Enterprise Mobility Management (EMM) is a way for organizations to control and secure the mobile devices used by their employees. EMM practices help keep company data safe and secure while still allowing employees to work on the go as needed.
Appian Mobile provides two ways to protect business data on your users' mobile devices: mobile application management (MAM) through Microsoft Intune and mobile device management (MDM) through Microsoft Intune or AppConfig.
Mobile application management (MAM) provides EMM Admins granular control for managing and securing business data on users' personal devices. This is ideal for Bring Your Own Device (BYOD) deployments.
In order to use Microsoft Intune MAM capabilities with Appian Mobile, users must download the Appian for Intune app and enroll it with Microsoft Intune.
Appian for Intune protects corporate data at the application level through:
MAM through Microsoft Intune can be used on company-owned devices and personal devices. If you are using Microsoft Intune for MDM, Appian for Intune will prioritize MAM policies over MDM policies.
The Microsoft Endpoint Manager admin center is where you can find the Microsoft Intune service, as well as other device management related settings.
To configure Appian for Intune for your organization, sign into Microsoft Endpoint Manager admin center and follow the steps listed here.
To add the Appian for Intune app:
Appian for Intune
and select to add it. This applies to both iOS and Android.Once the app has been added, you can enforce Microsoft Intune app protection policies, app configuration policies, and app-based Conditional Access policies to manage and protect your organization's data.
Mobile device management (MDM) allows EMM admins to manage the security, policy, and provisioning requirements on fully managed devices. This is ideal for deployments on company-owned devices.
The Appian Mobile application can be configured and managed through any of the EMM vendors that comply with the AppConfig standards.
If you are using Microsoft for Intune for both MDM and MAM, use the Appian for Intune app. If you are only using MDM, whether through Microsoft Intune or an AppConfig provider, your users can use the Appian Mobile app.
EMM Administrators can set configurations for the Appian Mobile application directly through the EMM provider.
Some examples of configurations that can be set include:
The AppConfig Community is a collection of industry leading EMM solution providers and app developers that have come together to make it easier for developers and customers to drive mobile adoption in business. The community's mission is to streamline the adoption and deployment of mobile enterprise applications by providing a standard approach to app configuration and management, building upon the extensive security and configuration frameworks available in the mobile operating systems.
The following table lists additional custom configurations that are available for Appian Mobile. These configuration keys are defined in the admin console for your EMM provider and are normally stored as part of a profile assigned to the application. The EMM Admin has the ability to update the configurations over the air at any point without requiring the application to be reinstalled.
These custom configurations can be configured for either MAM or MDM deployments.
Configuration | Description | Key | Type | Default Value |
---|---|---|---|---|
Suggested Servers | A list of servers presented to the mobile user to select from when creating a new account. | suggestedServers |
String (comma separated value of server addresses) | {} (No servers presented to the user) |
Prevent Copy Paste (iOS) | Disables the ability to copy from, or paste into any fields in the application. Note: This property only applies to iOS. Copy and paste operations on Android are automatically restricted to applications in the work profile. |
copyPasteProtection |
Boolean | False (Copy-paste is allowed by default) |
Open Custom Camera App | The name of an intent for a custom camera app. Use this if you want the Appian Mobile app on Android devices to open a custom camera app instead of the default camera app. | openCustomCameraApp |
String | {} (No intent specified) |
Prompt for Passcode on Launch | Forces users to provide a user-defined passcode every time they launch the app. | promptPasscodeOnLaunch |
Boolean | FALSE |
Prompt for Passcode on Idle | Forces users to provide a user-defined passcode when application has been backgrounded for greater than the specified time (in minutes) and on every launch. | promptPasscodeOnIdleTimeout |
Int | -1 (Don't prompt for passcode when application is backgrounded) |
Shared Device | Indicates if the mobile device is shared among multiple users. When enabled, Appian includes a ForceAuthn parameter on the request to the SAML provider. This informs the SAML provider that it should reauthenticate the user, regardless of whether or not they are remembered. Only affects remember me that is configured directly with the SAML identity provider; does not affect remember me configured in Appian. |
isDeviceShared |
Boolean | False |
Enable Client Certificate Access | Enables an option on the accounts screen that allows users to import a certificate into the mobile app. The certificate is used to ensure secure access to the server from authorized clients. On iOS, the certificate can be imported from any application that acts as a Document Provider. On Android, the certificate can only be imported from the device's trusted credential store. |
enableClientCertificates |
Boolean | False |
Default Browser | Specifies the browser to be used exclusively by the mobile app (during authentication and for opening links to external web pages). Note: Authentication and links are blocked if the specified browser is not found on the device. To allow the MDM browser to redirect to Appian, you need to specify the following URL schemes in your MDM console: Appian - iOS App - appian - appianauth - com.appian.tempo Appian for Intune - iOS App - appian - appianauth - com.appian.tempo.intune - msauth.com.appian.tempo.intune Appian - Android App - appian - appianauth - com.appian.android Appian for Intune - Android App - appian - appianauth - com.appian.android.intune - msauth |
defaultBrowser |
String (from the following list) - access - airwatch - citrix - chrome - maas360 - mobileiron - opera - edge |
{} (No browser specified. Defaults to using Safari on iOS, and Chrome on Android) |
Enable Print to PDF | Adds a printer icon to tasks and actions which allows users to create a PDF of the UI to share or print. Note: This property only applies to iOS. |
enablePrintToPdf |
Boolean | True |
This section explains how to enable the following custom configurations on the Appian mobile application through the BlackBerry Unified Endpoint Management (UEM) console:
Refer to the documentation of your EMM provider for further instructions if needed.
Select the Appian iOS application from your BlackBerry UEM console.
Scroll to the bottom of the Settings tab. There should be a section for App Configuration. This is where you can specify the custom configurations you want to enable for the application.
Click on the + icon and choose the option to Configure manually.
Specify a name for the App Configuration. Click on the + icon and select option String.
Click on the + icon and select option Boolean. Set the key to promptPasscodeOnLaunch. Set the value to be true. Once you are done configuring these properties the configuration should look as shown below.
Save the configuration with the application. You can then assign the application along with the configuration to your users.
These configurations take effect after the Appian mobile application is pushed to the device. Any updates to these configurations will be automatically applied when the application is relaunched.
Select the + icon from under App Configuration section when adding the application to your BlackBerry UEM console.
Check the option Prompt Passcode on Launch Enabled. Once you are done configuring these properties the configuration should look as shown below.
You can then assign the application along with the configuration to your users.
These configurations take effect after the Appian mobile application is pushed to the device. Any updates to these configurations will be automatically applied when the application is relaunched.
Appian for Enterprise Mobility Management (EMM)