Web@Work features

iOS and Android versions of Web@Work support the same core functionality. However, some features of Web@Work may be specific to only one or the other operating system. Web@Work has the following features.

Web@Work does not currently support video streaming.

Web@Work Feature

Platform Support

Description

Secure access to websites hosted on servers behind your firewall, without requiring the device user to use VPN

Android

Web@Work uses AppConnect and AppTunnel capabilities to provide this secure access.

You can use Web@Work without purchasing AppConnect for third-party or in-house apps and without purchasing AppTunnel.

Configuration: See Enabling Web@Work

Support for Single Sign On using Kerberos Constrained Delegation (KCD)

Android

Device users register Mobile@Work with Core by entering their Ivanti credentials. They can then use Web@Work to access an enterprise app server without having to enter any further credentials. This support depends on the environment being set up to use KCD, and the necessary AppTunnel configuration.

See “Authentication using an identity certificate and Kerberos constrained delegation” in the Sentry Guide.

Admin-specified bookmarks

Android

Web@Work supports bookmarks that you specify on the Admin Portal.

Configuration: See Enabling Web@Work.

User-specified bookmarks

Android

Device users can add, name, and remove bookmarks that they create.

Device users cannot delete or edit bookmarks that you specify in the Admin Portal.

On iOS, device users can organize their bookmarks so that they display between bookmarks that you specified.

Ability to provide different Web@Work-related settings to different devices and users

Android

By using Core’s labels, you can provide different Web@Work-related settings to different devices and users, depending on, for example, device attributes and user membership in the enterprise directory.

See “Using labels to establish groups” in the Core Device Management Guide or Connected Cloud Device Management Guide.

Web content presentation and interaction similar to Safari

iOS

Because Web@Work uses iOS web technologies, Web@Work automatically inherits any related iOS security updates that are installed on the device.

Web content presentation and interaction similar to Google Chrome.

Android

Web@Work for Android uses the Chromium engine.

Browser data is encrypted while the device is locked with a passcode

iOS

This data includes the browser cache, HTML5 local storage, cookies, URL history, and bookmarks.

The security policy must require a device passcode on the iOS device to enable browser data encryption.

Prevent device user from opening a document in another app

iOS

This behavior protects secure documents from leaking to unsecured apps.

The behavior is controlled by the AppConnect global policy or AppConnect container policy.

User can open documents only in other secure apps.

Android

All Android secure apps have this behavior.

Prevent the device user from pasting into other apps any data that the user copied from Web@Work

iOS

You can choose whether data can be copied from Web@Work to:

  • no other apps
  • any other app
  • only other AppConnect apps

This behavior is controlled by the Copy/Paste To field of the AppConnect global policy or AppConnect container policy.

These restrictions do not impact pasting data into Web@Work from other apps. For example, a device user can copy a URL from an unsecured app and paste it into the Web@Work address bar.

Also see: Configure an AppConnect container policy for Web@Work

Prevent copy and paste between Web@Work and other apps.

Android

You can choose whether data can be copied and pasted between Web@Work and:

  • any other app
  • only other AppConnect apps
  • only within Web@Work itself

This behavior is controlled by the AppConnect global policy for all AppConnect apps.

URL schemes that open web pages automatically, and only, in Web@Work

iOS

See Web@Work URL schemes (iOS only)

Encrypt downloaded documents and prevent sharing them outside of the secure container

Android

Screen capture can be disabled, as well. These behaviors protect documents from leaking to non-secure apps.

Delete downloaded documents based on device compliance status

Android

Downloaded documents are automatically wiped from the device in the following cases:

  • The device has been out of contact for the specified amount of time.
  • The device is retired.

Whitelist and blacklist URL filtering

Android

Using key-value pairs, you can configure a blacklist to block URLs, and a whitelist as an exception to blacklisted URLs.

Custom messages for blacklisted URLs

Android

Using a key-value pair, you can provide custom warning messages that appear when Web@Work navigates to a blacklisted URL.

Configurable Home Page

Android

Using a key-value pair, you can specify a URL to be loaded as the home page when the user opens a new tab.

The home page URL will be loaded automatically only if there are no defined company bookmarks.

Configurable product name (user agent)

Android

Using a key-value pair, you can change the product’s user agent name that is visible to web servers.

Form-based auto-fill and HTTP authentication

Android

Using key-value pairs, you can configure Web@Work to enable saving data and/or passwords that users enter on forms, and on HTTP authentication forms.

User can clear cached data

Android

The user can clear cached data in the Privacy menu, including clearing the cache, history, cookies and data, auto-fill form data, passwords, location access, and camera access.

User can save preferences for location sharing

Android

Users can save their preference for sharing their location on a per-website basis, and clear their choice in the Privacy menu.

View web pages in desktop mode

Android

Using a key-value pair, you can enable users to view the desktop versions of web pages instead of the mobile versions.

Prevents opening multiple tabs

 

Android

Web@Work for Android has an option that prevents it from opening extra tabs, which is applicable only for AppConnect-enabled apps.

If a third-party app (such as an AppConnect-enabled app) sends the EXTRA_APPLICATION_ID when it launches the Web@Work browser, the Web@Work app will create a tab associated with the third-party app.

All links launched in the third-party app will be opened in an associated tab.