whose username ends in @myschool.org.
CanStoreSSOUserIDInCloud	Boolean	Optional, can only be used if SSOProvider is supplied. When set to true, the username obtained from signing in via SSO is saved to the current iPad user’s iCloud account. When that same user uses a different iPad with the same iCloud account, the Smoothwall Browser automatically uses that saved username. When not used, left blank or set to false, the user must sign in via SSO on every iPad they use. Important Don’t use this option if users could have multiple SSO accounts, as the first one chosen will propagate to all future iPads they use. If iCloud syncing is not possible or is too slow, users may still be asked to sign in via SSO.

Step 3: Verify the installation

Open the Smoothwall Browser on an iPad.
Try to load a website.
- If the installation was unsuccessful, you’ll see error messages. Check your settings and reinstall the Smoothwall Browser.
- If the installation was successful, you’ll see the website load.
Go to the Diagnostics page and check that it shows the Filter Mode of Mode 2 and the correct user. If it shows Mode 1 or the wrong user, check your settings and reinstall the Smoothwall Browser.