AppConnect for iOS wrapped app overview

• Wrapped app features

• App requirements

• Supported programming languages

• Supported mobile development platforms

• AppConnect components for wrapped apps

• Using a wrapped app

Wrapped app features

Secure enterprise apps that are created using the AppConnect wrapping technology can:

• Tunnel network connections to servers behind an enterprise’s firewall.

  This capability means that device users do not have to separately set up VPN access on their devices to use the app.

• Authenticate an app user to an enterprise service.

  This capability means that AppConnect app users do not have to enter login credentials to access enterprise resources.

• Enforce data loss prevention.

  The Ivanti server administrator decides whether an app can:

  • copy to the iOS pasteboard

  • use drag and drop

  • use the document interaction feature (Open In and Open From)

  • use print capabilities

  • use dictation with the native iOS keyboard

  AppConnect for iOS uses these server settings to limit the app’s functionality to prevent data loss through these features.

• Control custom keyboard use by your app

  The Ivanti server administrator can choose whether an app can use custom keyboards, and the AppConnect library enforces the choice.. If the administrator does not configure this choice, your app can choose to reject custom keyboard use.

• Block dictation from the native iOS keyboard

  By default, the AppConnect wrapping technology blocks using dictation from the native iOS keyboard. The Ivanti server administrator can override this behavior by adding a key-value pair to the app’s configuration. The key is called MI_AC_WR_ALLOW_KEYBOARD_DICTATION. By default, the value is false. If the administrator sets the value to true, then wrapped AppConnect apps can use dictation with the native keyboard.

• Receive app-specific configuration information from the Ivanti server.

  This capability requires some additional app development. It means that device users do not have to manually enter configuration details that the app requires. By automating this process for the device users, each user has a better experience when installing and setting up apps. Also, the enterprise has fewer support calls.

• Protect AppConnect-related data on the device, such as configuration and certificates, using encryption.

  If an app enables iOS data protection on its files, and the device has a device passcode, then the app’s data is also encrypted.

• Blur the app’s screens when the app is not in the foreground.

  The AppConnect wrapping technology enforces this behavior.

App requirements

• You can wrap any iOS app (IPA file) as long as you did not get the IPA file from the Apple App Store. The app can have been built as a 64-bit app or as a 32-bit app.
• Wrapped apps are not compliant with Apple’s terms and conditions, and cannot be distributed using the Apple App Store. The app must be distributed using the Ivanti server’s enterprise app storefront.

You can wrap an app only if it supports fast app switching, an iOS feature added in iOS 4.0. Fast app switching means that the app can go into the background for a short time without iOS terminating it. AppConnect for iOS requires that apps support this feature. Most apps support fast app switching. To ensure that an app supports fast app switching, a developer can remove the UIApplicationExitsOnSuspend key if it is present in the app’s Info.plist.

Supported programming languages

You can wrap apps written in either Objective-C or Swift.

Related topics 

AppConnect wrapper callback methods

Supported mobile development platforms

Many iOS apps are created using mobile development platforms, rather than using the Apple environment that targets only iOS devices. You can wrap iOS apps that were created using these mobile development platforms:

• PhoneGap
• IBM Worklight
• Xamarin

Tunneling support for Xamarin apps has restrictions as described in AppTunnel support in Xamarin apps .

AppConnect components for wrapped apps

Wrapped AppConnect apps work with the following Ivanti components:

Ivanti component	Description
Ivanti EPMM	The Ivanti on-premise server which provides security and management for an enterprise’s devices, and for the apps and data on those devices. An administrator configures the security and management features using a web portal.
Connected Cloud	Ivanti’s cloud offering that has the same functionality as Ivanti EPMM.
Ivanti Neurons for MDM	Ivanti’s cloud offering that provides similar functionality as Ivanti EPMM. However, it does not support all the AppConnect features that Ivanti EPMM supports.
Standalone Sentry	The Ivanti server which provides secure network traffic tunneling from your app to enterprise servers.
Mobile@Work for iOS	An Ivanti client app that runs on an iOS device. It interacts with Ivanti EPMM or Connected Cloud to get current security and management information for the device. It interacts with the AppConnect library to communicate necessary information to your app.
The Go app	An Ivanti client app that runs on an iOS device. It interacts with Ivanti Neurons for MDM to get current security and management information for the device. It interacts with the AppConnect library to communicate necessary information to your app.
The AppStation app	An Ivanti client app that runs on an iOS device. It interacts with Ivanti Neurons for MDM . It can be used on the device instead of Go when the Ivanti Neurons for MDM tenant supports Mobile Apps Management (MAM) but not Mobile Device Management (MDM). It interacts with the AppConnect library to communicate necessary information to your app.
AppConnect for iOS Wrapper Library	Provided by the AppConnect wrapping technology, the wrapper library provides AppConnect capabilities to your app. It provides your AppConnect app management and security capabilities, and facilitates communication between your app and the Ivanti client app.

Note the following:

• Ivanti EPMM and Ivanti Neurons for MDM are each also referred to as an Ivanti server.

• Mobile@Work, Go, and AppStation are each also referred to as an Ivanti client app.

IMPORTANT: Some AppConnect features depend on the version of Ivanti EPMM, Ivanti Neurons for MDM , Standalone Sentry, and the Ivanti client app.

Using a wrapped app

An iOS device user can use a wrapped AppConnect app only if:

• The device user has been authenticated through the Ivanti server.

  The user must use the Ivanti client app to register the device with the Ivanti server. Registration authenticates the device user. Once registered, the device user can use a secured enterprise app.

• The Ivanti server administrator has authorized the device user to use the app.

• The device user has entered a secure apps passcode or Touch ID/Face ID.

  The Ivanti server administrator configures whether a secure apps passcode, also called the AppConnect passcode, is required, and configures its complexity rules. The administrator also configures whether using Touch ID/Face ID, if available on the device, is allowed instead of the AppConnect passcode.

  The AppConnect passcode is not the same as the passcode used to unlock the device.