Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Configure Skyhigh Mobile Client for Android Devices

  1. Last updated
  2. Save as PDF

The Skyhigh Client for Mobile application enables end users to access the Internet and private applications from Android devices securely. When end users access websites or private applications, the traffic is forwarded to the Skyhigh SWG for policy enforcement before being directed to the actual website or private application. 

NOTE: 

  • This topic is intended for MDM administrators who manage end users' Android devices via the Skyhigh Client app. 
  • Skyhigh recommends creating a new user group and applying all relevant policies and configurations to the group. Once Skyhigh Client is set up and deployed, MDM administrators can add new users to the group. 

Prerequisites

  • The CA certificate should be trusted and must be available in the device trust store. Download the certificates locally for distribution. Download the forward proxy certificate from the SSE dashboard for internet access.  
  • Make the OPG Configuration file available on the devices:
    • MDM:
    • BYOD:
      • End users' personal devices must have a policy configuration (.OPG) file. MDM administrators can download the OPG file from the SSE dashboard and share it via email or any other sharing method. Save this policy file in a public location, such as the Downloads or Documents folder. To generate the Minimal OPG String for MDM and BYOD, see Generate Minimal OPG String for MDM and BYOD.

NOTE:

Push Minimal OPG using MDM

You can create an app configuration policy for the Skyhigh Client app in Microsoft Intune to enable the minimal OPG access for PA Applications option on managed devices.

To create an app configuration policy:

  1. In Microsoft Intune, go to Apps > Manage apps > Configuration.

    9.png
  2. Click Create > Managed devices.

    10.png
    The Create app configuration policy window opens. 
     
  3. Under the Basics tab, configure the following settings:
    • Enter the Name.
    • Select Android Enterprise as the Platform.
    • Select All Profile Types as the Profile Type.

      1.png
       
    • Select the previously added app as the Targeted app and click OK.

      2.png
       
  4. Click Next.

    3.png
     
  5. Under the Settings tab, from the Configuration settings format dropdown, select Use configuration designer.
  6. Enter the Configuration key as Encoded OPG configuration, set the Value type to string, and enter the Configuration Value as opgEncodedString to enable the minimal OPG file upload option.
  7. Click Next.

    4.png
     
  8. Under the Assignments tab, add the required group in the Included groups ​​​​​​setting and click Next.

    12- edited.png
     
  9. Under the Review + create tab, review the minimal OPG access configuration and click Create.

    5.png

    The Skyhigh Client app is now added to Intune and configured with the minimal OPG access option enabled for managed devices.

Install Skyhigh Client for Mobile in BYOD

End users must install the CA certificate to prevent seeing warning messages, such as Proceed to Unsafe, in their device browsers when accessing the app. Without the necessary certificates, you may be alerted that the page they are trying to access is not private.

NOTE: The Android device should have a lock screen (pattern, biometric, pin, or password) to install and trust a CA certificate. 

  1. Open Settings.
  2. Tap Security.
  3. Tap Encryption & Credentials.
  4. Tap Install a certificate.

    2025-09-25_12-43-15.png
     
  5. Tap CA Certificate.

    6.png
  6. Tap Install anyway on the alert screen. 
    Browse and select the certificate file and install it. Check if the certificate is available on the device.
Install Skyhigh Client 

Once the CA certificate is installed on the device, install Skyhigh Client from the Google Play Store. For more details, see the Skyhigh Client App for Android Devices.