Syncplicity Support

Follow

Mobile device management for iOS

This topic describes configuring mobile device management (MDM) systems for managing Syncplicity apps on iOS mobile devices. Syncplicity supports the following MDM systems:

These are supported via the AppConfig technology of the AppConfig Community. All push to devices a special dictionary with configurations. Developers can access the dictionary in iOS applications via NSUserDeafults with the com.apple.configuration.managed key. This logic is integrated to the AppConfig.swift class. AppConfig object is aggregated in the MDMConfiguration class.

Table of keys

The following is a table of keys that affect devices using Syncplicity.

Key name

Key title and description

Type Value

Special behavior override

RequireCertAuth

Login with Browser

If True: use the OS default browser for SSO login rather than a webview. Useful for certificate-based authentication.

If False: login with an in-app webview.

If missing: use the app default behavior.

Boolean True/False

If key is missing, OR
If key is present and value = True:

  • Hide the "Login with Browser" link (added Feb 2016).
  • Switch to current browser to complete SSO login authentication (unless a certificate exists such that a browser is not required).

If key is present and value = False:

  • Hide the "Login with Browser" link (added Feb 2016).
  • SSO login authentication happens via in-app webview, rather than switching to current browser.
SyncplicityOpenInPolicy

Syncplicity Open-In Policy

If True: obey the Syncplicity policy. MDM settings can restrict that policy, but cannot make it less restrictive.

If False: Syncplicity Open-In policy is ignored. MDM settings are used.

If key is missing: obey the Syncplicity policy setting.

Boolean True/False

If key is missing, OR
If key is present and value = True:

  • Obey the Syncplicity Open-In policy. MDM can further restrict that policy, but cannot override it to be less restrictive.

If key is present and value = False:

  • Override the Syncplicity Open-In policy. MDM completely sets the Open-in policy for managed devices.
User Email Address

User Email Address

A value of {EmailAddress} will auto enter the user's email when logging in.

String {EmailAddress}

If key is present and value = { EmailAddress}

  • Upon displaying the Login screen, pre-populate the Email address field with the user's email address. This will work the same as choosing “Corporate” in the first log-in screen, entering your email, and submitting. The secondary screen (the SSO login screen) will still require the user to enter their email and password.
  • Note that this will fail IF the user enrollment email address for MDM is different from the user's Syncplicity corporate email address. However, the failure won't be catastrophic: the user will simply fail to authenticate and will be sent back to the first email login screen.
PasscodeEnforcementPolicy

Passcode Enforcement Policy

If True: Require the user to set a passcode for the Syncplicity app.

If False: Do not force the user to set an app passcode. (Existing passcodes will not be removed.)

If missing: obey the Syncplicity policy setting.

Boolean True/False

If key is missing:

  • Obey the Syncplicity app passcode enforcement policy

If key is present and value = True

  • Override the Syncplicity policy
  • Require the user to set and use an app passcode

If key is present and value = False: 

  • Ignore the Syncplicity policy
  • Do not require the user to set and use an app passcode
  • Note that this will not prevent a user from using an app passcode, and it won't disable an existing app passcode that the user has already set. It simply won't make the user create a passcode.
PasscodeFailurePolicy

Passcode Failure Policy

If True: Wipe data after repeated passcode failures.

If False: Do not wipe data after repeated passcode failures.

If missing: obey the Syncplicity policy setting.

Boolean True/False

If key is missing:

  • Obey the Syncplicity policy for remote wipe after specified failure attempts

If key is present and value = True:

  • Override the Syncplicity policy
  • Data will be wiped after a specified number of passcode failures

If key is present and value = False: 

  • Ignore the Syncplicity policy (and also ignore PasscodeAllowedAttempts). Data will not be wiped after set number of passcode failures.
PasscodeAllowedAttempts

Passcode Allowed Attempts

If positive integer: use this number for app passcode failures before wiping data.

If missing: obey the Syncplicity policy setting.

Unsigned Integer number (of failure attempts)

If key is missing:

  • Obey the Syncplicity policy for wiping the data after a specified number of failed passcodes.

If key is present and value = a positive integer: 

  • Wipe the data after this number of failed passcodes.

Note: in Orchestration, this is PasscodeFailures.AllowablePasscodeFailures

PasscodeTimeoutPolicy

Passcode Timeout Policy

If True: Require user to periodically re-enter their Syncplicity app passcode.

If False: User will always need to enter their app passcode when switching to Syncplicity.

If missing: obey the Syncplicity policy setting.

Boolean True/False

If key is missing:

  • Obey the Syncplicity passcode timeout policy

If key is present and value = True:

  • Override the Syncplicity policy
  • Enforce a passcode timeout using the time specified

If key is present and value = False: 

  • User will always need to enter their app passcode when switching to Syncplicity.
PasscodeTimeoutMinutes

Passcode Timeout Minutes

If positive integer: use this number of minutes for the passcode timeout policy.

If missing: obey the Syncplicity policy setting.

 

Unsigned Integer number (of minutes)

If key is missing:

  • Obey the Syncplicity policy for requiring the user to re-enter their app passcode after a specified amount of time.

If key is present and value = a positive integer: 

  • Require the user to re-enter their app passcode, after the specified number of minutes has elapsed.

