Overview of working with apps for iOS devices

If Ivanti EPMM has Apps@Work configured, then Ivanti EPMM installs an Apps@Work web clip on the user’s device after registration is complete. The user will see the default Apps@Work web clip icon, or your custom icon if you have customized the app store.

The device user taps this icon to access Apps@Work. Apps@Work shows lists of apps that you have configured for download from the Apple App Store or Ivanti EPMM. These are called managed apps, as they are managed by Ivanti EPMM.

The apps appear in these tabbed sections:

  • Featured: The featured page lists all apps that the administrator designates as featured. These apps can include in-house, recommended, web, and prepaid apps.
  • Categories: An app can be featured and listed under multiple categories. Uncategorized apps are displayed under the Uncategorized category. Only categories that have at least one app will appear on the user’s device.
  • Updates: The updates page shows all in-house apps that have an available update. The Update All button allows the device user to update all apps at the same time.

Device users must use an iTunes account to download apps from the Apple App Store.

iOS managed apps

When iOS apps are managed apps on a device for which Ivanti EPMM is the Mobile Device Management (MDM) server, the apps are called iOS managed apps. As the Ivanti EPMM administrator, you can control whether an iOS managed app is backed up and whether the app is deleted when the MDM profile is removed or the device is quarantined. Existing apps installed on a device can be converted to iOS managed apps on devices running iOS 9.0 or newer versions. Device users running iOS 8.4 and earlier must delete existing unmanaged apps on their devices and reinstall them as iOS managed apps.

You can also:

  • Restrict document interaction between iOS managed apps and unmanaged apps.
    See “Restriction settings” in the Ivanti EPMM Device Management Guide.
  • Provide app-specific configurations to iOS managed apps.
    See iOS managed app configuration.

Also, per Apple guidelines, Ivanti EPMM periodically checks the validity of iOS managed apps on iOS devices running iOS 9.2.1 or newer versions.

iOS managed apps are not supported on MAM-only iOS devices.

Prerequisites for iOS managed apps

Complete app functionality, including updates to badges resulting from inventory data, requires:

  • iOS MDM certificate (See “Enabling iOS MDM support” in the On-Premise Installation Guide for Ivanti EPMM and Enterprise Connector)
  • iOS MDM profile enabled (Settings > System Settings > iOS > MDM)

If you intend to develop and manage in-house apps, an enterprise-level Apple Developer account is required. For more information, see the Apple Developer site: https://developer.apple.com/.

AppConnect apps

You upload AppConnect iOS apps created with the AppConnect wrapping technology to the App Catalog as in-house apps. AppConnect apps created with the SDK can be distributed as either in-house apps or recommended public apps from the Apple App Store. The process for adding an AppConnect app to the App Catalog is the same as for any iOS app.

When you upload an AppConnect iOS app as an in-house app to the App Catalog, in some cases Ivanti EPMM automatically creates an AppConnect container policy and AppConnect app configuration. Ivanti EPMM takes this action when the app has specified its desired default values for the policy and configuration in its IPA file. You can override these values by editing the app’s AppConnect container policy or AppConnect app configuration. Ivanti EPMM keeps in sync the labels that you apply to the app and the labels that you apply to the AppConnect container policy and AppConnect app configuration.

For information about AppConnect apps, see the AppConnect Guide for EPMM.

Apps@Work container app for iOS that displays badges for app updates

An unsigned Apps@Work container app is available for iOS. You can download, re-brand, and sign this app if you want device users to see badges for app updates. The total number of updates available is shown in a badge that diesplays on the Apps@Work icon.

This number includes updates, new installations, and unmanaged to managed app conversions for iOS managed apps, featured apps, and in-house apps. Individual apps with new installations available will display their own badges.

Apps@Work will only be badged if it is being pushed as a container app. The package is available as a separate file in the Apps@Work Container App article in the Customer Support knowledge base in Ivanti Community. You will need to click through a separate license agreement before being able to download the file.

See the Ivanti Apps@Work Container for iOS tech note for information on implementing and distributing this app.

The Ivanti AppConnect container app is not supported on MAM-only iOS devices.

Authentication options and iOS versions

Certificate-based app authentication is required with Ivanti EPMM 11.3.0.0 and supported newer versions.

  • Certificate-based app authentication - this is the only available option from Ivanti EPMM 11.3.0.0 and supported newer versions. App downloads proceed without routing end-users to the app page in iTunes (assuming an iTunes account has been properly configured on the device).
  • HTTP basic authentication - this option is deprecated in Ivanti EPMM release 11.3.0.0 and newer versions, but it is still available in older releases. We recommend that you use certificate-based app authentication for better security. App downloads proceed without routing end-users to the app page in iTunes (assuming an iTunes account has been properly configured on the device). This method requires end users to enter their Ivanti EPMM user name and password to download apps.

The App Catalog

The App Catalog is a centralized location for the apps you want to manage for your users. By importing apps to the App Catalog, you can make the apps available for users to download to their devices.

You can provide device users with links to recommended iOS apps on the Apple App Store, or links to internally developed apps they can download from Ivanti EPMM using Apps@Work on their device.

Figure 1. App Catalog

You use the App Catalog to:

  • Add, configure, and remove managed apps
  • Install and uninstall managed apps to devices using labels
  • Group apps into categories to be displayed in Apps@Work on the device
  • Set the prerequisite app for a dependent app
  • Indicate mandatory installation of prerequisite apps in Apps@Work
  • Use Apple licenses

The App Catalog also allows you to view app details at a glance, such as the app name, size, the version number of in-house apps, the labels to which the app is applied, the origins of the app (public or in-house), and the number of devices to which the app is installed.

  • Ivanti EPMM shows the version number of an app if the app developer assigned a version number to the app.
  • Some App Catalog features are not available for MAM-only iOS devices, as described in MAM-only iOS devices.

The iBooks screen for iOS

The iBooks feature allows you to distribute iBooks, Kindle books (ePub), and PDF files to iOS devices managed by Ivanti EPMM. You can also edit and delete managed books, and search for particular managed books.

For more information about managing books on iOS devices, see the “Managed iBooks on iOS devices” section in the Ivanti EPMM Device Management Guide for iOS and macOS devices.

iBooks are not supported on MAM-only iOS devices.