Relution server 5.x

Support of Relution server 5.x

For the upcoming Relution server version 5.x the Relution Android client 5.0 is mandatory. Relution server version 4.x. is also supported but version 3.x is no longer supported. The app will report an incompatible server version when sign in is attempted.

Device enrollment

Enrollment of Android devices with Relution server 5.x

Enrollment of new Android devices on upcoming Relution server version 5.x requires the use of Relution Android client 5.0. Older app versions are no longer compatible and will report an error. Devices that are already enrolled with a previous version of the app will continue to work, but we recommend to update the app as soon as possible.

Policies

Support of new multi-policy feature with Relution server 5.x

Relution Server 5.x will support applying multiple policies on one device. To ensure full compatibility with Android devices, Relution Android Client 5.0 is required. Older app versions will correctly receive the configurations merged from the server, but the policies will not be reported back as successfully applied.

Samsung

Error handling on Samsung devices

With Relution Android client 5.0 multiple issues on Samsung devices have been fixed, including several restrictions could not be applied on devices that do not support multi-user profiles.

Android

Limitations with Android Legacy enrollments

Some devices running Android 10 incorrectly reported a permission error instead of a serial number. Note that devices running Android 11 or newer will never report a serial number when using legacy device administrator enrollment. This requires the use of Android Enterprise going forward.

Samsung Knox

Backwards compatibility

Improved backwards compatibility with devices running Samsung Knox 2.7.1 and older. Previously only Knox 2.8 and newer were working as expected.

Apps ratings

NSupport for app review and ratings suspended

The functionality to review and rate apps in the Relution app store has been removed from the Relution app, analog to server and portal.

The latest Android Relution Client version 5.0 can be downloaded from the Google Play Store or alternatively from our Download Center.

Notification

Notification for new Relution Client versions

As of now, organization administrators and app store managers will be notified about newly available Relution Client versions for iOS and Android via the Notification Center in the Relution Portal. As a prerequisite, native Relution Client apps must be configured in the organization settings. The notification about a new available Relution Client version includes the version number and a link to the corresponding release notes, which inform about respective new features.

Android

Reset password with Android Legacy

For classic enrolled Android legacy devices (device administrator) the action reset password and change password can be used on devices with Android 6.0 and older. The Android Client 3.96 is required to process the action on the device accordingly.

For Android 7-10 devices, a password can be set if the device does not currently have a password. Android no longer offers the option to change existing passwords. As of Android 11, passwords cannot generally be reset on legacy devices. We therefore recommend migrating to Android Enterprise.

Usability / Functional Optimization

• The configuration radio management for Android Enterprise has been moved to the restrictions for telephony
• Improvement of column configuration in list views (new portal)
• Optimization of filter selection in list views (new portal)
• Optimization of column display of name, icon and context menu for list entries (new portal)
• Optimization of search for display on mobile devices (new portal)
• Improved clarity by omitting sticky columns on mobile devices and small screen resolutions (new portal)
• Display of a fixed first column in list views, which cannot be changed via the column configurator
• Display of context menu in list views per list entry only on mouse-over (new portal)
• Improved display of the details page for Android Enterprise devices (new portal)
• Optimization of autocompletion on the Relution login page in the Safari browser (new portal)
• Optimization of the "Apply action" dialog in the device details of iOS devices (new portal)
• Improved error message on failure to send email for a device enrollment when the mail server is unreachable
• Display the current version of the policy instead of the previous version at the version number of a policy
• Ensure that the reported number of pending actions in the device overview list matches the displayed actions in the device detail view
• Disable buttons in app delete dialog when delete operation is active (new portal)
• Adding pagination to policy dialog for device selection (new portal)
• Addition of required markers and error messages for multiple input fields (new portal)
• General UX/UI improvements (new portal)