Note: in Orchestration, this is PasscodeTimeout.PasscodeValidityTime

PinLoginDomains

Pin Login Domains

Creates a whitelist of one or more comma-separated email domains, so that only accounts in those domains can login.

 

String email domains, comma-separated

If key or value are missing:

  • No action.

If key is present and value = one or more email domains, separated by comma or comma+space:

  • Only login accounts ending in the specified domain value(s) will be allowed to login.

Example value: syncplicity.com, newnet.com

Result: only login accounts ending in syncplicity.com or newnet.com would be allowed to login. Note this key/value does not correspond to a Syncplicity Group Policy.

If the login fails, show this error text:

  • Error title: Incorrect Email Address
  • Error text: Your local administrator requires a company email address for login. Please try again or contact IT

 

MobileIron

MobileIron is supported via its AppConnect framework. AppConnect is covered by the MIConfiguration class, which provides the only needed API. MIConfiguration is aggregated in the MDMConfiguration class.

You need a MobileIron user account to use its user interface. See the MobileIron user documentation for adding a user and information for registering Syncplicity.

AirWatch

You configure the dictionary via the AirWatch Console.

You need an AirWatch user account to use its user interface. See the AirWatch user documentation for adding a user and more details about configuration. When adding a user, select the necessary group in the list Enrollment Organization Group list. The selected group is used in the Select Assignment Groups list for the selected application.

The following steps were developed using AirWatch Console 9.1.1.10.

Configuration

  1. Select Apps & Books | Application | List View | Public.
  2. Scroll down to Syncplicity on Apple iOS platform and click the Edit icon.
  3. Select the Assignment tab.
  4. In the Select Assignment Groups section you can configure the list of user groups affected by MDM configuration.
  5. Scroll down to Application Configuration section. You can change the configuration dictionary passed to users' devices.
  6. Click Save & Publish when done.

Alternately, you can click Upload XML on the Assignment tab and upload a file with the configured polices.

Install AirWatch Agent app

Download and install the AirWatch Agent app from the AppStore on your iOS device. As there are multiple AirWatch apps, be sure to install AirWatch Agent. If you already had installed a device manager profile from any MDM application, remove it before installing the AirWatch Agent app. The following is the first screen that is displayed when the app opens the first time.

AirWatch_Agent_screen1.PNG

Complete the enrollment process using the information you received during user registration. The simplest method might be scanning the QR code from the AirWatch User Activation letter. Trust the remote management profile source when prompted. At the end of the process, install the Syncplicity app when prompted.

Intune

The following topics describe configuration for Intune. See the Intune user documentation for more details.

The following steps for Intune configuration were developed using Microsoft Azure.

Set MDM push certificate

  1. Click Intune near the bottom of the left-side menu.
  2. Under Manage, select Device enrollment | Apple enrollment | Apple MDM Push Certificate.
  3. Follow the instructions on the right side of the page.

Enroll Syncplicity app for iOS

  1. Click Intune near the bottom of the left-side menu.
  2. Under Manage, select Mobile apps | Apps | Add.
  3. Select iOS store app in the App type field.
  4. Click the Search the App Store field and type Syncplicity in the search field.
  5. In the search results, select Syncplicity and OK.
  6. Click App information Configure. Most of the field values are provided, but you can edit them.
  7. Click OK and Add.

Create at least one user group

  1. Click Intune near the bottom of the left-side menu.
  2. Under Manage, select Groups | All groups | New group.
  3. Type the group name. Select Assigned as the membership type. Select users to invite to the group.
  4. Click Create.

Set app configuration

  1. Click Intune near the bottom of the left-side menu.
  2. Under Manage, select Mobile apps | App configuration policies | Add.
  3. Do the following:
    • Type the name of the configuration.
    • Select Enrolled with Intune in the Device enrollment type field.
    • Select iOS in the Platform field.
    • Click Associated app and select Syncplicity.
    • Click Configuration Settings and complete as you want.
    • Click OK and Add.

Assign app configuration

  1. Click Intune near the bottom of the left-side menu.
  2. Under Manage, select Mobile apps | App configuration policies.
  3. Select your configuration in the displayed list.
  4. Select Assignments.
  5. Select Select Groups.
  6. Select a group and click Select.
  7. Click Save.

Configure client

Download and install the Microsoft Intune Company Portal app from the AppStore on your iOS device. As there are multiple Intune apps, be sure to install Microsoft Intune Company Portal. If you already had installed a device manager profile from any MDM application, remove it before installing the Intune app. The following is the first screen that is displayed when the app opens the first time.

Intune_portal_app_screen1.PNG

Log on and follow the prompts for device enrollment. Allow showing a configuration profile and tap to install it when prompted. If prompted for a passcode, enter the code for your iOS device. A warning message is displayed, saying installing the profile allows the administrator to manage your device remotely. Tap to install and to trust the profile's source. Tap again to install when an app installation message is displayed. Enter your iTunes password when prompted. If not already installed, Syncplicity is installed automatically with the required configuration.

Related topics

See the following topics for more information about MDM for iOS devices.

Managing iOS devices using AirWatch

Managing iOS devices using Intune

Powered by Zendesk