Authorization

The Ivanti server administrator determines:

• whether or not each device user is authorized to use each secure enterprise app.

  When an unauthorized user launches the app, the Ivanti client app displays a message to the user, and the app exits.

• the situations that cause an authorized device user to become unauthorized.

  These situations include, for example, when the device OS is compromised. The Ivanti client app reports device information to the Ivanti server. The server then determines whether to change the user to unauthorized based on security policies on the server.

• When a user becomes unauthorized, the Ivanti client app displays a message to the user, and the app exits.

• the situations that retire the app.

  Retiring an app means that the user is not authorized to use it and the app’s data is deleted. The Ivanti client app displays a message to the user, and the app exits. Furthermore, the AppConnect for iOS Wrapper Library removes data associated with the app. Specifically, the wrapper library removes all data in the application’s sandbox and in the application’s keychain. It also resets the application’s default settings.

When an app is retired, the wrapper library removes the app’s data. When a user is unauthorized but the app is not retired, the app cannot run, so the user cannot access the data. However, the wrapper library does not remove the data. The reason is that an unauthorized user can become authorized again, and therefore the data should become available again.