EMM (Enterprise Mobility Management) Integrations

Overview

Workplace features two mobile apps that are available on both iOS and Android – Workplace and Workplace Chat. For those customers that use an Enterprise Mobility Management (EMM) solution, our mobile apps can receive certain configurations through the native APIs available on iOS and Android.

These integrations adhere to the specifications defined by appconfig.org, which is a standards body formed by many of the leading EMM vendors. Appconfig members include VMWare, MobileIron, IBM, SOTI, JAMF and Blackberry. The Workplace apps are configurable by any of these solutions.

If your EMM solution is not a member of appconfig.org, see the section on Support for non-appconfig.org vendors.

Prerequisites

  • The device must be under management by an EMM server that supports the ability to push app configurations.
  • For iOS, the Workplace apps must be distributed and managed via EMM.
  • For Android, the device must be Android Enterprise enabled in either device owner or profile owner mode.

Configuration

The Workplace apps support the ability to pre-configure the apps with the KVPs (Key Value Pairs) listed below. On iOS, this is done using iOS managed app configurations and on Android this is done by leveraging managed configurations available through Android Enterprise.

The keys should be mapped to a dynamic variable within the EMM solution representing the required value.
KeyPlatformDescription
emailAddress

iOS, Android

Represents the Workplace username of the device’s assigned user.

Support for non-appconfig.org vendors

If your EMM solution is not a member of appconfig.org it may still support the use of app configurations. Follow these steps:

  1. Check with your EMM vendor on support for iOS managed app configurations
  2. Verify that the EMM vendor supports the use of a dynamic variable for user email address
  3. Create an iOS .plist file as shown below and replace the string variable with the email variable from your EMM solution
    <plist version="1.0">
    <dict>
      <key>emailAddress</key>
      <string>{EMM_Email_Variable}</string>
    </dict>
    </plist>
  4. Upload the plist file to the EMM solution and associate with the Workplace apps
  5. Push the app to a device and test

Security/Access Controls

In addition to providing many device security features, most EMM solutions provide application security capabilities that are natively supported by the mobile OS. These include:

  • Remote wipe of the app
  • Encryption of app data
  • Restrict file export to managed apps
  • Prevent backup of app data

In some cases, customers may require that Workplace access is restricted to managed devices only. In these situations, there are two approaches that can be taken.

  1. Certificate Based Authentication - Distribute a user certificate to the device through EMM and enable 2 factor authentication on the identity provider with the certificate as a required authentication factor.
  2. IP Based Restriction - Configure the Workplace apps to use VPN through EMM and enable a policy on the identity provider limiting access based upon source IP address.