Technical Optimization

• Ensure app installation on iOS/tvOS/macOS by automatically sending a new app install action if initial installation process could not be successfully performed on the device and the app is not finally installed
• Performance improvements when loading user rights on Cockroach 20.1 or newer and PostgreSQL 9.6 or newer
• Introduction of JSON web tokens as a replacement for previous authentication mechanisms
• Login with a LDAP user can take place despite user synchronization being disabled, even if not all groups can be synchronized
• Policy migration is completed successfully even if the database contains invalid data
• Extension of CSV import from users to include files with UTF-8 with BOM encoding
• Shutdown of the Relution Server is no longer blocked indefinitely when Android Enterprise is configured in an organization
• Prevent loading unnecessary liquibase xsd schema files
• Fix policy cloning on systems running Microsoft SQL Server (new portal)
• Fix APNS certificate update
• Fix the configuration of Global HTTP Proxy when the proxy type is set to automatic
• Bugfix for iOS passcode configuration with the setting "allow simple password" (new portal)
• Preventing problems with ShedLock on PostgreSQL and cockroach databases
• Preventing duplicate public apps in the Relution App Store by copying policies across organizations
• Fix action send messages for Android devices

Technical Changelog

Find changelog of the release here

Password

Reset password with Android Legacy

With Relution Portal version 4.79, the action reset password and change password can be applied to devices with Android 6.0 and older for classic enrolled Android legacy devices (device administrator). The Android Client 3.96 is required to process the action on the device accordingly.

For Android 7-10 devices, a password can be set if the device does not currently have a password. Android no longer offers the option to change existing passwords. As of Android 11, passwords cannot generally be reset on legacy devices. We therefore recommend migrating to Android Enterprise.

The latest Android Relution Client version 3.96 can be downloaded from the Google Play Store or alternatively from our Download Center. Basically, it is mandatory to update the Android Relution Client before performing an OS update on Samsung devices.

Single Sign-On

Authentication for Relution file shares in multi-user mode

The compatibility of the iOS Relution client with the protocol OpenID Connect for Single Sign-On (SSO) automatically queries which login variants are available based on the user name when logging in. This provides ideal synergies with the data protection compliant Relution Shared Device Mode by allowing users to log in with their existing usernames from existing school directories. In addition, access to configured file shares via SSO is supported, allowing data to be securely stored under the respective user on local school servers.

The latest iOS Relution Client version 4.37 can be downloaded from the Apple App Store or alternatively from our Download Center.

Multi-user mode

Relution Shared Device Login

As part of Relution’s multi-user mode, iOS Relution Client version 4.36 ensures that when a user logs into the Relution Login screen, no credentials can be stored and used by subsequent users.

The latest iOS Relution Client version 4.36 can be downloaded from the Apple App Store or alternatively from our Download Center.

Groups

New system group “Content Manager”

Content Managers primarily have the right to obtain content in the form of apps and books and distribute them to devices or users. To enable this, users assigned to the group Content Manager can use the following functions Content Managers primarily have the right to obtain content in the form of apps and books and distribute them to devices or users. To enable this, users assigned to the Content Manager group can use the following functions in Relution:

• View and move apps
• Edit/approve app requests
• Create/manage categories
• View purchased apps and books
• Assign purchased apps and books to devices and/or users
• View users and groups (but not create/edit/delete)
• Assign auto-deployments to users and groups
• Manage VPP users
• Edit App Store settings
• Edit VPP settings
• Edit timetables and school subjects

Notification

Notification center in the Relution Portal

From now on, upcoming changes and important news will be displayed in the Relution Portal. The new Notification Center is located in the upper right corner and informs about expiring tokens and certificates as well as new Relution server versions. Newly available notifications are displayed via a badge. The following information is currently available for the respective roles:

System Administrator

• Release notes for a new Relution version, if the backend is not up to date

Organisation Administrator

• Expiring iOS Client Provisioning Profile
• Expiring VPP tokens
• Expiring DEP token
• Expiring MDM Push Certificates
• Expiring App Store Push Certificates

Security

Make login password for enrollments configurable

The length of the passcode for enrollments can be defined via the yml file. There is a possibility to choose a passcode between 5 and 16 characters. This way the security of authorized enrollments can be increased:

1 relution:
2 enrollment:
3 passcodeLength: 16


Operating system specific requirements regarding password length have to be considered additionally. After the change, the instance must be restarted.

iOS

Send app text messages to a device

In order to send a message to a device user as an administrator of Relution, the action “Send message” can be used. Title and content can be defined.

