Skynote Mac – Application configuration guide

Skynote Mac S service

Document and File Information

DOCUMENT INFO The table below provides all the data on the document:

Document title: Application Configuration guide

Version number: V1
Version date:

Author: Mateos E. – Atlan Gilles.

Owner: Mateos E.
Keywords:

Security level: This document is meant to be used by USERS and SUPPORT people

DOCUMENT The table below provides the version history of this document:
HISTORY

Version Date Author Notes

1.0 17/08/2017 Gert De Vuyst Initial version.

1. Contents
1. Introduction ............................................................................................................................................. 4
2. Applications installed by Airwatch ........................................................................................................... 5
Symantec Enpoint Protection (SEP).............................................................................................................. 5
One Wifi ....................................................................................................................................................... 5
Office 2016 – Outlook 2016 – Skype ............................................................................................................ 6
Chrome ......................................................................................................................................................... 8
Proxy / Location Detection ........................................................................................................................... 8
3. AD interaction and your Mac (Nomad) .................................................................................................. 10
4. Shared network drives in Engie. ............................................................................................................. 13
5. Smime Support (mail security/signing). ................................................................................................. 14
6. Cisco AnyConnect - VPN ......................................................................................................................... 16
7. Cisco AnyConnect & Okta. ...................................................................................................................... 18
8. SAPgui java. ............................................................................................................................................ 22
9. Printing – “Follow Me”. .......................................................................................................................... 24
10. Skype Phone System. ......................................................................................................................... 28
1. Introduction
Introduction In this doc we will cover the application configurations of a “Skynote Mac”
and linked topics:

• Mailbox must be on Office 365 cloud and Outlook will be used.

• Security (encryption & antivirus, Fw …) will be enforced.
• Office 2016, so E3 license required
• Skype for Business.
• Chrome.
• CiscoAnyconnect.
• Wifi integration (ONE-WIFI)
• Ad Interaction with the Mac.
• Access to file share.
• Sapgui.
• Other (see table contents).

Requirements This document requires Airwatch enrolment

to start
The Mac must be enrolled in Airwatch by the support team!
2. Applications installed by Airwatch

Symantec Enpoint Protection (SEP)

1. Symantec Antivirus & firewall
Symantec SEP will be installed silently on the mac.

One Wifi
1. One-Wifi
A profile configuration is pushed on the Devices in order to
provide Wi-Fi access to the corporate WiFi ONE-WIFI, available for
Mobile Device inside ENGIE building giving you access to the
“Office network”.

To connect to One-WIFI select ‘One Wifi’.

Select Mode EAP-TLS

Select the certificate for authentication (the one with your users
id in it)

Click join.

Allow the change to be applied on you mac by typing your

password.

Office 2016 – Outlook 2016 – Skype

1. Office 2016 (part of Office 365 E3 License)

If not pushed by Airwatch, please trigger the install through the

Office Shortcut (right under in your Mac, next to Calalog):
Launch Outlook for the first time
When the office package is installed, launch Outlook from the
launchpad.
The first launch will initiate the activation of the Office suite:

2. Outlook Profile

In Outlook check that the ENGIE MAIL profile has been installed.

If the profile was not installed yet, wait for this step until the
profile is installed.
Type your password. (You will have to retype here your password
when it will change)

3. Skype
Skype will be pushed. First logon to Office and you’ll be connected
to Skype automatically.

Chrome
1. Chrome

Chrome will be pushed and available in Launchpad

Chrome
• Will be set as default browser
• Will have Horizon as default homepage

Chrome has been adjusted to work with the standard Engie

intranet sites and tools (example ESS HR)

Proxy / Location Detection

1. Proxy and automatic location detection

Your Mac will also be configured to react to Wifi changes and so

provide correct proxy references when using corporate Wifi.

Example:
You can check in network preferences
A location has been configured for One-Wifi

In advanced, proxies menu you will see that a proxy reference has
been added.
The reference is specific to BU or customer and will be different.

