Key-Value Pairs for iOS
Certain features in Web@Work for iOS can be configured by applying Key-Value Pairs (KVPs) in Custom Configurations field in App-config on Ivanti EPMM. The following table lists the features that are configurable via KVPs:
|
Key |
Value |
Description |
|---|---|---|
|
Enable resubmitting credentials during NTLM authentication |
||
|
NtlmAuthRetryOnIos8OrNewer |
1 |
Set to avoid repeated prompts during NTLM authentication for iOS 8 devices and newer devices. |
| Configuration of user certificates | ||
|
IdCertificate_1 |
Certificate name |
Sets the certificate to be used for authentication. There can be any number in the key - it is used to bind with IdCertificate_x_host.
|
|
IdCertificate_1_host |
Certificate host |
Sets the host for authentication with the user certificate. |
| Credentials auto-fill | ||
|
allow_passwords_autofill |
•true •false or •yes •no |
Allows to disable credentials auto-fill, which is enabled by default if this KVP is not set. |
|
allow_password_autofill |
•true •false or •yes •no |
Allows to disable credentials autofill, which is enabled by default if this KVP is not set (just renaming of KVP). This KVP should be used for Web@Work 2.0 and higher. |
|
allow_form_autofill |
YES |
Form-based autofill is disabled by default, use allow_form_autofill : YES |
|
respect_form_autocomplete_attribute |
•true •false or •yes •no |
Allows autofilling credentials from login forms where autocomplete=“off” is set. In KVP it should be set to false or no. |
|
Send feedback functionality |
||
|
feedback_email_address |
Enables sending feedback and sets email address where feedback should be sent |
|
|
log_files_limit |
Any number |
Sets the number of log files that are created. Put "0" for unlimited. Default value is 10. |
|
use_emailplus_application_for_feedback |
•true •false |
Enables sending feedback via Email+. Default value is false. |
|
AppConnect logs |
||
|
MI_AC_LOG_LEVEL |
•Error •Info •Verbose •Debug |
Specifies the level of logging from the least to the most verbose. |
|
MI_AC_LOG_LEVEL_CODE |
Any string |
Underspecification prompted in Mobile@Work to activate AppConnect logs. |
|
MI_AC_ENABLE_LOGGING_TO_FILE |
•Yes •No |
Enables collecting AppConnect logs to a file in Web@Work. |
|
Customized user-agent and web-kit version |
||
|
webkit_version |
•"537.51.2" to simulate iOS 7 •"600.1.4" to simulate iOS 8 |
Specifies web kit version for web-pages. |
|
Set Divide/Email+ as default app to open mailto links |
||
|
mailto_prefix |
|
Sets Email+ as default app to open mailto links. Sets Divide as default app to open mailto links. You can share a URL through an email client. |
|
Disable strict SOP |
||
|
strict_same_origin_policy |
•true •false or •yes •no |
Disables enforcing strict Same Origin Policy. Default value is "true" |
|
Enabling/disabling copy and paste for Service Provider |
||
|
forbid_loading_about_blank |
•yes •no |
Enabling copy/paste for specific service provider. Disable skipping of loading of about:blank for child elements Enables possibility to paste copied text into specific form on Service Provider -> Profile. Default value is "no". Disables skipping of loading of about:blank for child elements. |
|
Set homepage |
||
|
home_page |
URL, for example: http://www.yahoo.com |
Sets homepage for each new tab. |
|
Set expiration period for autofill |
||
|
password_autofill_expire |
Xh, for example: 4h |
Sets expiration period for auto filled credentials. h - is optional Applicable for both login forms and http based authentication. |
|
Enable custom keyboards |
||
|
MI_AC_IOS_ALLOW_CUSTOM_KEYBOARDS |
•true •false |
true: allows the use of custom keyboards false: does not allow the use of custom keyboards. Default if key-value is not configured: true. |
|
Skip percent encoding of ";" in URL Path |
||
|
skip_percent_encode_for_semicolon_in_URL |
•true •false or •yes •no (case insensitive) |
Skip percent encoding of ";" character in URL Path component. Default value is yes |
|
Handle DOM Mutations after Initial document load |
||
|
handle_DOM_mutations_after_intial_document_load |
•true •false or •yes •no (case insensitive) |
Handles Document Object Model (DOM) mutations like adding "new child" or perform attribute change after initial document load. Default value is yes. |
|
Defer JavaScript location changes for child window |
||
|
defer_javascript_location_changes |
•true •false or •yes •no (case insensitive) |
Defer JavaScript location changes for child window until first argument of window. Open call is completely loaded in child window. Default value is yes. |
|
Disable Window Body Unload event listener |
