Configuring CIFS content site for Android Enterprise mode with Ivanti EPMM

Common Internet File System (CIFS) allows administrators to access group shared folders located on different servers by transparently connecting them to one or more CIFS name spaces. New Components in the JSON file:

  • Sentry hostname
  • Sentry port
  • Domain pattern
  • Sentry service

Configuring SCEP Identity Certificate and Sentry Profile

To configure SCEP Identity Certificate and Sentry Profile on Ivanti EPMM perform the following steps:

  1. In Ivanti EPMM, go to Services > Local CA tab > Add Generate self-signed cert. See, Generating a self-signed certificate section in the Core Device Management Guide for Android and Android Enterprise Devices guide.

Configuring AppTunnel Rules in Sentry on Ivanti EPMM

Before you configure CIFS in Android Enterprise mode, you need to configure AppTunnel rule in Sentry:

1. In the Admin Portal, go to Services > Sentry.
2. Edit the entry for the Standalone Sentry that supports AppTunnel.
3. Select the Enable AppTunnel option in the edit Standalone Sentry window.
4. In the AppTunnel Configuration section:

Select CIFS_ANY in the service name.

Select pass through and Kerberos from the drop-down menu.

Configuring CIFS content site on Ivanti EPMM

1. In the Ivanti EPMM Admin Portal, go to Apps > Add +.
2. Select Google Play and import the [email protected] app from Google Play store.

After completing the import in the [email protected], configure the app restrictions.

3. Select App catalog> edit> configuration choices:
  • Enter the Device UUID value as $DEVICE_UUID$.
  • Enter the User ID value as $USERID$.
  • Enter Group Site Configuration, for example CIFS group site configuration:

Configuration

JSON

For Basic Authentication

[{"auth":"","domain":"CIFS","name":"CIFS-Site","priority":"false","subDomain":"NetworkDrive","url":"https://cifs.company.com:445","webView":"false"}]

For Kerberos Authentication

[{"auth":"NoAuthn","domain":"CIFS","name":"CIFS-Site","priority":"false","subDomain":"NetworkDrive","url":"https://cifs.company.com:445","webView":"false"}]

  • Enter AppTunnel rules in JSON array format, for example:

[{"sentryHostName":"https://sentry.company.com", "sentryPort":"443",

"sentryService":"CIFS_1", "domainPattern":["cifs.company.com"]},

{"sentryHostName":"https://sentry.company.com", "sentryPort":"443",

"sentryService":"SERV_2", "domainPattern":["sharepoint.company.com"]}]

where;

sentryHostName: Standalone Sentry URL that you want to tunnel the sites URL listed in group site.

sentryPort: Sentry Tunnel port. Use port 443.

domainPattern:Content server's hostname. For example: finance.yourcomany.com or hostname with wildcards. The wildcard character is *. For example: *.yourcompany.com.

sentryService: The service name is used in the [email protected] configuration for setting up tunnelling to the content repository.

Identity_certificate: For Android AppConnect, drop - down is auto populated with SCEP Identity created while configuring sentry profile. For example: NEW_SCEP

For Android Enterprise, enter the following in the Identity Certificate text field:

$CERT_ALIAS:NEW_SCEP$.

4. Click Save.

Configuring digital signatures for PDF files in Ivanti EPMM

1. In the Ivanti EPMM Admin Portal, go to Apps > Add +.
2. Select Google Play and import the [email protected] app from Google Play store. After completing the import in the [email protected], configure the app restrictions.
3. In app restrictions options, for signing certificate:
  • Enter Signing Certificate alias, for example: $CERT_ALIAS:LOCAL$ This is the certificate alias set up in the Ivanti EPMM.

Where;

$CERT_ALIAS:$; Is the Certificate Enrollment setting configured in the Ivanti EPMM user interface for the devices. For example: $CERT_ALIAS:scepIdentityCert$, where;

scepIdentityCert is the name of the SCEP configured in Ivanti EPMM.

4. Click Save.