Key-value pairs to configure app behavior

Table 1. key-value pairs to configure app behavior

Key

Value

Description

Specify the level of detail for logs

log_level

  • DEBUG
  • INFO
  • WARNING
  • ERROR

Select one of the following:

  • DEBUG: Includes debug level information for application flow and request, response messages for target repositories. This is the highest level and verbose, so choose this level only when needed.
  • INFO: Includes only information related to specific flows and requests.
  • WARNING: Includes only warnings about runtime errors and target repositories.
  • ERROR: Includes only runtime errors, and error and status codes from requests to target repositories.

Email logs

support_email_id

Enter a valid email address.

Automatically populates the email address when the device user emails the device logs.

Block adding content

blocked_storage_domains

  • Box
  • WebDav
  • CIFS
  • SharePoint

Blocks device users from adding the content site to [email protected]:

Enter the values as a semicolon (;) separated list.

Example: Box;Dropbox;CIFS

Microsoft SharePoint includes Office 365 SharePoint sites.

  • If SharePoint, Box, or Dropbox is blocked, the option will not be available when the device user tries to add a site.
  • If WebDAV is blocked, both Network Drive and Ivanti Neurons for MDM storage options will not be available. All WebDAV and CIFS sites will be removed from [email protected]
  • If CIFS is blocked, the device user is presented with an error message when trying to add a CIFS site. Existing CIFS sites will be removed. WebDAV sites will not be removed. Network Drive and Ivanti Neurons for MDM storage options will continue to be available when the device user tries to add a site.
  • Documents from the blocked sites marked as Starred, Offline, or in Recents will be removed. Documents in My Files are not removed.

Block adding user sites

disable_user_sites

  • true
  • false

Blocks device users from adding sites to [email protected]

User added sites will be removed. Documents from user sites marked as Starred, Offline, or in Recents will be removed.

Restrict number of allowed user sites

restrict_number_of_user_sites

Connector type: Number of sites that are allowed.

For example: SharePoint:2, Box:1

Restricts the number of User sites that a device user can add. If a site type is not configured, there are no restrictions on the number of User sites for that site type.

Restricting number of User sites has no impact on blocked sites. This key-value pair only applies to allowed sites. The configuration is ignored if DISABLE_USER_SITES is true.

Enter the following value:

  • site type and number in the following format:

Site type1:number; Site type2:number.

Valid entries for site type are: SharePoint, Box, Dropbox, WebDAV, CIFS.

Number is a positive integer greater than 0.

In this example, the device user will be able to add up to two SharePoint sites, and only one Box site. There are no restrictions on any other type site.

Disable editing

disable_editing

  • true
  • false

Disables the following in My Files and all content sites in [email protected]:

  • Editing.
  • Creating new files and folders.
  • Importing images from photo gallery.
  • Uploading to and deleting files in the backend resource.

Add group sites using key-value pairs

SITE_DETAILS_N

Where n is a number 1-100

Example:

SITE_DETAILS_1

Enter parameters for the content site in the following JSON format:

{"name":"name for the site","url":"valid url for the content repository including port","domain":"SharePoint", "subDomain":"Federated","priority":“true | false”, "webView":“true | false”}

Example to add a SharePoint :

{"name":"SharePoint Group","domain":"SharePoint","url":"https://SharePoint.com"}

Example to add a Box Site:

{"name":"Box1","domain":"BoxEnterprise","url":"https://www.box.com"}

  • Ensure that there are no spaces
  • Values are case sensitive

Required parameters:

“name”, “url”, “domain”, “subDomain”

Adding a SharePoint Group site with Federated authentication

name for the site: The name is displayed in the [email protected] app.

valid url for the content repository including port: The URL must start with http:// or https://. Both domain name and IP address are supported.

If priority is not defined, the default setting is false. "priority":"false" identifies the content site as a Group site. Configuring “priority”:“true” identifies the site as a Published site. You can configure a site as a Published site only if “subDomain” is also configured.

If "webView":"true", the SharePoint documents can be opened in Microsoft’s online web viewer and editor. The site is automatically a Group site. It cannot be configured as a Published site.

