First Time Set Up on Android Devices
You can ensure that the end users have access to the private applications they need from the Android-based devices (phones and tablets) by using the Skyhigh Client app or through browsers such as Chrome, Firefox, or Microsoft Edge. The Skyhigh Client app supports Android 13 and is available on the Google Play Store.
- Share the certificates downloaded from the Skyhigh Security UI and your CA certificate in the
.pemformat. The CA certificate should be trusted and ensured that it is available in the device trust store.
- Share the .OPG file with the end users through an email message, or copy it into the shared folder or by using MDM solution.
The .OPG file policy upload is done only for the first time and is periodically refreshed automatically to reflect the latest changes.
Deploy Skyhigh Client policy without MDM
End users should manually upload the .OPG file shared by your administrator.
Deploy Skyhigh Client
- Download and install Skyhigh Client from the Google Play Store.
- Read the disclaimer and select I agree to use data as specified in Terms.
- Tap Proceed.
- Do the following when the .OPG file is not pushed using MDM:
- Tap Browse & Upload to upload the .OPG file you have received from the Administrator.
- Tap Allow.
- Search for the .OPG file and select it to complete the upload process.
Browse & Upload will not be displayed when the .OPG file is pushed through MDM. So you can skip step 4 when the policy file is deployed using MDM.
Once the policy file is processed, the app prompts you to create the VPN profile.
- Tap Create VPN Profile.
- Tap Allow.
- Select an email account to use with Skyhigh Client app and tap OK.
- Tap Get Started.
Prompts you to enter login credentials.
- Enter your corporate username and password.
After successful authentication, you can use the Skyhigh Client or enter the full URL of the application in an external browser to access private applications.
Note: You may need appropriate client applications to access applications using the RDP and SSH protocols.
Install CA certificate
The end users may see Proceed to unsafe and other warning messages on the device browsers indicating that the page they are accessing is not private. In addition, some private apps might not deliver or pin the certificates, so installing a certificate on the device helps the Skyhigh Client use the appropriate certificate during interception.
Note: The Android device should have a lockscreen (pattern, biometric, pin or password) to install and trust a CA certificate. Furthermore, you can use MDM to automatically deploy and trust certificate without any user intervention.
- Open Settings.
- Tap Security.
- Tap Encryption & Credentials.
- Tap Install a certificate.
- Tap CA Certificate.
- Tap Install anyway on the alert screen.
Browse to the certificate file and select it. After installation, you can check the availability of the certificate on the device.
Bypass or Block an Application
To bypass or block an application, do the following:
- Configure the process names in the bypass list. For more information, see Bypass the proxy server.
Note: Make sure to add the Android package name as the process name in the bypass list.
- Configure the process name in the block list. For information about how to configure, see Configure Block List.
Note: Blocks the application traffic accessed over non-standard ports (other than 80 and 443).
You will lose internet connectivity in all android applications when the Redirect only private access traffic to cloud option is unchecked. You can access web applications only through browsers. For more information about traffic redirection settings, see Redirect Only Private Access Traffic. Switch off the VPN connectivity from the Settings page to restore the internet connection.
View Private Applications
- Key icon - This icon is displayed on the status bar to indicate that the Skyhigh Client is running.
- Status - Tap this tab to check the status of the private applications. The green color indicates that the private applications are accessible through the Skyhigh Client.
- Settings - Tap this tab to view the following:
- VPN Connectivity - Displays the status of the VPN connectivity. You can enable or disable Skyhigh VPN service.
- Debug logs - Enable this option to collect logs up to 30 MB. These logs are useful for troubleshooting issues. Log deletion is based on the oldest file to newest. When allocated disk space fills up, it deletes the oldest logs up to 15 MB.
- Export logs - Export and share the log information with the Skyhigh Security team.
- Help - You can contact Skyhigh Security Support if you need any assistance.
Android Device - Limitations
- The devices with Android 7+ allow the app to ignore CA certificates installed on the system or the user store, so the HTTPS traffic scanning or inspection of third-party apps are not supported.
- Furthermore, the HTTPS inspection is supported for the private applications only if
- the customer CA is installed and trusted by the Android device
- the customer CA is accepted by the installed applications