To receive the message, the Relution app must be installed on the device. When it is launched for the first time, push notification must be enabled.

Subsequently managed apps

Non-supervised apps installed by users on a device are updated if the device administrator defines the same app as a required app via app compliance or assigns it to a group or users via auto-deployments. On devices that are not supervised, a dialog appears asking if app management should be done via Relution. After confirmation, the app is updated and will be a managed app afterwards. On supervised devices, no dialog appears and the action is performed automatically. If there is a VPP license for the managed app in the Relution organization, it will be assigned automatically. No Apple ID is required on the device.

Usability / Functional Optimization

• Improved dashboard view (new portal)
• Optimized adjustemnt of the column order in the list of purchased apps (new portal)
• Improved display of table headers (new portal)
• Configurations of old versions of policies can no longer be edited (new portal)
• Performing an automatic refresh after plausibility check of the VPP synchronization history in the settings (new portal)
• Enable restriction "Force request permission to leave an unmanaged class" in an iOS policy to be stored (new portal)
• Avoid redundant information by removing additional toast messages when saving settings (new portal)
• Improved error message when resetting the password if the mail server is not available (new portal)
• Fix selecting actions in the device details (new portal)
• Fix creating a new enrollment, so that the selection of a policy in the corresponding dialog window can be permanently cleared and does not appear again (new portal)
• Extension of the iOS update action to include the selection of multiple iOS and tvOS devices (new portal)
• Extension of the detail pages of Android Enterprise devices to include the serial number (new portal)
• Extension of iOS restrictions for student devices to not be able to change the background image during an active exam session on the devices
• Extension of the iOS weblink configuration by specifying an app with which the configured weblink should be opened on the device
• Improved error message for invalid app approval status information when uploading apps to Relution
• Error prevention through non-deletable system groups
• Identifying a failed policy update on Android Enterprise devices when the management API returns invalid values
• Display of a warning when certificate authorities or certification templates are deleted in the settings if certificates based on them have been created that may become invalid as a result
• Fix blocking popup window that prevents using app detail page of public apps (new portal)
• Fix changing device name via CVS upload in auto-enrollments (new portal)

Technical Optimization

• Optimization of file upload in different organizations through a multi-tenant user (new portal)
• Enhancement of automatic installation of iOS system apps such as Pages or Numbers with available VPP licenses on student devices when the lesson is started from the teacher device
• Performance optimization by avoiding unnecessary pushes to devices for actions that have not yet been executed
• Optimization in the creation of organization names in the context of self-service registration to ensure unique organization names
• Improved error message in case of "incorrect configuration" of Android Enterprise permissions by validating entered values
• Optimized maintenance of permissions for users in the system organization to ensure that logon to the system organization is possible
• Automatically repeat the installation of a newly versioned iOS policy at a later time if the device cannot currently perform a profile installation
• Web API view now uses OpenAPI v3
• Using schema version 3.3 instead of 4.2 for the Liquibase database change log to avoid blocked XML schema downloads by restrictive proxies
• Troubleshooting Android Enterprise policy cloning by not cloning an existing managed app configuration
• Troubleshooting when working with the Relution App Store when two identical app release workflows have been created in the workflow settings

Technical Changelog

Find changelog of the release here

OS Update

Ensuring OS updates on Samsung devices

A new Android Relution Client is available for the classic enrollment with Device Administrator (Android Legacy) of Samsung devices, which restores compatibility with the Android 7 or older operating system. The current version is now compatible with both Android 7 and older as well as Android 11. The latest Android Relution Client version 3.95 can be downloaded from the Google Play Store or alternatively from our Download Center. Basically, it is mandatory to update the Android Relution Client before performing an OS update on Samsung devices.