Pushing Enterprise Box Site from Ivanti EPMM.

Example:

{"name":"SharePoint","url":"https:// sharepoint.acme.com","domain":"SharePoint","subDomain":"Federated","priority":"false"}

Autofill Credentials

autofill_credentials

Automatically populates the user name for the content site.

Enter parameters for the content site in the following JSON format:

{"URL":{"domainType":"DomainType","userName":"$USERID$","password":"$PASSWORD$"},"default":"Domain/$USERID$"}

For JSON format:

  • Ensure that there are no spaces.
  • Values are case sensitive.
  • Ensure that the JSON format is valid.
  • The variable for user name can be preceded by either a single forward slash or two back slashes: Domain/$USERID$ or Domain\\$USERID$

URL: Enter the URL for the content site. Include the protocol. Example: http, https.

Domain Type: Enter one of the following: SharePoint, WebDAV, Box, BoxEnterprise, CIFS.

Domain: Enter the domain name to which the username defaults if the username for the URL cannot be resolved. Variables are not supported.

password: The user is logged in automatically when the user navigates to the site from the Sites screen. This feature is applicable for CIFS and WebDAV sites only on Ivanti EPMM.

$PASSWORD$ value is available only when admin enables "Save User Password" option on the device registration settings on Ivanti EPMM and user is registered to [email protected] Client. For more information, Ivanti EPMM documentation for its usage. The $PASSWORD$ option is not available for Ivanti EPMM.

Examples:

{"https://sharepoint.miacme.com": {"domainType":"SharePoint","userName":"miacme/$USERID$"},"default":"miacme.com/$USERID$"}

{"https://sharepoint.miacme.com":{"domainType":"SharePoint","userName":"miacme\\$USERID$"},"default":"miacme.com\\$USERID$"}

{"default": "domain/$USERID$"}{"https://cifs.company.com:445": {"domainType": "CIFS","userName": "$USERID$","password":"$PASSWORD$"}}

Copying and pasting JSON strings might result in invalid JSON. Ivanti recommends that you validate the JSON string before using it. There are validator tools such as JSONLint (jsonlint.com) that will help validate the JSON string.

Custom browser applications rather than default Safari browser

http_prefix

  • mibrowser: URLs starting with http:// are opened in [email protected]
  • http: URLs starting with http:// are opened in Safari.
  • googlechrome: URLs starting with http:// are opened in Google Chrome.

Allows users to tap on a URL starting with http:// and view the site in a browser. If the key-value pair is not configured, users will not be able to view an http link in a browser.

If the key-value pair is not configured, http:// links are not opened in any browser.

Ivanti recommends that both HTTP_PREFIX and HTTPS_PREFIX are configured. If only one URL scheme is configured, the unconfigured URL scheme will not be opened in any browser, thus impacting user experience.

https_prefix

  • mibrowsers: URLs starting with https:// are opened in [email protected]
  • https: URLs starting with https:// are opened in Safari.
  • googlechrome: URLs starting with http:// are opened in Google Chrome.

Allows users to tap on a URL starting with https:// and view the site in a browser. If the key-value pair is not configured, users will not be able to view an https link in a browser.

If the key-value pair is not configured, https:// links are not opened in any browser.

Ivanti recommends that both HTTP_PREFIX and HTTPS_PREFIX are configured. If only one URL scheme is configured, the unconfigured URL scheme will not be opened in any browser, thus impacting user experience.

Apply SSO label to add SharePoint site flow

apply_sso_label

  • true
  • false

Changes the NoAuthn label to Corporate single sign-on (SSO) in [email protected] The NoAuthn option is seen in the Authentication settings for SharePoint sites in [email protected] There is no functional change.

Share PDF documents

ENABLE_PDF_DOCUMENT_DEFINE

  • true
  • false

Makes the Share option available for PDF documents.

Default to Polaris Viewer instead of iOS Native Viewer

enable_polaris_viewer

  • true
  • false

Use this key-value pair to set the [email protected] embedded viewer as default instead of iOS Native viewer.

Enable Polaris document content share

ENABLE_POLARIS_DOCUMENT_CONTENT_SHARE

  • true
  • false

Makes the Share option available for Microsoft Office documents in Polaris editor, regardless of whether Copy/Paste is enabled in AppConnect policy.

