On-demand secure apps container setup

Sometimes when you configure device users to be able to use secure apps, some users do not immediately need to use the apps. These users can set up the secure apps container on-demand if all their secure apps are optional apps.

Recall that you designate an app as optional or mandatory when you upload it to the App Catalog in Ivanti EPMM. When all the secure apps are optional, the device users install the Secure Apps Manager and create a secure apps passcode only when they install their first secure app.

To configure Ivanti EPMM to allow on-demand secure apps container setup, you designate the Secure Apps Manager as optional in Ivanti EPMM’s App Catalog.

The following table summarizes the behavior:

 

One or more mandatory secure apps

No mandatory secure apps

Secure Apps Manager is mandatory

User is prompted to create the AppConnect container during setup.

User is prompted to create the AppConnect container during setup.

Secure Apps Manager is optional

User is prompted to create the AppConnect container during setup.

User does not create AppConnect container until he requests a secure app.

On-demand secure apps container setup improves the device user’s experience. Until the device user needs a secure app, the device user does not have to set up the AppConnect container. Setting up the AppConnect container requires the device user to:

  • Download and install the Secure Apps Manager
  • Create an AppConnect passcode

Now device users have to go through this process only when they are ready to use a secure app.

Interactions with on-demand secure apps container setup

File Manager interaction

The secure File Manager provides some capabilities that secure apps use. These capabilities include:

  • An image viewer
  • An HTML viewer
  • A text viewer
  • A ZIP file extractor
  • A file download manager

If other secure apps require these features, File Manager must be installed.

Do one of the following:

  • If you make secure apps container setup on-demand, inform device users to always install the File Manager if they install any other secure app.
  • Make the File Manager app mandatory, thereby not using on-demand container setup.

Email client interaction

The Exchange setting in the Ivanti EPMM Admin Portal allows you to list a priority order for Android email apps. This order indicates the preferred app for Ivanti Mobile@Work to set up as the device’s email client. If you do not specify a list, Ivanti Mobile@Work looks for the following unsecured apps in this order: Ivanti Email+, TouchDown for SmartPhones, the email app native to the device.

IMPORTANT: Always specify an Exchange setting email app priority list if you are using on-demand AppConnect container setup. If the list is empty, Ivanti Mobile@Work will set up an unsecured email app such as the native email app.

To ensure the use of a secure email app, do one of the following:

  • Make all secure apps optional, and put only secure email apps in the priority list.

    In this case, the device user cannot use email until he installs a secure email app, but you ensure the device user does not use an unsecured email app.

  • Make a secure email app mandatory, and put it in the Exchange setting list.

    In this case, the device user is prompted to set up the AppConnect container, and the secure email app is installed and set up. However, using this method means the device users do not benefit from on-demand secure apps container setup.

For MAM-only Android devices, this priority list is not applicable because the Exchange setting is not supported. For MAM-only Android devices, use the AppConnect-enabled Ivanti Email+ for Android.

Secure Apps Manager or secure app upgrade interaction

Consider the scenario when:

  • You add a newer version of the Secure Apps Manager or a secure app to the App Catalog
  • You designate the newer version as optional.

If the older Secure Apps Manager or secure app is already installed on a device, the device user is prompted to install the upgraded app, even though it is designated optional. This behavior ensures that the user installs the upgraded version.

Configuring on-demand secure apps container setup

To configure on-demand secure apps container setup:

  • Designate all secure apps as optional.
  • Designate the Secure Apps Manager as optional.

IMPORTANT: If you set the Secure Apps Manager and secure apps as optional, set all versions of Secure Apps Manager and secure apps in the App Catalog to optional.

Designating the Secure Apps Manager or secure app as optional during upload

You can designate the Secure Apps Manager or secure app as optional when you upload it to the App Catalog in theIvanti EPMM Admin Portal.

For example, for the Secure Apps Manager:

  1. Go to Apps > App Catalog.
  2. Click Add + to open the app wizard.
  3. Click In-house.
  4. Click Browse to select and upload the Secure Apps Manager.
  5. Continue through the app wizard filling out fields as needed until you reach Silent install for Mandatory Apps field. To make the Secure Apps Manager optional, make sure the check box is cleared.
  6. Fill out the remaining fields as needed.
  7. Click Finish.

Designating the Secure Apps Manager or secure app as optional after upload

You can change an app to optional in the Ivanti EPMM Admin Portal at any time.

For example, for the Secure Apps Manager:

  1. Go to Apps > App Catalog.
  2. Under Platform, select Android.
  3. Find the Secure Apps Manager and click the app.
  4. Click Edit.
  5. Find the Silent Install for Mandatory Apps field and clear the check box to make the Secure Apps Manager optional.
  6. Click Save.

Device user view of on-demand secure apps container setup

When you configure on-demand secure apps container setup, Ivanti Mobile@Work does not prompt the user to set up the AppConnect container until the user requests to download a secure app. On-demand setup occurs if both of the following are true:

  • The Secure Apps Manager is optional
  • All the secure apps assigned to the device are optional.

Designating the Secure Apps Manager as optional impacts what displays in the Secure Apps menu item in Ivanti Mobile@Work. The Secure Apps menu item shows the Secure Apps Manager only if it is mandatory. It shows a secure app only if it is mandatory. If the Secure Apps Manager is optional, and all the secure apps are optional, the Secure Apps menu item does not appear.

The following steps illustrate the process that the device user experiences when he requests a secure app for the first time.

  1. In Ivanti Mobile@Work, the device user taps Apps@Work.

    Apps@Work displays the available apps.

  2. The device user taps a secure app, such as File Manager. 

  3. The user taps Install. Ivanti Mobile@Work informs the device user that Secure Apps must be configured.

  4. The device user taps Continue.

    The remaining steps are similar to what the user experiences at registration when the Secure Apps Manager is mandatory.

  5. The device user taps Continue.

    l

    The Secure Apps Manager is included for installation along with the secure app that the device user requested.

  6. The device user taps Begin, and follows the instructions to install the Secure Apps Manager and the requested app.

    After the apps are installed, the device user is prompted to set up the secure apps passcode.

After the user sets up the secure apps passcode, the AppConnect container is set up. The Secure Apps Manager and the selected secure app are installed and ready to use.