When an iOS device user can use AppConnect for iOS

An iOS device user can use an AppConnect app only if:

  • The device user has been authenticated through MobileIron Core.

    The user must use the Mobile@Work for iOS app to register the device with MobileIron Core. Registration authenticates the device user.

  • You have authorized the app to run on the device.

    If the app is not authorized, the app does not allow the device user to access any secure data or functionality. If a device user launches an unauthorized wrapped app, the app displays a message and exits. An SDK app (an app built with AppConnect for iOS SDK or Cordova Plugin) should have the same behavior if the app handles only secure data and functionality. Otherwise, an SDK app runs but restricts the user to only unsecured functionality and data.

    To authorize an AppConnect app for a device, you apply the appropriate labels to the app’s AppConnect container policy.

  • No situation has caused an authorized AppConnect app to become unauthorized for a device.

    These situations include, for example, when the device OS is compromised. The Ivanti UEM client reports device information to the Ivanti UEM. The Ivanti UEM then determines whether to change the AppConnect apps on the device to unauthorized based on security policies and associated compliance actions that you configure.

  • The device user has entered the AppConnect passcode or Touch ID / Face ID.

    You configure whether the AppConnect passcode is required, and also configure rules about its complexity. You also configure whether the device user can use Touch ID or Face ID to access secure apps.

AppConnect for iOS is not supported when a device is configured for single-app mode, which is described in "Single-app mode policies" in the Core Device Management Guide for iOS and macOS Devices.