This key-value pair is case sensitive.

Load/Authentication SharePoint for WebView

ENABLE_WEBVIEW_AUTHENTICATION

true

false

Use this key-value pair if the SharePoint server is not set up to use persistent authentication cookies and users encounter issues with opening WebView for SharePoint sites.

This key-value pair is case sensitive.

 

Custom email app such as Email+ client

mailto_prefix

To open Email+, use:

email+launcher://docsatwork?url=mailto:

To open IBM verse, use

ibmverse://com.ibm.lotus.traveler/mailto?to=

To open SecurePIM, use

spmailto:

Brings up the email client for which the schema is configured in mailto_prefix.

Use this key-value pair to open the email client for which the schema is configured in mailto_prefix.

Support for third party email client enabled.

Enable Certificate Based Authentication (CBA)

IdCertificate_1_host

  • IdCertificate_1_host
  • IdCertificate_1

Use this key-value pair to enable the certificate-based authentiation (CBA).

For example:

cert_hostname such as (defender.stutz.qa.domain.com) SharePoint

client-scep using authentication type.

This key-value pair is case sensitive.

Enable Certificate Authorities

known_ca_<n>_<m>

  • id_certificate_n
  • id_certificate_n_host

Support for private certs in id_Certificate_<n> if the root cert(s) is provided with the kvp known_ca_<n><m>.

Display SharePoint title for files and folders

show_title

  • true
  • false

Displays user friendly title for files and folders in SharePoint.

Use the following values to set the key-value pair:

  • true: Enables title display.
  • false: Disables title display.

The default value is set to false.

Allow sending analytics from [email protected] to Mixpanel and Crashlytics

allow_analytics

  • true
  • false

Use the following values to set the key-value pair:

If the key-value pair is not defined in the configuration, allow_analytics is set to true by default.

Enable watermarks when viewing documents

watermark_text

Use a user identifying variables a values such as, $USERID$ and $EMAIL$.

Displays a diagonal watermark text (provided by the administrator) over all the documents viewed or edited using [email protected]

Allow document sharing from [email protected]

mi_enable_doc_sharing

  • true
  • false

Use this key-value pair to enable the [email protected] document sharing feature. Multiple file sharing from same folder is enabled in [email protected] using extension. Multi-select option is available for the following folders:

  • My Files
  • Recent
  • Offline folders

The default value is set to false, and must be set to true to enable document sharing.

Allow document sharing from [email protected] for AppConnect apps

MI_SHARED_GROUP_ID

A unique, sufficiently complex alphanumeric string

This key manages the decryption of documents from [email protected] extension. Once this key is set in [email protected] configuration, only the apps having the identical key value in their configuration would be able to decrypt the documents from [email protected] Extension.

This is an optional key.

The key is case sensitive. Enter the key in uppercase.

IMPORTANT: Configure mi_enable_doc_sharing with value true to enable document sharing.

MI_AC_ACCESS_CONTROL_ID

A unique, sufficiently complex alphanumeric string

This key manages the access control between the apps. Once this key is set in [email protected] configuration, only the apps having the identical key value in their configuration would be able to access the documents from [email protected] Extension.

Ensure that the key-value pair is configured in the Email+ configuration as well and that the value is identical (including case) in both [email protected] and Email+ configurations.

The key is case sensitive. Enter the key in uppercase.

IMPORTANT: Configure mi_enable_doc_sharing with value true to enable document sharing.

Allow document sharing from [email protected] for non AppConnect apps

MI_AC_DOCUMENT_EXTENSION_DLP

  • Sentry
  • All

This key allows the admin to add attachements when you compose mail using Email+ or anyother email client.

This key is applicable while sharing documents from [email protected] with non AppConnect apps.:

Sentry: The documents are encrypted using Sentru attachement control key.

All: The attachements are not encryptyed and are sent as plain text.

