Preparing and Distributing Apps@Work Container
The following provides the steps for preparing and distributing Apps@Work Container:
Procedure overview
The following figure outlines the process of preparing and distributing Apps@Work Container. Perform these procedures using the Safari browser on a Mac OS X computer.
Figure 1. Overview of preparing and distribution Apps@Work Container
Creating a distribution certificate
The distribution certificate authenticates that the app comes from a source that is trusted by Apple.
To create a distribution certificate:
|
1.
|
Log in to Apple’s iOS Dev Center. |
|
2.
|
Under Developer Program, select Certificates, Identifiers, and Profiles. |
|
4.
|
Under Certificates, select Production. |
|
5.
|
Click + to add a certificate. |
|
6.
|
In the Production section, select In House and Ad Hoc. |
|
NOTE:
|
If you already have a distribution certificate, contact the person who created the certificate to export the certificate along with its private key to a .CER or .P12 file. Save this file to your Downloads folder and proceed to Adding the distribution certificate to your Login Keychain. |
|
8.
|
Complete the process for generating a Certificate Signing Request (CSR). |
|
9.
|
Save the CSR file to your desktop. |
This step sends the CSR to Apple for approval. When the certificate request is approved, a Download button displays in the Actions column. If the Download button does not display, try refreshing the page.
This step saves the file in your Downloads folder.
Adding the distribution certificate to your Login Keychain
To add the distribution certificate to your Login Keychain:
|
1.
|
Double-click the certificate in your Downloads folder. |
This step opens Keychain Access and adds the certificate to your Keychain. Note that no confirmation message is displayed.
|
2.
|
In Keychain Access, confirm that the distribution certificate is listed in the Login Keychain. |
The certificate should have the following name: “iPhone Distribution: <Company Name>”.
|
3.
|
If the certificate is not in the Login Keychain, check the other keychains. |
|
4.
|
If the certificate is in another keychain, move it to the Login Keychain. |
Creating a unique app ID
The app ID grants your app access to the distribution certificate you added to your Login Keychain.
To create an app ID, do the following steps on a Mac OS X computer using Safari:
|
1.
|
Log in to Apple’s iOS Dev Center. |
|
2.
|
Under Developer Program Resources, select Certificates, Identifiers & Profiles. |
|
6.
|
In the Description field, enter a brief description of the app. |
Device users do not see this text.
|
7.
|
Select Explicit App ID. |
|
8.
|
In the Bundle Identifier field, enter a unique identifier for the app bundle. |
We recommend using the following format:
com.yourcompany.storefrontcontainer
The new app ID displays in the App IDs page.
Creating a push certificate
Push notification enables badging for the app. Configuring push notifications requires a push certificate, also known as an APNS certificate.
To set up push notification for the app, do the following steps on a Mac OS X computer using Safari:
|
1.
|
Log in to Apple’s iOS Dev Center. |
|
2.
|
Under Developer Program Resources, select “Certificates, Identifiers & Profiles”. |
|
6.
|
Select Apple Push Notification Service SSL (Production). |
|
8.
|
Select the app ID you created for this app. |
|
10.
|
Follow the displayed instructions to create a CSR and save it to your desktop. |
Adding the push certificate to your Login Keychain
To add the push certificate to your Login Keychain:
|
1.
|
Open the push certificate you saved in your Downloads folder. |
The certificate will be labeled “Apple Production IOS Push Services: <bundle ID>”.
This step adds the certificate to your Login Keychain and opens the Keychain Access app.
|
2.
|
In the Keychain Access app, click the arrow to the left of the push certificate. |
This step displays the private key for the certificate.
|
3.
|
Select the certificate and the private key. |
|
4.
|
Select File > Export Items. |
This step saves the information to a file in p12 format.
|
5.
|
Enter the password for exporting when prompted. |
|
7.
|
Enter your Login Keychain password when prompted. |
This is typically your login password.
|
9.
|
In the SSL Certificate Assistant window, click Done. |
Creating a distribution provisioning profile
The distribution provisioning profile associates the distribution certificate with your app and authorizes devices to use the app.
To create a distribution provisioning profile:
|
1.
|
Log in to Apple’s iOS Dev Center. |
|
2.
|
Under Developer Program Resources, select Certificates, Identifiers & Profiles. |
|
3.
|
Click Provisioning Profiles. |
|
6.
|
Under Distribution, select In House. |
|
10.
|
Select the distribution certificate you created. |
|
12.
|
The following prompt is displayed: |
Do you need additional entitlements?
|
14.
|
Enter a name for the profile. |
Enter a name that distinguishes the profile from others, such as “Storefront Container In House Profile.”
The file will have a .mobileprovision extension.
Signing and rebranding your custom Apps@Work app
The script included in the package you downloaded from the MobileIron support site completes the following tasks:
|
•
|
rebrands the app (optional) |
Rebranding requirements
You can rebrand the following elements in your custom app:
|
•
|
app title (This is the app name displayed on the home screen; the default is Apps@Work.) |
|
•
|
icons (The default icons are the same as those used for the Apps@Work web clip.) |
If you are rebranding the app, prepare the icons as specified by Apple on Icon and Image Sizes.
