Enterprise Mobile Management

Follow

Updated:

NetDocuments offers an additional variant of its iOS and Android mobile apps that can be used with any Enterprise Mobility Management (EMM) vendor’s management platform that supports the AppConfig standards, such as VMWare AirWatch, MobileIron and IBM Maas360.  

Th EMM version of the iOS app was initially released on 18 July 2017, with the latest version released on 16 February 2018. Get it on the iTunes app store.

A single version of the Android app was initially released on 8 December 2017 that includes EMM features.  Get it on Google Play.

What is AppConfig?

Historically, when a mobile app developer needed to create a version of its app to support a specific EMM platform, the developer needed to use the EMM vendor's proprietary SDK, which required the creation of a custom version of the mobile app for each EMM vendor, in addition to the need to test and maintain each version of the app separately (plus the need to maintain separate AppStore listings), even though each EMM version of the mobile app provided essentially the same features and restrictions. 

The AppConfig Community was created to allow a mobile app developer to offer a single EMM version of its mobile app, using agreed-upon standards, that any EMM vendor could choose to support. Because the AppConfig standard has gained traction with leading EMM vendors, NetDocuments has determined to offer a version of its iOS and Android apps that supports AppConfig.  NetDocuments also has joined the AppConfig community.

How it Works

To restrict a repository to use only the EMM version of the app, the firm must configure device settings so that only the EMM version of the app can connect to their repository. Learn More.

allow_app.png

Any EMM platform that supports AppConfig can manage every AppConfig mobile app in specifically defined ways, like deployment and tunneling. In addition, each mobile app vendor can choose to add other restrictions that are specific to its mobile app, which restrictions can be configured from the EMM platform.  

Below are the settings that are applicable to the EMM version of both the iOS and Android app:

Configuration Key

Values

Description

kMDM_APP_PRINT_POLICY

PRINTPOLICY_UNAUTHORIZED = 0

PRINTPOLICY_AUTHORIZED = 1

Restricts printing of documents

kMDM_APP_OPEN_IN_POLICY

OPENINPOLICY_UNAUTHORIZED = 0

OPENINPOLICY_AUTHORIZED = 1

OPENINPOLICY_WHITELIST = 2

Controls the Open In feature

kMDM_APP_OPEN_IN_WHITE_LIST

An array of bundle IDs. Learn how to find an app's bundle ID

This is a list of apps that can be used to open documents

kMDM_APP_PASTEBOARD_POLICY

PASTEBOARDPOLICY_UNAUTHORIZED = 0 PASTEBOARDPOLICY_AUTHORIZED = 1

PASTEBOARDPOLICY_SECURECOPY = 2

0 - Restricts copying from documents and pasting to other apps

1 - Allows users to use copy/paste

2 - Restricts copy/paste to only work between apps that are managed by their provider's profile. 

kMDM_HOST

ACPHOST_US = “US” (this is the default if this key is not set)
ACPHOST_EU = “UK”
ACPHOST_AU = “AU”

Set the default host location that the app will login to

 kMDM_OFFICE365_POLICY

(Note that this feature is available for the Android app starting with v1.2)

ACOFFICE365_HIDDEN = 0: hide the “Edit Using” button and do not allow the user to enable the setting
ACOFFICE365_DISPLAYED = 1: always show the “Edit Using” button and do not allow the user to disable the setting
ACOFFICE365_HIDDEN_DEFAULT = 2: hide the “Edit Using” button by default, but allow the user to change the setting to display it
ACOFFICE365_DISPLAY_DEFAULT = 3: by default Open in Office is enabled, but the user can disable it.
Whether to show the “Edit using Office” button
kMDM_AUTOLOGIN_POLICY

ACAUTOLOGIN_AVAILABLE = 0: auto login is available (this is the default if this key is not set)
ACAUTOLOGIN_DISABLED = 1: auto login is disabled and cannot be enabled
ACAUTOLOGIN_ENABLED = 2:  auto login is enabled by default but can be disabled (this value is supported as of v2.3 of the iOS app; it is not yet available for the Android app)