Android 11

Adjustment of manual enrollment of Samsung devices without KME

For the classic enrollment with device administrator (Android Legacy) of Samsung devices with the Android 11 operating system, a new version of the Relution Client is available. This includes an adaptation for this enrollment type, as Samsung has changed the API and enrolled devices will otherwise be withdrawn again, as Samsung does not recognize the accepted Knox license.

iOS

Relution Shared Device configuration for single app mode

There is now an additional checkbox “Lock device to enforce login” in the configuration. If this option is activated, the Relution app is put into single app mode as long as no user is logged in. Only after login into the Relution app access to other (authorized) apps will be granted.

For example, to be able to switch to another WiFi outside of the school WiFi, the Relution app must not be operated in single app mode to allow access to the settings. For this case, the option “Lock device to enforce login” must be disabled.

Additional restrictions for Apple Classroom on iOS

With an iOS policy different restrictions for the Apple Classroom app can be set in Relution:

• „Allow the teacher to lock apps and devices“ - allows the teacher to lock a student's device or an app open on the device
• „Force automatic join in Classroom classes“ - students are not asked to join a class when activated
• „Request permission on leaving unmanaged Classroom class“ - leaving an unmanaged class requires permission from the teacher when activated

Android Enterprise

Skip password setup during device enrollment

When setting up enrollments for Android Enterprise Fully Managed Device, an additional checkbox can be set to skip setting up passwords/patterns during the enrollment process on the device.

Update enrollment:

Bulk enrollment:

Extension of the WiFi configuration

Addition of the EAP security type and proxy settings to the WiFi configuration for Android Enterprise Fully Managed Device.

macOS

Managed apps for macOS 11+

Relution is now fully compatible with macOS 11+ and supports provisioning of managed apps on macOS with Bug Sur.

Managed AppConfig for macOS 11+

Relution supports the configuration of managed apps via AppConfig for macOS with Big Sur. This feature is available as a configuration in the Relution policies for macOS.

tvOS

OS update action for tvOS devices

In the device details, the button “Apply Action“ under the “Actions” tab allows for installing OS updates on the selected device.

Furthermore, the WiFi MAC address for tvOS devices is now displayed in the device inventory.

Administration

SFTP synchronization for Apple School Manager (ASM)

In order to minimize administration efforts when maintaining class records in both systems Relution and ASM, an SFTP synchronization can be set up in Relution under “Settings -> Apple School Manager Synchronization”. The required SFTP-URL, -user and -password are available in ASM.

This way, data sets with school context such as users for teachers and students as well as classes created in Relution can be synchronized with ASM. For this, at least one class, one teacher and one student must exist in Relution. Users must belong to either the “Teacher” or “Student” system group in Relution in order to be included in the synchronization.

When a user is created in ASM automatically, the first name, last name, and email address of the corresponding Relution user are used. In ASM it can also be activated that for each imported Relution user a Managed Apple ID is created in a predefined format. In Relution, the created Managed Apple ID is also stored for the corresponding Relution user in the according user profile. For example, the Managed Apple ID can be used for login to the Apple Shared iPad in order to distribute individual apps via Relution.

When setting up SFTP synchronization in Relution for the first time, an initial sync with ASM is performed. If the corresponding Relution organization is not yet known to ASM, a new location is being created automatically. Subsequently, the sync is performed once per day per organization by default.

Extension of CSV import for users

All properties that can be specified when creating a user manually are also possible via CSV import. In addition, up to 15 user-specific properties can be defined. The corresponding column names must be specified with custom1 to custom15:

userid,email,first name,last name,password,phone number,position,country,managed apple id,custom1,custom2,…,custom15

Usability / Functional Optimization

• Improved workflow when importing users via a CSV file

Technical Optimization

• Optimize verification of payload signatures for newly enrolled Apple devices
• Increase frequency of periodic pushes to Apple devices to optimize action delivery
• Optimization of VPP licenses for apps referenced in multiple VPP tokens
• Automatic renewal of PKI certificates
• Performance optimization by preventing server synchronization of groups when LDAP connection is interrupted
• Fixing issue when saving auto-enrollments several times

Technical Changelog

Find changelog of the release here