Remark 1:
When you open an internet site for the first time, using this Proxy,
you will receive an authentication popup to use the proxy. Type
your Active Directory credentials.
Ex: ‘Corp\Fga060’ and your “windows” password.

Remark 2:
During testing period, if you have the Zscaler proxy assigned, you
might encounter issues (still in test).
In that case, change the “Automatic Proxy Configuration” to:
- In Belgium : http://proxypac.electrabel.be/gdfsuez.pac
- In France : http://proxypac.myengie.com/proxy.pac

A specific location will be created regarding the use of Cisco

Anyconnect. This location needs to be manually selected during a
cisco anyconnect VPN session.
3. AD interaction and your Mac (Nomad)

Context: The Mac will not be joined effectively to Active Directory (AD) but
interactions will however be achieved via a tool called Nomad.

Nomad is the tool that helps you with:

• Synchronize your local password with the Active Directory password.
• Tell you when your Active Directory password expire and allow you to
change them.

Nomad is a required software (and is pushed automatically) when

you have a Corporate mac device (COD).

1. The Nomad App will be silently installed.

Nomad will not work yet. It needs configuration:

2. Configure Nomad

When Nomad is installed you will notice the triangle icon. When
you click on it you’ll see the menu

Remark: Make sure you are connected to the Office Network (One
Wifi or connected over VPN) before to start configuring Nomad.

Now open prefences

And add the field AD Domain with the right Active Directory
domain you belong:
• CORP Domain : enter ‘win.corp.com’
• SDMN01 Domain : enter ‘sdmn01.sirius.infra.com’
• Other domains: ….. to be added

And make sure you check the fields

• Use Keychain
• Renew Ticket
• Show Home Folder
• Use 7.200 seconds

Aftre first connection with the Active Directory, the field ‘Kerberos
Realm’ will be filled in automatically !

The click ‘Sign In’ in the menu

and fill in your Group id (aka Active Directory user id) and your
Active Directory password (aka Windows password).

You will need to enter the password of your active logon session.
Note that you changed this during Airwatch setup!

From this moment,

Your logon password will be set to your Active Directory
password.

In all cases, now your Nomad is active and will show the amount
of days that your Active Directory password is still valid, as
reminder for password change.
You can change your password through the Nomad menu.
4. Shared network drives in Engie.

Details You can access to share drive as explained below (via ONE-WIFI or
Cisco Anyconnect):

Steps Actions
1. Select GO -> Connect to Server

Specify share reference:

Smb://your share
And click connect
5. Smime Support (mail security/signing).

Details If you have a smime certificate to sign & encrypt your emails from
your mac, here is how to configure your Outlook on your Mac:

Steps Actions
1.

You can check in systems preferences Profiles that you have received a
profile “SMIME”
2.

In your outlook preferences select accounts

3.
4.

5.

Select the certificate corresponding to your name & email adress.

6.

Proceed the same for Encryption.

7.

In outlook you can decide to sign and/or encrypt any message.

6. Cisco AnyConnect - VPN

Rsa Token. Cisco Anyconnect has to be used in conjunction with your RSA token
(See chapter 9 for Okta Mfa when applicable) for strong
authentication.

Here is how:

1. Cisco AnyConnect VPN

This VPN will also be installed silently via Airwatch:

following apps will appear in the launchpad once

installed. A reboot of the mac will be required.
2. Once connected to a non-corporate wifi you should start
your Anyconnect secure vpn:

when prompted, type your Rsa Token pin personal pin code + rsa
response code.
3. NB: Check your proxy references:
Depending on user perimeter, the proxy reference may
differ. Via Airwatch you should receive specific
configuration. You can check that by opening the Network
preference
4.

Click the drop down

5.