Whether auto login is available 
kMDM_PASSCODE_POLICY ACPASSCODE_OPTIONAL = 0: no passcode required (this is the default if this key is not set)
ACPASSCODE_REQUIRED = 1: passcode required
Whether the passcode is optional or required
kMDM_APP_EMAIL_POLICY EMAIL_POLICY_UNAUTHORIZED = 0: NO emails may be sent from the app. Neither the Email Link nor Email Copy options will be available in the Open In menu.
EMAIL_POLICY_DEFAULT_APP = 1: When emails are sent, use the default email app for the device (likely Mail for iOS). This is the default if this key is not set.
Whether the app can send emails
kMDM_APP_EMAIL_LINK_POLICY EMAIL_LINK_POLICY_UNAUTHORIZED = 0: NO Email Links may be sent from the app. In that case, the Email Link option will not be shown in the Open In menu.
EMAIL_LINK_POLICY_AUTHORIZED = 1: Email Links may be sent from the app (this is the default if this key is not set).
Whether the app can send Email Links
kMDM_APP_EMAIL_COPY_POLICY EMAIL_COPY_POLICY_UNAUTHORIZED = 0: NO Email Copies may be sent from the app. In that case, the Email Copy option will not be shown in the Open In menu.
EMAIL_COPY_POLICY_AUTHORIZED = 1: Email Copies may be sent from the app (this is the default if this key is not set).
Whether the app can send Email Copies
kMDM_SECURITY_CODE (new in v2.3 of the iOS app and v1.1 of the Android app) A string value of at least 8 characters and no more than 50 characters

An optional code that
must match the same
code entered on the
Device Management page
of the repository to allow the app to connect to
that repository.

These settings are new in v2.3 of the iOS app and are not yet available in the Android app:    
kMDM_PASSCODE_LENGTH An integer with a value of 4, 6 or 8 (the default is 4) The required passcode length, which cannot be changed by the end user.
kMDM_APP_FEDERATED_IDENTITY A string value The repository ID of client's repository, which will allow
users to bypass the normal login page and go directly to
the organization login page.  This may not work for every client.

Each EMM vendor has their own management console and method for configuring AppConfig apps.

For the iOS app, some vendors require an XML configuration file to be uploaded, whereas others may be able to pull this information from the AppConfig web site.  Click here to View a Sample XML Configuration file that can be used for the iOS app.  Here is a .plist version of the Configuration file.

In order to manage the Android app, the Android for Work container must be used, not an EMM vendor's native container.

Optional Security Code
A new, optional EMM setting has been added (kMDM_SECURITY_CODE) to support a new security feature.  This feature must to be used in conjunction with a new setting available on the NetDocuments web interface.  This new feature can be used to limit the NetDocuments EMM mobile apps that can connect to a firm’s repository:  only apps installed on devices managed by that firm.

To use this new feature, a Repository Administrator must enter a security code on the Repository Admin page.  Then, using a supported EMM platform (such as AirWatch or MobileIron), an Administrator will push out the same security code to the NetDocuments apps managed by their firm (if the app is version 2.3 or later).  Each managed EMM app will present this security code to the NetDocuments server on the next login.  The security code presented by the EMM app must match the security code configured on the server.  If there is no match, the EMM app will not be able to access the firm’s repository.  (If the server has not been configured to use a security code, any security code presented by the EMM app will simply be ignored.) 

Push the latest version of the app to all of your users to take advantage of this feature.  When a security code is added or changed from an EMM platform and pushed it out to devices, all v2.3 iOS apps/v1.1 Android apps will be logged out and users will be forced to reauthenticate, to ensure that the new security code is presented to the server.

Here are the specific steps for configuring this new feature.  Please note that these steps should be followed in this order and in a timely manner.

First, using your EMM platform, push out the latest version of the EMM app to all of your users or otherwise ensure that all of the apps are upgraded. 

Second, on the “ndSync Policies and Device Management” page, configure your repository to limit access only to the EMM version of the NetDocuments mobile apps.  A new “Security code” field will be shown when the “Only allow NetDocuments for EMM app” option is selected:

Security_Code_Device_Management_Page.pngEnter a security code and submit the page.  The security code must be between 8 and 50 characters.

Finally, using the new kMDM_SECURITY_CODE setting from your EMM platform, push out the same security code to those apps.  This final step should be completed as soon as possible after adding the security code on the server. 

Do not set a security code on the server until you are ready to deploy it to your mobile apps.

After taking these steps, from the device management page, you can see if there are any mobile apps connected to your repository that are earlier than v2.3 for iOS and v1.1 for Android.  If you cannot upgrade these devices from your EMM platform, then use the Device Management page to remove them.  Some of them may be older apps that are no longer installed on any device.

Back to Top

Was this article helpful?
2 out of 2 found this helpful

Comments

Have more questions? Submit a request
Powered by Zendesk