The key is case sensitive. Enter the key in uppercase.

block_unmanaged_extension

  • true
  • false

Allows the admin to block or unblock unmanaged versions of [email protected] from exposing the document extension to all the apps. Default is set to false. If an admin wants to restrict the document sharing extension to only managed apps, then the block_unmanaged_extension key should be set to true. In addition to this, a separate configuration parameter IS_MANAGED should be set to true via the iOS MDM managed configuration. A sample of sample of managed app configuration is as follows:

<?xml version=“1.0” encoding=“

UTF‐8"?>

<!DOCTYPE plist PUBLIC “‐//

Apple//DTD PLIST

1.0//EN” “http://www.apple.com/

DTDs/PropertyList‐1.0.dtd“>

<plist version=“1.0”>

<dict>

<key>IS_MANAGED</key>

<true/>

</dict>

</plist>

IS_MANAGED

  • true
  • false

Set this key to true if you want to restrict extension only to managed apps .

A sample.contents of managed app is as follow:

<?xml version=“1.0” encoding=“UTF-8"?>

<!DOCTYPE plist PUBLIC “-//Apple//DTD PLIST 1.0//EN” “http://www.apple.com/DTDs/PropertyList-1.0.dtd“>

<plist version=“1.0”>

<dict>

<key>IS_MANAGED</key>

<true/>

</dict>

</plist>

The default values is set to False.

Custom keyboards

MI_AC_IOS_ALLOW_CUSTOM_KEYBOARDS

  • true
  •  

This key allows the admin to enable or disable the use of custom keyboards. This key is enabled for AppConnect. This is case sensitive.

true: [email protected] allows the use of custom keyboards

false: [email protected] does not allow the use of custom keyboards.

Default if key-value is not configured: true.

This key-value pair is case sensitive.

AppConnect logs

MI_AC_LOG_LEVEL

  • Error
  • Info
  • Verbose
  • Debug

Specifies the level of logging from the least to the most verbose.

Default if key-value is not configured: true.

MI_AC_LOG_LEVEL_CODE

Any string

Underspecification prompted in [email protected] to activate AppConnect logs

MI_AC_ENABLE_LOGGING_TO_FILE

  • Yes
  • No

Enables collecting AppConnect logs to a file in [email protected]

Allow digital signature for PDF

signing_certificate

Certificate

This key allows the admin to enable or disable the use of digital signature for PDF forms in [email protected] added.

To enable digital signature add signing_certificate to [email protected] configuration to provide the certificate in .p12 format used for PDF signing.

signing_certificate_ca_(n)

Certificate

This key allows the admin to add multiple Certificate Authorities to trusted CA’s.

If the signing_certificate is not issued by the CA which is not publicly trusted. The certificate must be DER-encoded.

Where, the value of n can be 0 to 9.

For example:

signing_certificate_ca_0,

signing_certificate_ca_1.

Miscelleneous

document_menu_restricted_items

  • define
  • lookup

This key allows the admin to fix the text data leak from [email protected] document view or edit when you perform the Define and LookUp functions.

For example:

document_menu_restricted_items = define|lookup

disable_slideshow_autolock

  • yes
  • no

This key prevents the device screen from getting locked during Microsoft PowerPoint presentation after Auto Lock timeout.

group_offline_files

  • true
  • false

Grouping offline files based on file path feature is added. To enabled this key set the "group_offline_files" key value to true in [email protected] key-value pairs. The default value of this KVP is false.

Offline file grouping is only for the [email protected] and not for the file shown in the extension. After upgrade, if KVP is set to true, all offline files appear grouped.

filepass_key_identifier

A unique, sufficiently complex alphanumeric string.

This key allows admin to enable sharing documents securely between [email protected] and Microsoft IntuneMAM protected Office365 apps through FilePass.

The value for this key-value pair needs to be same for the all the supported productivity apps ([email protected], Email+, and FilePass) participating in File Sharing with Microsoft Office 365 apps.

disable_download_upload_autolock

  • true
  • false

This key allows admin to disable device auto-lock during download or upload. The default values is set to False.

allow_filename_special_characters

  • true
  • false

This key allows admin to enable special characters in the file name for a new folder or file created in [email protected] The following special characters are allowed in the file names: ~`#%^+;={}[],.'

Uploading files with special characters may not work for all the sites.