This topic describes configuring mobile device management (MDM) systems for managing Syncplicity apps on iOS mobile devices. Syncplicity supports the following MDM systems:
These are supported via the AppConfig technology of the AppConfig Community. All push to devices a special dictionary with configurations. Developers can access the dictionary in iOS applications via NSUserDeafults with the com.apple.configuration.managed key. This logic is integrated to the AppConfig.swift class. AppConfig object is aggregated in the MDMConfiguration class.
Table of keys
The following is a table of keys that affect devices using Syncplicity.
FilesAppPolicyFiles App PolicyAllows or disallows access to Syncplicity content from Files app.
Key name |
Key title and description |
Type | Value |
Special behavior override |
---|---|---|---|---|
FilesAppPolicy | Files App Policy Allows or disallows access to Syncplicity content from Files app. |
Boolean | True/False |
If key is missing:
If key is present and value = True:
If key is present and value = False:
|
RequireCertAuth |
Login with Browser If True: use the OS default browser for SSO login rather than a webview. Useful for certificate-based authentication. If False: login with an in-app webview. If missing: use the app default behavior. |
Boolean | True/False |
If key is missing, OR
If key is present and value = False:
|
SyncplicityOpenInPolicy |
Syncplicity Open-In Policy If True: obey the Syncplicity policy. MDM settings can restrict that policy, but cannot make it less restrictive. If False: Syncplicity Open-In policy is ignored. MDM settings are used. If key is missing: obey the Syncplicity policy setting. |
Boolean | True/False |
If key is missing, OR
If key is present and value = False:
|
User Email Address |
User Email Address A value of {EmailAddress} will auto enter the user's email when logging in. |
String | { EmailAddress} |
If key is present and value = { EmailAddress}
|
PasscodeEnforcementPolicy |
Passcode Enforcement Policy If True: Require the user to set a passcode for the Syncplicity app. If False: Do not force the user to set an app passcode. (Existing passcodes will not be removed.) If missing: obey the Syncplicity policy setting. |
Boolean | True/False |
If key is missing:
If key is present and value = True
If key is present and value = False:
|
PasscodeFailurePolicy |
Passcode Failure Policy If True: Wipe data after repeated passcode failures. If False: Do not wipe data after repeated passcode failures. If missing: obey the Syncplicity policy setting. |
Boolean | True/False |
If key is missing:
If key is present and value = True:
If key is present and value = False:
|
PasscodeAllowedAttempts |
Passcode Allowed Attempts If positive integer: use this number for app passcode failures before wiping data. If missing: obey the Syncplicity policy setting. |
Unsigned Integer | number (of failure attempts) |
If key is missing:
If key is present and value = a positive integer:
Note: in Orchestration, this is PasscodeFailures.AllowablePasscodeFailures |
PasscodeTimeoutPolicy |
Passcode Timeout Policy If True: Require user to periodically re-enter their Syncplicity app passcode. If False: User will always need to enter their app passcode when switching to Syncplicity. If missing: obey the Syncplicity policy setting. |
Boolean | True/False |
If key is missing:
If key is present and value = True:
If key is present and value = False:
|
PasscodeTimeoutMinutes |
Passcode Timeout Minutes If positive integer: use this number of minutes for the passcode timeout policy. If missing: obey the Syncplicity policy setting. |
Unsigned Integer | number (of minutes) |
If key is missing:
If key is present and value = a positive integer:
Note: in Orchestration, this is PasscodeTimeout.PasscodeValidityTime |
PinLoginDomains |
Pin Login Domains Creates a whitelist of one or more comma-separated email domains, so that only accounts in those domains can login. |
String | email domains, comma-separated |
If key or value are missing:
If key is present and value = one or more email domains, separated by comma or comma+space:
Example value: syncplicity.com, newnet.com Result: only login accounts ending in syncplicity.com or newnet.com would be allowed to login. Note this key/value does not correspond to a Syncplicity Group Policy. If the login fails, show this error text:
|
MobileIron
MobileIron is supported via its AppConnect framework. AppConnect is covered by the MIConfiguration class, which provides the only needed API. MIConfiguration is aggregated in the MDMConfiguration class.
