AppConnect app configuration
An AppConnect app configuration specifies:
- app-specific configuration for the app.
- AppTunnel settings for the app.
IMPORTANT: | For each AppConnect app, make sure only one AppConnect app configuration applies to each device. |
The following describe how to configure an AppConnect app configuration:
- Automatically created AppConnect app configuration
- Automatically provided key-value pairs
- Configuring an AppConnect app configuration
- AppConnect app configuration field description
Automatically created AppConnect app configuration
When you upload an AppConnect app to the MobileIron Core App Catalog, Core creates an AppConnect app configuration automatically as follows:
-
For Android AppConnect apps:
Core always takes this automatic action. If the app has specified configuration requirements, Core uses that configuration. Otherwise, Core creates an AppConnect app configuration with no configuration values.
-
For iOS AppConnect apps built using the AppConnect for iOS SDK or Cordova Plugin:
Core takes this automatic action only if an in-house app has specified configuration requirements in its IPA file. This automatic action does not occur when you specify an Apple App Store AppConnect app as a recommended app.
-
For wrapped iOS AppConnect apps:
Core does not take this automatic action.
The following table lists the name of the automatically created AppConnect app configuration.
OS of the AppConnect app |
Name of automatically-created AppConnec app configuration |
---|---|
For iOS AppConnect apps |
Default <bundle ID of app> Configuration |
For Android AppConnect apps |
Default <package ID of app> Configuration |
NOTE: | In the Admin Portal, on Policies & Configs > Configurations, the name of the app, not the name of the AppConnect app configuration, displays in the name column. |
Automatically provided key-value pairs
MobileIron Core takes a special action for some iOS AppConnect apps in the Apple App Store that you specify as recommended apps. The special action occurs when you enter the bundle ID of one of these apps in the Application field of an app configuration and then save the app configuration. Core automatically populates the key-value pairs for the recommended app. Core does not overwrite any key-value pairs that you manually added. You can then edit the app configuration to change the provided key-value pairs, if necessary.
Configuring an AppConnect app configuration
If an AppConnect app configuration is not automatically created, create the configuration on the Core Admin Portal.
Procedure
- In the Admin Portal, select Policy & Configs > Configurations.
- Select Add New > AppConnect > App Configuration to create an AppConnect app configuration.
- Update the form as needed.
- Click Save.
- Select the new AppConnect app configuration.
- Select More Actions > Apply To Label.
- Select the labels to which you want to apply this AppConnect app configuration.
- Click Apply.
IMPORTANT: | Be sure to apply one of the labels that you selected to the device. |
- AppConnect app configuration field description
- Checking the device’s labels
- Adding a device to a label
Checking the device’s labels
The following describes how to check a device's labels.
Procedure
- Go to Devices & Users > Devices.
- Select the device.
- In the Device Details Pane, select Label Membership.
Adding a device to a label
The following describes how to add a device to a label.
Procedure
- Go to Devices & Users > Devices.
- Select the device.
- Select More Actions > Apply To Label.
- Select the labels to apply to the device.
- Click Apply.
AppConnect app configuration field description
Use the following guidelines to create or edit an AppConnect app configuration.
Item |
Description |
|||
Name |
Enter brief text that identifies this AppConnect app configuration.
|
|||
Description |
Enter additional text that clarifies the purpose of this AppConnect app configuration. |
|||
Application |
Android: Select an Android AppConnect app from the MobileIron Core App Catalog. iOS: Select an iOS AppConnect app from the MobileIron Core App Catalog or enter the bundle ID of an iOS AppConnect app. A bundle ID that you enter is case sensitive.
|
|||
Client TLS |
If the app is using certificate pinning, select Enable Client TLS Configuration and choose the appropriate Client TLS configuration from the dropdown. |
|||
AppTunnel Rules |
Configure AppTunnel rules settings for this app. First, configure the Standalone Sentry to support AppTunnel. See Configuring AppConnect and AppTunnel. When the app tries to connect to the URL and port configured here, the Sentry creates a tunnel to the app server.
|
|||
Enable MobileIron Access |
The setting is available only if MobileIron Access is configured in the Admin Portal in Services > Access. Otherwise, the setting is grayed out. If the option is selected, MobileIron Access trusts the HTTPS traffic via AppTunnel. Tunnel is not needed in this setup. For information about MobileIron Access and how to set up the service with MobileIron Core, see the MobileIron Access Guide.
