Main configuration steps for Ivanti Email+ for Android AppConnect (Ivanti EPMM)

Following are the main steps for configuring and deploying Email+ for Android AppConnect on Ivanti EPMM:

  1. Adding Ivanti Email+ for Android AppConnect and Secure Apps Manager to Ivanti EPMM.
  2. Enabling third-party AppConnect apps in Ivanti EPMM.
  3. Configuring the AppConnect global policy in Ivanti EPMM.
  4. Configuring the AppConnect container policy in Ivanti EPMM.
  5. Configuring an AppConnect app configuration for Ivanti Email+ in Ivanti EPMM.
  6. Configuring email attachment control with Standalone Sentry in Ivanti EPMM. (For Standalone Sentry deployments only)

Adding Ivanti Email+ for Android AppConnect and Secure Apps Manager to Ivanti EPMM

You add Email+ and Secure Apps Manager (SAM), in the same manner you would add any other Android in-house app. After adding the apps to Ivanti EPMM, you can distribute the apps to devices by applying the apps to labels that contain the devices you want to distribute the apps.

Procedure 

  1. In the Ivanti EPMM Admin Portal, go to Apps > App Catalog > Add+ > In-House. (Prior to Ivanti EPMM 8.0 go to Apps > App Distribution Library, and select Add App).
  2. Add the apps just as you would any in-house app. Add SAM if you have not already uploaded it to support other secure apps.
  3. After adding the apps, apply the apps to appropriate labels so that they are available to the required devices.

Next steps 

Continue on to Enabling third-party AppConnect apps in Ivanti EPMM.

For information on adding in-house apps for Android, see “Working with Apps for Android devices” in the Ivanti EPMM Apps@Work Guide.

Enabling third-party AppConnect apps in Ivanti EPMM

Email+ requires that you enable the licensing option for third-party and in-house AppConnect apps.

Procedure 

  1. In the Ivanti EPMM Admin Portal, go to Settings > System Settings.
  2. Click Additional Products > Licensed Products.
  3. Select AppConnect For Third-party And In-house Apps if your organization has purchased it.
  4. Click Save.

Next steps 

Continue to Configuring the AppConnect global policy in Ivanti EPMM.

Configuring the AppConnect global policy in Ivanti EPMM

Because Email+ for Android is an AppConnect app, you need to configure an AppConnect global policy (if one has not already been configured). This policy specifies settings that apply to all AppConnect apps on a device. For example, you configure the AppConnect passcode requirements.

Make sure only one AppConnect global policy applies to each device.

On the AppConnect global policy, you can authorize device users to use Email+ even if no AppConnect container policy is applied to the device.

Procedure 

  1. In the Ivanti EPMM Admin Portal, go to Policies & Configs > Policies.
  2. Select Add New > AppConnect. You can also use an existing AppConnect global policy. Select it, and click Edit.
  3. Complete the form. Most fields default to suitable values, but make sure that you select AppConnect: Enabled to enable AppConnect on the device.
  4. Click Save.
  5. Select the policy.
  6. Select Actions > Apply To Label.
  7. Select the labels to which you want to apply this policy.
  8. Click Apply.

Next steps 

Continue to Configuring the AppConnect container policy in Ivanti EPMM.

For general details on the AppConnect global policy, see “Configuring the AppConnect global policy” in the Ivanti AppConnect for Ivanti EPMM Guide and Ivanti Tunnel for Android Guide.

Configuring the AppConnect container policy in Ivanti EPMM

This task is only required:

  • If you did not select Authorize for Apps without an AppConnect container policy, in the AppConnect Global Policy.
  • If you want to apply different data loss prevention policies to different devices. When you upload Email+ to Ivanti EPMM, Ivanti EPMM automatically creates an AppConnect container policy for the app. Create an AppConnect container policy, if you want to apply different settings to different devices.
  • Make sure only one AppConnect container policy for Email+ is applied to each device.
  • Ivanti EPMM keeps in sync the labels that you apply to the app and the labels that you apply to the AppConnect container policy that Ivanti EPMM automatically created.

When you apply Email+ to a label, Ivanti EPMM automatically adds the same label to the automatically-created AppConnect container policy. Be sure to remove that label from the automatically-created AppConnect container policy if you are using that label on a manually created AppConnect container policy.

Procedure 

  1. In the Ivanti EPMM Admin Portal, go to Policies & Configs > Configurations.
  2. Click Add New > AppConnect > Container Policy.
  3. Alternatively, edit the automatically-created AppConnect container Policy for Email+.
  4. Enter a name for the policy.
  5. Enter a description for the policy.
  6. In the Application field, choose the Email+.
  7. Select Allow Screen Capture if you want to override the default restriction on screen capture.
  8. The remaining settings do not apply to Android. Also, the ability to open a document is always restricted to the secure container on Android devices.
  9. Click Save.

Next steps 

Applying the container policy to labels in Ivanti EPMM

Do these steps if you created a new AppConnect container policy.

Procedure 

  1. Select the container policy.
  2. Select Actions > Apply To Label.
  3. Select the labels to which you want to apply this policy.
  4. Click Apply.