You need a MobileIron user account to use its user interface. See the MobileIron user documentation for adding a user and information for registering Syncplicity.
AirWatch
You configure the dictionary via the AirWatch Console.
You need an AirWatch user account to use its user interface. See the AirWatch user documentation for adding a user and more details about configuration. When adding a user, select the necessary group in the list Enrollment Organization Group list. The selected group is used in the Select Assignment Groups list for the selected application.
The following steps were developed using AirWatch Console 9.1.1.10.
Configuration
- Select Apps & Books | Application | List View | Public.
- Scroll down to Syncplicity on Apple iOS platform and click the Edit icon.
- Select the Assignment tab.
- In the Select Assignment Groups section you can configure the list of user groups affected by MDM configuration.
- Scroll down to Application Configuration section. You can change the configuration dictionary passed to users' devices.
- Click Save & Publish when done.
Alternately, you can click Upload XML on the Assignment tab and upload a file with the configured polices.
Install AirWatch Agent app
Download and install the AirWatch Agent app from the AppStore on your iOS device. As there are multiple AirWatch apps, be sure to install AirWatch Agent. If you already had installed a device manager profile from any MDM application, remove it before installing the AirWatch Agent app. The following is the first screen that is displayed when the app opens the first time.
Complete the enrollment process using the information you received during user registration. The simplest method might be scanning the QR code from the AirWatch User Activation letter. Trust the remote management profile source when prompted. At the end of the process, install the Syncplicity app when prompted.
Intune
The following topics describe configuration for Intune. See the Intune user documentation for more details.
The following steps for Intune configuration were developed using Microsoft Azure.
Set MDM push certificate
- Click Intune near the bottom of the left-side menu.
- Under Manage, select Device enrollment | Apple enrollment | Apple MDM Push Certificate.
- Follow the instructions on the right side of the page.
Enroll Syncplicity app for iOS
- Click Intune near the bottom of the left-side menu.
- Under Manage, select Mobile apps | Apps | Add.
- Select iOS store app in the App type field.
- Click the Search the App Store field and type Syncplicity in the search field.
- In the search results, select Syncplicity and OK.
- Click App information Configure. Most of the field values are provided, but you can edit them.
- Click OK and Add.
Create at least one user group
- Click Intune near the bottom of the left-side menu.
- Under Manage, select Groups | All groups | New group.
- Type the group name. Select Assigned as the membership type. Select users to invite to the group.
- Click Create.
Set app configuration
- Click Intune near the bottom of the left-side menu.
- Under Manage, select Mobile apps | App configuration policies | Add.
- Do the following:
- Type the name of the configuration.
- Select Enrolled with Intune in the Device enrollment type field.
- Select iOS in the Platform field.
- Click Associated app and select Syncplicity.
- Click Configuration Settings and complete as you want.
- Click OK and Add.
Assign app configuration
- Click Intune near the bottom of the left-side menu.
- Under Manage, select Mobile apps | App configuration policies.
- Select your configuration in the displayed list.
- Select Assignments.
- Select Select Groups.
- Select a group and click Select.
- Click Save.
Configure client
Download and install the Microsoft Intune Company Portal app from the AppStore on your iOS device. As there are multiple Intune apps, be sure to install Microsoft Intune Company Portal. If you already had installed a device manager profile from any MDM application, remove it before installing the Intune app. The following is the first screen that is displayed when the app opens the first time.
Log on and follow the prompts for device enrollment. Allow showing a configuration profile and tap to install it when prompted. If prompted for a passcode, enter the code for your iOS device. A warning message is displayed, saying installing the profile allows the administrator to manage your device remotely. Tap to install and to trust the profile's source. Tap again to install when an app installation message is displayed. Enter your iTunes password when prompted. If not already installed, Syncplicity is installed automatically with the required configuration.
Related topics
See the following topics for more information about MDM for iOS devices.