Skip to main content
Skyhigh Security

First Time Set Up on Android Devices

You can ensure that the end users have access to the private applications they need from the Android-based devices by using the Skyhigh Security Cloud Access Client or through browsers such as Chrome, Firefox, or Microsoft Edge. This app is available on the Google Play Store. You need to share the Client Proxy policy (.OPG) file with the end users through an email message, MDM or copy it into the shared folder.  Also, we recommend to share the CA certificate downloaded from Skyhigh Security UI or your own certificate in the .crt or .pem format.

The end users must upload the .OPG file using the Cloud Access Client app and install the CA certificate using device settings. The CA certificate should be trusted and ensured that it is available in the device trust store. The policy upload is done only for the first time and is periodically refreshed automatically to reflect the latest changes.

Note: Currently, the Cloud Access Client app manages only the Private Access traffic.

Deploy Client Proxy policy

  1. Download and install Cloud Access Client from the Google Play Store.
  2. Read the disclaimer and select I agree to use data as specified in Terms.
  3. Tap Proceed.
  4. Tap Browse & Upload to upload the opg file you have received from the Administrator. You need to upload the .OPG when you are configuring for the first time. 

    The Cloud Access app asks for permission to use the Storage on your phone.
  5. Tap OK to grant the storage access.
    The Cloud Access app asks for permission to access photos and media on your device.
  6. Tap Allow.
    Search for the .OPG file and select it to complete the upload process. 

    Once the policy file is processed, the app prompts you to create the VPN profile.
  7. Tap Create VPN Profile
  8. Tap Allow.
  9. Select an email account to use with Cloud Access app and tap OK.

  10. Tap Get Started.
    Prompts you to enter login credentials.
  11. Enter your corporate username and password.

    After successful authentication, you can use the Cloud Access Client or enter the full URL of the private application in an external browser to access private applications.

    Note: You may need appropriate client applications to access applications using the RDP and SSH protocols. 

    private Apps.png

Install CA certificate

The end users may see Proceed to unsafe and other warning messages on the device browsers indicating that the page they are accessing is not private. In addition, some private apps might not deliver or pin the certificates, so installing a certificate on the device helps the Access Client use the appropriate certificate during interception.

Note: The Android device should have a lockscreen (pattern, biometric, pin or password) to install and trust a CA certificate. Furthermore, you can use MDM to automatically deploy and trust certificate without any user intervention.

  1. Open Settings.
  2. Tap Security.
  3. Tap Encryption & Credentials.
  4. Tap Install a certificate.
  5. Tap CA Certificate.
  6. Tap Install anyway on the alert screen. 
    Browse to the certificate file and select it. After installation, you can check the availability of the certificate on the device.

View Private Applications

  • Key icon - This icon is displayed on the status bar to indicate that the Cloud Access Client is running.
  • Status - Tap this tab to check the status of the private applications. The green color indicates that the private applications are accessible through the Cloud Access Client.
  • Settings - Tap this tab to view the following:
    • Debug logs - Enable this option to collect logs up to 30 MB. These logs are useful for troubleshooting issues. Log deletion is based on the oldest file to newest. When allocated disk space fills up, it deletes the oldest logs up to 15 MB. 
    • Export logs - Export and share the log information with the Skyhigh Security team.
    • Help - You can contact Skyhigh Security Support if you need any assistance.
    • Privacy Policy - You can check Skyhigh Security private policy details.

Android Device - Limitations

  • The devices with Android 7+ allow the app to ignore CA certificates installed on the system or the user store, so the HTTPS traffic scanning or inspection of third-party apps are not supported.
  • Furthermore, the HTTPS inspection is supported for the private applications only if 
    • the customer CA is installed and trusted by the Android device
    • the customer CA is accepted by the installed applications
  • Was this article helpful?