|
|||
Enable Split Tunneling using MobileIron Tunnel |
iOS only. Requires Mobile@Work 12.3.0 and MobileIron Tunnel 4.1.0 for iOS. Before enabling the option, ensure that MobileIron Tunnel is deployed and a Tunnel VPN configuration is applied to the AppConnect app. For information about deploying MobileIron Tunnel for iOS, see the MobileIron Tunnel for iOS Guide. Select the option if the AppConnect app will transition to using WKWebView or the app currently uses WKWebView and any of the following is also true:
Enabling the option allows the configured AppTunnel rules to be managed through MobileIron Tunnel rather than through AppTunnel For information about the UIWebView API deprecation, see UIWebView Deprecation and AppConnect Compatibility.
Consider the following case:
In the above case, data from the app to the enterprise resource will not be tunneled if the device switches to the enterprise Wi-Fi network. |
|||
To add an AppTunnel rule, click Add+ . To delete an AppTunnel rule, click the X at the end of the row. |
||||
Sentry |
Select a Sentry configured for AppTunnel from the drop-down list. |
|||
Service |
Select a service name from the drop-down list. This service name specifies an AppTunnel service configured in the AppTunnel Configuration section of the specified Sentry.
If the service on the Sentry is configured with its Server Auth set to Kerberos, the AppConnect app uses Single Sign On. That is, the device user does not enter any further credentials when the app accesses its enterprise app server. |
|||
URL Wildcard |
Enter one of the following:
If the app requests to access this hostname, the Sentry tunnels the app data to an app server. The Sentry and Service fields that you specify in this AppTunnel Rule row determine the target app server. Note The Following:
|
|||
Port |
Enter the port number that the app requests to access. The app data is tunneled only if the app’s request matches the hostname in the URL Wildcard field and this port number. Exception: For iOS apps using AppConnect releases prior to AppConnect for iOS SDK 2.5 and AppConnect for iOS Wrapper 2.7, only the hostname, not the port number determines whether the app data is tunneled. Note The Following:
|
|||
Identity Certificate |
Select the Certificate Enrollment setting that you created for AppTunnel. This selection determines the certificate that the device presents to the Standalone Sentry for authentication. “Device and server authentication” in the MobileIron Sentry Guide |
|||
Configurations |
Specify app-specific configuration settings as key-value pairs. To add a key-value pair, click Add+ . To delete a key-value pair, click the X at the end of the row. |
|||
Key |
Enter the key. The key is any string that the app recognizes as a configurable item. For example: userid, appURL |
|||
Value |
Enter the value. The value is either:
Example $USERID$ https://someEnterpriseURL.com The string can have any value that is meaningful to the app. It can also include one or more of these MobileIron Core variables: $USERID$, $PASSWORD$, $EMAIL$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $GOOGLE_AUTOGEN_PASSWORD$, $FIRST_NAME$, $LAST_NAME$, $DISPLAY_NAME$, $DEVICE_CLIENT_ID$, $DEVICE_ID$, $DEVICE_IMEI$, $DEVICE_IMSI$, $DEVICE_MAC$, $DEVICE_SN$, $DEVICE_UDID$, $DEVICE_UUID$, $DEVICE_UUID_NO_DASHES$, $MI_APPSTORE_URL$, $RANDOM_16$, $RANDOM_32$, $RANDOM_64$, $REALM$, $TIMESTAMP_MS$, $USER_DN$, $USER_LOCALE$, $USER_UPN$ Custom attribute variables are also supported: $CUSTOM_DEVICE_<attribute name>$ $CUSTOM_USER_<attribute name>$ If you do not want to provide a value, enter $NULL$. The $NULL$ value tells the app that the app user will need to provide the value. If you specify $PASSWORD$, also enable Save User Password under Settings > System Settings > Users & Devices > Registration. However, only devices that register after you enable Save User Password will receive the password.
Certificate Enrollment and Certificate settings that you configured in Policy & Configs > Configurations appear in the dropdown list. When you choose a Certificate Enrollment or Certificate setting, MobileIron Core sends the contents of the certificate as the value. If the certificate is password-encoded, Core automatically sends another key-value pair. The key’s name is the string <name of key for certificate>_MI_CERT_PW. The value is the certificate’s password. |