Procedure

1. On the System Settings screen, click the Advanced tab.
2. Under Application Usage Log section, select Enable application usage log.

   Note If enabled, you can view the application usage log on the following screens: Dashboard, in Top 5 Applications Used widget (also available even when the feature is disabled). User Management, on the user details screen for each user. Click on a user name to see user details. The applications usage information on this screen includes the complete list of applications used, sequence and duration of usage and the locations where the applications were used. Logs, using Apps Used Log query, you can look at the name of the applications used by users and the usage duration for each application.

3. Under OAuth 2.0 Authentication section, select Enable OAuth 2.0 authentication.
4. Configure the following options:
   • Client ID and Client Secret: The Virtual Mobile Infrastructure server ID and secret code generated by the Authorization Server. The Client ID represents Virtual Mobile Infrastructure in Authorization Server and the secret code is required by the Authorization Server for access authorization.
     Use the following command on the command console on Secure Access to get the Client ID and Client Secret:
     /vmi/authorizationService/manage.py create_app "Trend Micro Virtual Mobile Infrastructure" https://{your secure access address:port}/api/v1/portal/oauth

     Note Replace {your secure access address:port} with Secure Access IP address and port number.

   • Authorization URL: The Authorization URL for the users to provide certificate authorization.
   • Token URL: The Token URL for the Virtual Mobile Infrastructure to get access token and refresh token from the Authorization Server. An access token has a limited lifetime. If Virtual Mobile Infrastructure needs access to Authorization Server beyond the lifetime of a single access token, it obtains a refresh token. The refresh token allows Virtual Mobile Infrastructure to obtain new access tokens.
   • Account Information URL: The Account Information URL is generated by the Authorization Server and includes the user account information for authentication.
   • Client Certificate: Client certificate is used to create a mutual authentication SSL connection to Authorization Server or Identity Provider (IdP). Generate, and then upload the client certificate file here.
     Use the following command to generate the client certificate file:
     /vmi/authorizationService/manage.py init_cert
     The Authorization Server generates the client certificate file at the following location:
     /etc/pki/vmi/client.pass.p12

     Note Virtual Mobile Infrastructure only supports .p12 and .pfx client certificate file types.

   • Certificate Password: Type the following client certificate password: vmi
   • Verify authorization server certificate: Select this option if you want to verify the CA certificate, and then upload the CA certificate in the Certificate Authority field. The CA Certificate is available at the following location:
     /vmi/testcert/root.crt
   • Certificate Authority: Certificate Authority is used to avoid man-in-the-middle (MitM) attack and verify Authorization Server certificate.

     Note Virtual Mobile Infrastructure only supports .pem CA certificate file types.

   Note The Authorize URL, Token URL and Account Information URL fields are automatically filled with the relevant information.

5. (Optional) Click Test Connection to verify your settings.
6. Click Save.