Key-Value Pairs for iOS

Certain features in [email protected] for iOS can be configured by applying Key-Value Pairs (KVPs) in Custom Configurations field in App-config on Ivanti EPMM. The following table lists the features that are configurable via KVPs:

Key

Value

Description

Enable resubmitting credentials during NTLM authentication

NtlmAuthRetryOnIos8OrNewer

1

Set to avoid repeated prompts during NTLM authentication for iOS 8 devices and newer devices.

Configuration of user certificates

IdCertificate_1

Certificate name

Sets the certificate to be used for authentication. There can be any number in the key - it is used to bind with IdCertificate_x_host.

 

IdCertificate_1_host

Certificate host

Sets the host for authentication with the user certificate.

Credentials auto-fill

allow_passwords_autofill

true

false

or

yes

no

Allows to disable credentials auto-fill, which is enabled by default if this KVP is not set.

allow_password_autofill

true

false

or

yes

no

Allows to disable credentials autofill, which is enabled by default if this KVP is not set (just renaming of KVP). This KVP should be used for [email protected] 2.0 and higher.

allow_form_autofill

YES

Form-based autofill is disabled by default, use allow_form_autofill : YES

respect_form_autocomplete_attribute

true

false

or

yes

no

Allows autofilling credentials from login forms where autocomplete=“off” is set.

In KVP it should be set to false or no.

Send feedback functionality

feedback_email_address

[email protected]

Enables sending feedback and sets email address where feedback should be sent

log_files_limit

Any number

Sets the number of log files that are created. Put "0" for unlimited.

Default value is 10.

use_emailplus_application_for_feedback

true

false

Enables sending feedback via Email+.

Default value is false.

AppConnect logs

MI_AC_LOG_LEVEL

Error

Info

Verbose

Debug

Specifies the level of logging from the least to the most verbose.

MI_AC_LOG_LEVEL_CODE

Any string

Underspecification prompted in [email protected] to activate AppConnect logs.

MI_AC_ENABLE_LOGGING_TO_FILE

Yes

No

Enables collecting AppConnect logs to a file in [email protected]

Customized user-agent and web-kit version

webkit_version

"537.51.2" to simulate iOS 7

"600.1.4" to simulate iOS 8

Specifies web kit version for web-pages.

Set Divide/Email+ as default app to open mailto links

mailto_prefix

  • email+launcher://mibrowser?url=mailto:
  • dividelauncher://mibrowser?url=mailto:

Sets Email+ as default app to open mailto links.

Sets Divide as default app to open mailto links.

You can share a URL through an email client.

Disable strict SOP

strict_same_origin_policy

true

false

or

yes

no

Disables enforcing strict Same Origin Policy.

Default value is "true"

Enabling/disabling copy and paste for Service Provider

forbid_loading_about_blank

yes

no

Enabling copy/paste for specific service provider.

Disable skipping of loading of about:blank for child elements Enables possibility to paste copied text into specific form on Service Provider -> Profile. Default value is "no".

Disables skipping of loading of about:blank for child elements.

Set homepage

home_page

URL, for example: http://www.yahoo.com

Sets homepage for each new tab.

Set expiration period for autofill

password_autofill_expire

Xh, for example: 4h

Sets expiration period for auto filled credentials.

h - is optional

Applicable for both login forms and http based authentication.

Enable custom keyboards

MI_AC_IOS_ALLOW_CUSTOM_KEYBOARDS

true

false

true: allows the use of custom keyboards

false: does not allow the use of custom keyboards.

Default if key-value is not configured: true.

Skip percent encoding of ";" in URL Path

skip_percent_encode_for_semicolon_in_URL

true

false

or

yes

no

(case insensitive)

Skip percent encoding of ";" character in URL Path component.

Default value is yes

Handle DOM Mutations after Initial document load

handle_DOM_mutations_after_intial_document_load

true

false

or

yes

no

(case insensitive)

Handles Document Object Model (DOM) mutations like adding "new child" or perform attribute change after initial document load.

Default value is yes.

Defer JavaScript location changes for child window

defer_javascript_location_changes

true

false

or

yes

no

(case insensitive)

Defer JavaScript location changes for child window until first argument of window.