You will use these icons in Running the script. You will also use the [email protected] icon in Distributing the app when you upload the Apps@Work app to MobileIron Core.
Accessing the default app icon
If you are not re-branding the app icon, then you need to acquire the default app icon included in the Apps@Work Container package:
|
1.
|
In the folder in which you extracted the Apps@Work Container package, open the Payload folder. |
|
2.
|
Right-click the WebContainer file to display the context menu. |
|
3.
|
Click Show Package Contents. |
The default set of app icons are in the displayed folder.
You will use the default app icon in Distributing the app when you upload the Apps@Work app to MobileIron Core.
Signing requirements
Assemble the following items before running the signing/rebranding script:
|
•
|
app version (You can choose your preferred version number for the app. We recommend using the version of the Apps@Work app package itself. However, you must increment this version if you are distributing multiple updates to the Apps@Work app, such as revised app icons.) |
Running the script
When you have assembled the required items, complete the following steps to run the signing/rebranding script:
|
1.
|
Make sure you have installed Xcode command line tools. |
See Installing Xcode command line tools.
|
2.
|
Extract the Apps@Work Container package you downloaded from the MobileIron support site. |
|
3.
|
Place your provisioning profile in the folder containing the extracted contents. |
|
4.
|
If you are rebranding the app icons, create a new directory in the same folder which you extracted the package and place your rebranded icons in this folder. |
Be sure the dimensions and file names of all of your icons exactly match the dimensions and filenames of the icons specified by Apple on Icon and Image Sizes.
|
6.
|
In the folder containing the extracted contents, run the script with the following command: |
./brandAndSign.py --provisioningProfile <path_to_ProvisioningProfile.mobileprovision> --signingIdentity "<distribution certificate common name>" --appTitle "<app title>" --appIconsDirectory <directory> --appBundleVersion <build version> --appDisplayVersion <release version>
Example:
./brandAndSign.py --provisioningProfile ./ProvisioningProfile.mobileprovision --signingIdentity "iPhone Distribution: <Company Name>" --appTitle "My App" --appIconsDirectory ./AppIcons/ --appBundleVersion 2.1.3.57 --appDisplayVersion 2.1.3
|
NOTE:
|
The version options should be used only if you to manage the versions to track things like updated branding for an app that has already been deployed. The appBundleVersion parameter assigns a custom bundle version, which is for internal version tracking. The appDisplayVersion parameter assigns a custom version to the app for display to app users. |
Distributing the app
The steps for distributing the signed app resemble those of distributing an in-house app. However, you must also upload the APNS certificate you created in Creating a push certificate. The MobileIron Core process for adding an in-house app presents a field for uploading the APNS certificate when you upload the Apps@Work app.
|
NOTE:
|
The following procedure uses MobileIron Core 9.4.0.0. |
Procedure
|
-
|
If you are rebranding, this icon is in the icon directory you created when you signed the app. |
|
2.
|
Select Apps > App Catalog. |
|
5.
|
Next to Upload In-House App, click Browse to navigate to and select the signed Apps@Work app IPA. |
|
7.
|
Optionally add a description. |
|
9.
|
In the Apps@Work Catalog section, uncheck Feature this App in the Apps@Work catalog. |
|
10.
|
In the Icon and Screenshots section, click Replace Icon to navigate to and select the icon for the app. |
|
12.
|
In the Managed App Settings section, select Send installation request or send convert unmanaged to managed app request (iOS 9 and later) on device registration or sign-in. |
This step ensures that newly-registered devices receive a prompt to install this app. This is an important step for the Apps@Work app because the app does not display as a separate entry in Apps@Work.
|
13.
|
In the APNS Messaging Configuration section, next to the APNS Certificate field, click Browse to navigate to and select the APNS certificate that you created in Creating a push certificate. |
|
14.
|
For Password, enter the password for the APNS certificate. |
MobileIron Core automatically creates an AppConnect app configuration and AppConnect container policy for the Apps@Work app. Core uses these settings to automatically distribute the required configuration to the Apps@Work app on installed devices without requiring end-user interaction.
|
16.
|
In Apps > App Catalog, select the Apps@Work app. |
|
17.
|
Select Actions > Apply To Labels. |
|
18.
|
Select the appropriate labels. |
After these steps, Apps@Work app will be installed on devices when they register with MobileIron Core.
To distribute the app to devices that are already registered, use one of the following procedures:
Send a message from the Core Admin Portal.
|
1.
|
In the Core Admin Portal, go to Apps > App Catalog. |
|
2.
|
Select the Apps@Work app. |
|
3.
|
Select Actions > Send Message. |
|
4.
|
In the Send App Installation Request dialog, click Apply. |
Ask device users to check for updates
In the Mobile@Work app, do the following:
|
1.
|
Go to Settings > Check for Updates. |