Next steps 

Continue to Removing labels from the automatically-created AppConnect container policy in Ivanti EPMM.

Removing labels from the automatically-created AppConnect container policy in Ivanti EPMM

Do these steps if you are not using the automatically-created AppConnect container policy.

Procedure 

  1. Select the automatically-created AppConnect container policy.
  2. Select Actions > Remove From Label.
  3. Select any labels that you applied to the AppConnect container policy that you just created.
  4. Click Remove.

Next steps 

Continue to Configuring an AppConnect app configuration for Ivanti Email+ in Ivanti EPMM.

Configuring an AppConnect app configuration for Ivanti Email+ in Ivanti EPMM

When you add Email+ for Android AppConnect, an AppConnect app configuration is automatically created for Email+. You can create a new AppConnect app configuration if you want to apply different settings to different devices. Otherwise, edit the automatically-created AppConnect app configuration to configure the ActiveSync server information and other settings that you want to customize.

The AppConnect app configuration for Email+ for Android AppConnect contains information such as:

  • The fully qualified domain name and user ID for the ActiveSync server.
    • Certificate information.
    • Key-value pairs that determine the app’s settings and behavior.

The default configuration contains the bundle ID for the app and a set of default key-value pairs that can be edited or deleted. You can also configure additional key-value pairs.

Make sure only one AppConnect app configuration for Email+ is applied to each device.

Always set the value of the email_device_id key to $DEVICE_UUID_NO_DASHES$. Standalone Sentry uses this key-value pair for ActiveSync correlation.

Procedure 

  1. In the Ivanti EPMM Admin Portal, go to Policy & Configs > Configurations.
  2. Select the automatically-created AppConnect app configuration for Email+ for Android, and click Edit.
  3. Edit the configuration as needed.

  4. Click Save. The automatically-created app configuration has the same labels you applied to the app. You do not need to apply the automatically-created app configuration to a label.

Creating a new AppConnect app configuration for Ivanti Email+ for Android

Create a new AppConnect app configuration by saving the automatically created AppConnect app configuration for Email+ if you want to apply different settings to different devices.

Procedure 

  1. In the Admin Portal, go to Policy & Configs > Configurations.
  2. Select the automatically created AppConnect app configuration for Email+.
  3. Click Actions > Save As and save it as a new configuration.
  4. Enter a new name and description for the configuration.
  5. Edit the configuration as needed.
  6. Click Save.
  7. Select the new AppConnect app configuration.
  8. Select Actions > Apply To Label.
  9. Select the labels to which you want to apply this AppConnect app configuration.
  10. Click Apply. The automatically-created app configuration is automatically applied to the same labels you applied to the app. However, only one app configuration should be applied to any one device. Therefore, remove the labels from the automatically-created app configuration.
  11. Select the automatically-created AppConnect app configuration.
  12. Select Actions > Remove From Label.
  13. Select any labels that you applied to the AppConnect app configuration that you just created.
  14. Click Remove.

AppConnect app configuration field descriptions

The following table provides description of the fields in an AppConnect app configuration for Email+ for Android.

Table 2.  AppConnect app configuration field descriptions

Item

Description

Name

Edit the default name if necessary.

The name is not the same as the name that appears in the name column in Policy & Configs > Configurations.

Description

If necessary, edit the text to clarify the purpose of this AppConnect app configuration.

Application

Email+ is selected.

AppTunnel Rules

To configure AppTunnel for Android AppConnect, see Configuring Email+ with AppTunnel for Android AppConnect.

Email+ app might use AppTunnel as VPN if the email_exhcnage_host KVP is set as the ActiveSync server and if this server is not accessible from public network.

AppTunnel is not used if Standalone Sentry used in the email_exchange_host KVP. If you are using a Standalone Sentry, all communication with the ActiveSync server is through a secure connection to the Standalone Sentry.

App-specific Configurations

Add key-value pairs to configure app behavior.

The automatically-created app configuration for Email+ contains a set of default key-value pairs. Each key-value pair is configured as a separate row. Do the following:

  • For the Value of the email_exchange_host Key, enter the fully qualified domain name (FQDN) of the ActiveSync server, or the Standalone Sentry server if you are using a Standalone Sentry.
  • Edit the default key-value pairs as necessary.
  • To add a key-value pair, click Add+ .
  • To delete a key-value pair, click X.

The following key-value pairs are required:

  • email_address
  • email_device_id
  • email_exchange_host
  • email_exchange_username

Configuring email attachment control with Standalone Sentry in Ivanti EPMM

This is only required if attachment control is enabled in Standalone Sentry.

Procedure 

  1. In the Ivanti EPMM Admin Portal, go to Services > Sentry.
  2. Select the Standalone Sentry that handles email for the devices.
  3. Click the edit icon.
  4. In the Attachment Control Configuration section, for iOS and Android Using Secure Email Apps, select Open With Secure Email App.
  5. Click Save.

See “Email Attachment Control with Standalone Sentry” in the Ivanti Sentry Guide for Ivanti EPMM.