||
|
disable_window_body_onunload_event_listener |
•true •false or •yes •no (case insensitive) |
Disables window body unload event listener for the window and for all the frame windows in the page. Default value is yes. |
|
Remove sensitive user browser data (History, cache, Form-data, cookies, Pasteboard, saved-password ) |
||
|
clear_user_data_after_duration_in_minutes |
Value in minutes |
Remove user's sensitive data after certain time interval as specified by the user from Ivanti EPMM. By default the functionality is disabled. Valid range is 15 - 10080 (in minutes). Any out-of-range value disables this feature. |
|
Ignore errors while loading any internal resources and embedded frames in a web page |
||
|
ignore_errors_in_resources_and_embedded_frames |
•true •false or •yes •no (case insensitive) |
Setting "ignore_errors_in_resources_and_embedded_frames" KVP to YES will ignore any errors while loading internal resources or embedded frames and will not result in a complete page error. The default value is no. |
|
Inject FastClick javascript library in Web@Work for all web pages |
||
|
inject_fastclick_js_library |
•true •false or •YES •NO (case insensitive) |
By default FastClick javascript library injection is disabled, and the value is set to "NO" If the value for this key is set to "YES", it will inject FastClick javascript library for all the web pages being loaded in Web@Work. |
|
Enable search results feature in Web@Work address bar |
||
|
enable_search_results_feature_in_addressbar |
•true •false or •YES •NO (case insensitive) |
Setting "enable_search_results_feature_in_addressbar" to "YES" enables the search results feature in the address bar. If this feature is enabled and you type some word in the address bar (which is not a URL) and then press Enter, Web@Work will show search results from search engines such as Google. If this feature is disabled Web@Work will consider the typed string as URL and will try to load the page. |
|
Enable resetting of scaling of web page after document loading completes |
||
|
enable_resetting_scale_to_fit_for_scaling_webpage |
•true •false or •YES •NO (case insensitive) |
The default value is "YES". If the value for this key is set to "NO" there will be no resetting of scaling of a web page after document loading completes. |
|
Set MixPanel analytics collection ON/OFF |
||
|
allow_analytics |
•true •false |
Administrators can enable or disable analytics collection depending on set value. To disable Mixpanel, enter the following: Key: allow_analytics Value: false Mixpanel is enabled by default if the key-value pair is not configured. |
|
browser_product_name |
MISecureBrowser |
Allows you to configure product name in user agent string. If the key-value pair is not present in the Web@Work configuration , then the user agent string will have "MobileIron" as the product name by default. The value for the key "browser_product_name will replace the string "MobileIron" from the user agent string. |
|
Data leak prevention |
||
|
WEB_RESTRICTED_MENU |
|
Each value will restrict multiple items and those cannot be blocked individually. This menu can be restricted on both in WebView and Address Bar. on ios 16. Below iOS 16, options will be blocked only in webview |
|
Miscellaneous |
||
|
MI_AC_USE_ORIGINAL_COOKIES_FOR_DOMAINS |
The value of the KVP must be comma-separated domain names. Do not put in any spaces. |
Allow Web@Work to send custom cookies in web requests: Some web pages inject custom cookies into web requests. For example, when an end user taps on a link in a web page, the page's JavaScript injects a custom cookie. If a user makes such a request from a web page displayed in Web@Work, by default AppConnect does not include the injected cookies in the web request, which can cause the request to fail. AppConnect now includes the custom cookies in the request if the server administrator includes the following key in the Web@Work's app-specific configuration on the server: MI_AC_USE_ORIGINAL_COOKIES_FOR_DOMAINS. The value of the key is a comma-separated string listing the domains for which the custom cookies should be included. Make sure no spaces are included in the value. For example: www.somewebsite.com, somename.someotherwebsite.com |
|
enable_java_script_open_window |
•true •false |
Allows Web@Work to enable JavaScript pop-up window. |
|
enable_ipad_desktop_browser |
•true •false |
Allows Web@Work to request desktop version for all the websites on iPadOS 13 devices and later. |
|
ENABLE_RFC_5246 |
•true •false |
Administrators can enable or disable RFC 5246 support. The default value is "true". |