Multiple ActiveSync email accounts on a registered device
Ivanti Standalone Sentry and Integrated Sentry support multiple email accounts on the same device for the following use cases:
•The device user requires access to another user’s email account.
•The device user is a member of a group and requires access to the group’s email account.
•ActiveSync server: The email accounts must exist on the same type of ActiveSync server. Ivanti Standalone Sentry does not support syncing email accounts that are on different types of ActiveSync servers, for example, an email account on a Gmail server and another account on an Microsoft Exchange server, on the same device.
•Security policy: Since security policies are applied to the device, if the device is not in compliance, all ActiveSync email accounts on the device are blocked. If the same email account is available on a second device that is in compliance, the user of the second device continues to have access to the email account.
Whether the security policy or the ActiveSync policy takes precedence depends on the device. There are no changes to this behavior.
•ActiveSync policy: We recommend applying the an ActiveSync policy to only one email account on the device. If multiple email accounts are configured on a device and a different ActiveSync policy is applied to each account, it is difficult to determine which ActiveSync policy is applied to an email account.
•Device: The device must be registered on Ivanti EPMM.
| - | For supported devices, see Multi Mailbox in the Email Client Support Matrix . |
•User: The user of the email account, must be registered on Ivanti EPMM. If the user is not registered, do one of the following:
| - | Create a local user account for the user. For instructions on how to add a local user account, see “Adding Local Users in Admin Portal” in the Ivanti EPMM Device Management Guide. |
| - | Alternately, log into the User Portal with the LDAP credentials for the user. For more information on how to log into User Portal, see “User Portal” in the Ivanti EPMM Device Management Guide. |
•Android devices: You can apply up to two Exchange settings for each device. The device must be running Mobile@Work when it receives the configuration.
| - | On the device, both mailboxes appear in a single email app. The email app is determined by 1) the email app’s priority as specified in the Exchange setting’s Exchange App Priority, and 2) the email app’s availability on the device. For example, if both Samsung Native Email and Email+ are available on the device, the app with the highest priority is used. |
Options > Email Status is not supported for multiple ActiveSync accounts.
Methods for adding additional email accounts
You can add additional ActiveSync email accounts in one of the following ways:
•Pushing additional email account to the device.
•Manually add email account to device.
To access the email account, the device user will require the password for the email account.
Pushing additional email account to the device
In this method for adding additional email accounts to a registered device, no actions are required by the device user. However, this method requires modifying the attributes for the device user in Active Directory.
Before you begin
Manually modify the ExtensionAttributes for the device user in Active Directory. For extensionAttribute1 enter the username of additional email account, and for extensionAttribute2 enter the email address of the additional email account.
For detailed instructions see the How to Add Multiple EAS Accounts to a Single Device knowledge base article.
Overview of steps on Ivanti EPMM
| 1. | Mapping the custom attributes created in AD to LDAP settings. |
| 2. | Sync with LDAP.. |
| 3. | Create new Exchange setting. |
| 4. | Create new label. |
| 5. | Apply Exchange setting to label. |
| 6. | Apply device user to label. |
Procedure
| 1. | Mapping the custom attributes created in AD to LDAP settings |
In the Admin Portal, go to Settings > LDAP.
Select the LDAP setting and click the edit icon.
For Custom 1, enter extensionAttribute1. For Custom 2, enter extensionAttribute2.
Save the edited LDAP setting.
| 2. | Sync with LDAP. |
In the Admin Portal, go to Users & Devices > Users.
Click Resync With LDAP.
Wait for the LDAP sync to complete.
To verify, click on the System Manager link.
In the system manger, go to Troubleshooting > Service Diagnostic > LDAP Sync History.
| 3. | Create new Exchange setting |
In the Admin Portal go to Policies & Configs > Configurations.
Click Add New > Exchange.
Enter the information requested.
In the ActiveSync User Name field, enter $USER_CUSTOM1$.
In the ActiveSync User Email field, enter $USER_CUSTOM2$.
Except for the ActiveSync UserName and ActiveSync User Email fields, you may want to configure the new Exchange setting with the same information you used for the Exchange profile you are currently pushing to the devices.
Click Save.
| 4. | Create new label |
In the Admin Portal go to Users & Devices > Labels.
Click Add Label.
Enter the information requested.
Click Save.
| 5. | Apply Exchange setting to label |
In the Admin Portal go to Policies & Configs > Configurations.
Select the Exchange setting.
Click More Actions > Apply to Label.
In the Apply To Label dialog, select the label you created.
Click Apply.
| 6. | Apply device user to label |
In the Admin Portal, go to Users & Devices > Devices.
Select the device to which the email account will be added.
Click Actions > Apply to Label.
In the Apply To Label dialog, select the label you created.
Click Apply.
The email account is pushed to the device when it syncs.
No actions are required by the device user.
To access the email account, the device user requires the password for the email account.
For information on how to create an Exchange setting, see “Exchange settings” in the Ivanti EPMM Device Management Guide.
Manually add email account to device
To manually add the email account, the device user will require the following information:
•The username and password for the ActiveSync email account.
•The Sentry FQDN (or the external name of your Standalone Sentry).
You do not need to make any changes to AD or Ivanti EPMM.
When setting up the additional email account on the device, for the server address, enter the Standalone Sentry FQDN or the external name of your Standalone Sentry.
If your Standalone Sentry is set to Auto Block Unregistered(unlinked) Devices
In the Admin Portal, Services > Sentry > Preferences, if Auto Block Unregistered(unlined) Devices is set to Yes, you may get a verification failure when you are setting up the additional email account. If you do, save the settings anyway.
After adding the account on the device, go to the Admin Portal, Devices & Users > ActiveSync. Search for the username of the account you just added, select the entry, and click Allow.