You will see several automatically created “locations”:

One-Wifi For BE proxypac.electrabel.be/gdfsuez.pac

For FR: proxypac.myengie.com/proxy.pac
Automatic No corporate proxy defined.
Anyconnect When using the Cisco Any connect proxy are
needed:
For BE proxypac.electrabel.be/gdfsuez.pac
For FR: proxypac.myengie.com/proxy.pac
To choose the wifi locations according your actual
location and wifi target.
7. Cisco AnyConnect & Okta.

Enroll to Oka Remark: this feature may not be activated yet, verify if this
Verify feature/service is enabled for you, before to continue.

Before using multifactor authentication, you will need to enroll to

Okta verify. Your mobile device (telephone) will be used as token
generator:
Steps Actions
1. Open the following url on your Mac :
https://engie.okta-emea.com/app/UserHome

Select Okta MFA Enroll.

Nb: If you don’t have access to this url contact your support.
2.

Click Okta verify

3.

Select the OS of your mobile device and install it from the respective apps store.
4. On you mobile (phone) install the Okta verify Apps :

Click add account & allow camera use & send notifications.
5.

From you mobile device scan the Qr code that will be displayed on your Mac
display.
6.

Open okta Verify Apps & type code.

7.
Open a Cisco Once enrolled to the MFA okta verify, here is how to initiate a RAS
AnyConnect connection:
session with
Okta

Steps Actions
1. To be continued.
8. SAPgui java.

Configuration To access sap systems the java SAPgui will be installed (if
requested/needed available via Engie Enterprise Store). Check the
installation indication hereafter:

Steps Actions
1. The several packages will be pushed on your device, this
could take time, the java machine and the sapgui java client.
2. Before the start and the end of the sapgui installation you
should receive the following notifications:

3. You can check if the java is correctly installed by opening the

system preference and see if java icon is present.

4.

In the launchPad you will find the sap client

5. Start the Sapgui

6. To refer to a SAP system:

Click
7. Click advanced:

8. In description specify a system description (GP2 …)

Select Expert mode and type:

/H/ungp2.eib.electrabel.be/S/3270

Click Save. You are ready to use sapgui.

(at the first launch, another popup will occur select
appropriate entry).
9. Printing – “Follow Me”.

Configuration To access the “Follow me” print service please follow these steps:

Steps Actions
1.

Go system preferences and select Printers & Scanners

2.

Click + to Add a printer

3.

Right click and select customize Toolbar.

4.

Drag the Advanced icons in the printer control panel.

5.

click Done.
6. Click on the Advanced Icon:

Select type “Windows printer via spoolss

7. NB: A printer defined on any of these printer servers should be
enough to allow you to print on any/from these locations. For
performance purpose choose the one where you are the most.
BE - Brussels - Engie Tower (GST) XS206218.melinda.local/GS-universal-canon
BE - Gent – Esplanade XS208058.melinda.local/GS-universal-canon
BE - Gent - Roosevelt
BE - Antwerpen - Kievit (Engie Tower) XS206218.melinda.local/GS-universal-canon
BE – Doel XS208302.melinda.local/GS-universal-canon
BE - Tihange XS208303.melinda.local/GS-universal-canon
FR - Paris - Euroatrium xs208491.melinda.local/GS-Universal-Canon
FR - Paris - T1/T2 xs208231.melinda.local/GS-Universal-Canon
8.

• Copy/paste the print server reference in the URL field.

• Specify a name for the printer.

9.

In use field select software then the printer model (probably the
C5250i).
Nb:
If the canon drivers are not available on your mac (should be
installed automatically – See in your finder in /library/printers you
should have folder called canon) they are also available here:
http://www.canon.ca/inetCA/en/suppdrv?m=goDrivers&type=I&mi
d=1005347
(refer to Macintosh drivers canon urfii)
10. The first time you will use the printer you will receive an
authentication popup. Type your credential as required:

11. Follow the “Follow me printing” procedures for further printing

instructions.
10. Skype Phone System.
NB: If applicable or available.