Open call is completely loaded in child window.

Default value is yes.

Disable Window Body Unload event listener

disable_window_body_onunload_event_listener

true

false

or

yes

no

(case insensitive)

Disables window body unload event listener for the window and for all the frame windows in the page.

Default value is yes.

Remove sensitive user browser data (History, cache, Form-data, cookies, Pasteboard, saved-password )

clear_user_data_after_duration_in_minutes

Value in minutes

Remove user's sensitive data after certain time interval as specified by the user from Ivanti EPMM.

By default the functionality is disabled.

Valid range is 15 - 10080 (in minutes).

Any out-of-range value disables this feature.

Ignore errors while loading any internal resources and embedded frames in a web page

ignore_errors_in_resources_and_embedded_frames

true

false

or

yes

no

(case insensitive)

Setting "ignore_errors_in_resources_and_embedded_frames" KVP to YES will ignore any errors while loading internal resources or embedded frames and will not result in a complete page error.

The default value is no.

Inject FastClick javascript library in [email protected] for all web pages

inject_fastclick_js_library

true

false

or

YES

NO

(case insensitive)

By default FastClick javascript library injection is disabled, and the value is set to "NO"

If the value for this key is set to "YES", it will inject FastClick javascript library for all the web pages being loaded in [email protected]

Enable search results feature in [email protected] address bar

enable_search_results_feature_in_addressbar

true

false

or

YES

NO

(case insensitive)

Setting "enable_search_results_feature_in_addressbar" to "YES" enables the search results feature in the address bar.

If this feature is enabled and you type some word in the address bar (which is not a URL) and then press Enter, [email protected] will show search results from search engines such as Google.

If this feature is disabled [email protected] will consider the typed string as URL and will try to load the page.

Enable resetting of scaling of web page after document loading completes

enable_resetting_scale_to_fit_for_scaling_webpage

true

false

or

YES

NO

(case insensitive)

The default value is "YES".

If the value for this key is set to "NO" there will be no resetting of scaling of a web page after document loading completes.

Set MixPanel analytics collection ON/OFF

allow_analytics

true

false

Administrators can enable or disable analytics collection depending on set value. To disable Mixpanel, enter the following:

Key: allow_analytics

Value: false

Mixpanel is enabled by default if the key-value pair is not configured.

browser_product_name

MISecureBrowser

Allows you to configure product name in user agent string. If the key-value pair is not present in the [email protected] configuration , then the user agent string will have "MobileIron" as the product name by default.

The value for the key "browser_product_name will replace the string "MobileIron" from the user agent string.

Data leak prevention

WEB_RESTRICTED_MENU

  • Lookup
  • Share
  • Lookup will restrict Lookup, Translate, Search Web
  • Share will restrict Share

Each value will restrict multiple items and those cannot be blocked individually. This menu can be restricted on both in WebView and Address Bar. on ios 16. Below iOS 16, options will be blocked only in webview

Miscellaneous

MI_AC_USE_ORIGINAL_COOKIES_FOR_DOMAINS

The value of the KVP must be comma-separated domain names. Do not put in any spaces.

Allow [email protected] to send custom cookies in web requests:

Some web pages inject custom cookies into web requests.

For example, when an end user taps on a link in a web page, the page's JavaScript injects a custom cookie.

If a user makes such a request from a web page displayed in [email protected], by default AppConnect does not include the injected cookies in the web request, which can cause the request to fail. AppConnect now includes the custom cookies in the request if the server administrator includes the following key in the [email protected]'s app-specific configuration on the server: MI_AC_USE_ORIGINAL_COOKIES_FOR_DOMAINS.

The value of the key is a comma-separated string listing the domains for which the custom cookies should be included. Make sure no spaces are included in the value.

For example:

www.somewebsite.com, somename.someotherwebsite.com

enable_java_script_open_window

true

false

Allows [email protected] to enable JavaScript pop-up window.

enable_ipad_desktop_browser

true

false

Allows [email protected] to request desktop version for all the websites on iPadOS 13 devices and later.

ENABLE_RFC_5246

true

false

Administrators can enable or disable RFC 5246 support.

The default value is "true".