Free cookie consent management tool by TermsFeed

Appian for Enterprise Mobility Management (EMM)

Appian Mobile provides two ways to protect business data on your users' mobile devices:

  • Mobile Application Management through Microsoft Intune. This provides EMM Admins granular control for managing and securing business data on users' personal devices. This is ideal for Bring Your Own Device (BYOD) deployments.
  • Mobile Device Management through AppConfig. This allows enterprise mobility management (EMM) admins to manage the security, policy, and provisioning requirements on fully managed devices. This is ideal for deployments on company-owned devices.

Mobile application management through Microsoft Intune

Mobile application management (MAM) in Intune is designed to protect corporate data at the application level, through app protection policies. MAM through Intune can be used both on company-owned devices and personal devices.

In order to use these Microsoft Intune MAM capabilities with Appian Mobile, users must download the Appian for Intune app and enroll it with Microsoft Intune.

Note:  Appian for Intune supports app-based Conditional Access starting in version 23.4 of the app. If app-based Conditional Access policies are enabled, ensure users are on at least version 23.4 of the Appian for Intune App.

Configuring Appian Mobile with Microsoft Endpoint Manager

The Microsoft Endpoint Manager admin center is where you can find the Microsoft Intune service, as well as other device management related settings.

To configure Appian Mobile for your organization, sign into Microsoft Endpoint Manager admin center and follow the steps listed here.

To add the Appian for Intune app:

  1. On the Apps page, click Select custom apps.
  2. For Bundle ID, enter one of the following:
    • For iOS, enter com.appian.tempo.intune.
    • For Android, enter com.appian.android.intune.

Once the app has been added, you can enforce Intune app protection policies to manage and protect your organization's data.

Mobile device management through AppConfig

What is the AppConfig Community?

The AppConfig Community is a collection of industry leading EMM solution providers and app developers that have come together to make it easier for developers and customers to drive mobile adoption in business. The community's mission is to streamline the adoption and deployment of mobile enterprise applications by providing a standard approach to app configuration and management, building upon the extensive security and configuration frameworks available in the mobile operating systems.

EMM Administrators can set the following configurations for the Appian Mobile application directly through the EMM provider:

  • Data Encryption: Ensures that any data persisted on the device is automatically encrypted.
  • Remote Wipe: Allows the EMM administrator to remotely wipe device data.
  • Prevent Application Backup: Prevents users from backing up application data.
  • Application Tunnel: Allows for approved applications to use a per-app VPN tunnel to connect to your corporate networks.
  • Disable Screen Capture: Prevent users from taking screenshots of the application.

Custom configurations

The following additional custom configurations can be enabled for the Appian Mobile application:

Configuration Description Key Type Default Value
Suggested Servers A list of servers presented to the mobile user to select from when creating a new account. suggestedServers String (comma separated value of server addresses) {} (No servers presented to the user)
Prevent Copy Paste (iOS) Disables the ability to copy from, or paste into any fields in the application.

Note: This property only applies to iOS. Copy and paste operations on Android are automatically restricted to applications in the work profile.		 copyPasteProtection Boolean False (Copy-paste is allowed by default)
Open Custom Camera App The name of an intent for a custom camera app. Use this if you want the Appian Mobile app on Android devices to open a custom camera app instead of the default camera app. openCustomCameraApp String {} (No intent specified)
Prompt for Passcode on Launch Forces users to provide a user-defined passcode every time they launch the app. promptPasscodeOnLaunch Boolean FALSE
Prompt for Passcode on Idle Forces users to provide a user-defined passcode when application has been backgrounded for greater than the specified time (in minutes) and on every launch. promptPasscodeOnIdleTimeout Int -1 (Don't prompt for passcode when application is backgrounded)
Shared Device Indicates if the mobile device is shared among multiple users. When enabled, Appian includes a ForceAuthn parameter on the request to the SAML provider. This informs the SAML provider that it should reauthenticate the user, regardless of whether or not they are remembered. Only affects remember me that is configured directly with the SAML identity provider; does not affect remember me configured in Appian. isDeviceShared Boolean False
Enable Client Certificate Access Enables an option on the accounts screen that allows users to import a certificate into the mobile app. The certificate is used to ensure secure access to the server from authorized clients.

On iOS, the certificate can be imported from any application that acts as a Document Provider.
On Android, the certificate can only be imported from the device's trusted credential store.		 enableClientCertificates Boolean False
Default Browser Specifies the browser to be used exclusively by the mobile app (during authentication and for opening links to external web pages).

Note: Authentication and links are blocked if the specified browser is not found on the device.

To allow the MDM browser to redirect to Appian (during authentication), you need to specify the following URL schemes in your MDM console:
- appianauth
- com.appian.tempo and
- appianauth-standard		 defaultBrowser String
(from the following list)
access
airwatch
citrix
maas360
mobileiron
edge		 {} (No browser specified. Defaults to using Safari on iOS, and Chrome on Android)

These configuration keys are defined in the EMM Admin Console and are normally stored as part of a profile assigned to the application. The EMM Admin has the ability to update the configurations over the air at any point without requiring the application to be reinstalled.

Applying custom configurations

This section explains how to enable the following custom configurations on the Appian mobile application through the BlackBerry Unified Endpoint Management (UEM) console:

  • Suggested Servers
  • Prompt for Passcode on Launch

Refer to the documentation of your EMM provider for further instructions if needed.

Configuring the iOS application

  1. Select the Appian iOS application from your BlackBerry UEM console.

    /Appian EMM iOS1

  2. Scroll to the bottom of the Settings tab. There should be a section for App Configuration. This is where you can specify the custom configurations you want to enable for the application.

    /Appian EMM iOS2

  3. Click on the + icon and choose the option to Configure manually.

    /Appian EMM iOS3

  4. Specify a name for the App Configuration. Click on the + icon and select option String.

    /Appian EMM iOS4

  5. Set the key to suggestedServers. The value to specified here should be a comma separated value of server addresses.
    • In this example, we will be setting up a single server with URL https://forum.appian.com.

  6. Click on the + icon and select option Boolean. Set the key to promptPasscodeOnLaunch. Set the value to be true. Once you are done configuring these properties the configuration should look as shown below.

    /Appian EMM iOS5

  7. Save the configuration with the application. You can then assign the application along with the configuration to your users.

    /Appian EMM iOS6

These configurations take effect after the Appian mobile application is pushed to the device. Any updates to these configurations will be automatically applied when the application is relaunched.

Configuring the Android application

  1. Select the + icon from under App Configuration section when adding the application to your BlackBerry UEM console.

    /Appian EMM DR1

  2. Specify a name for the App Configuration.
  3. Under Suggested Servers, specify a comma separated value of server addresses. In this example, we will be setting up a single server with URL https://forum.appian.com.

  4. Check the option Prompt Passcode on Launch Enabled. Once you are done configuring these properties the configuration should look as shown below.

    /Appian EMM DR2

  5. You can then assign the application along with the configuration to your users.

    /Appian EMM DR3

    These configurations take effect after the Appian mobile application is pushed to the device. Any updates to these configurations will be automatically applied when the application is relaunched.

Supported EMM vendors

The Appian Mobile application can be configured and managed through any of the EMM vendors that comply with the AppConfig standards.

Note:  Although Microsoft Intune is not officially listed as an AppConfig EMM Member, the specified configurations can be enforced on the Appian Mobile application running on managed iOS and Android devices.

Feedback