Adding an enterprise app for Android
Add an enterprise Android app to the IBM® MaaS360® App Catalog to distribute it securely to managed devices. You can upload the app file, configure app details, set the deployment options, and assign the app to specific user groups. After you publish the app, users can install it from the IBM MaaS360 App Catalog on their devices.
Procedure
- From the IBM MaaS360 Portal home page, select Apps > Catalog.
- On the App Catalog page, click Add, expand the Android section, and select Enterprise App for Android.
- On the Enterprise App for Android window, select the App
Details tab and enter the following details.
Option Description App The name of the app. Browse or type the URL for the APK file. Note: The following validation messages appear based on the inputs.-
The app version is outdated. The version that you uploaded is lower than the current version in the portal. Upload a higher version.- This message appears when the uploading android enterprise app version is lesser [generated by using signature check] than the existing android app version.
-
Upgrade Failed due to Signing Certificate Mismatch- This message appears when the value of the uploading android enterprise app Certificate does not match the value of the existing certificate for the existing android app on which the upgrade is being performed.
-
No Signing Certificate Found- This message appears when the system cannot generate the
SHA256 Certificateon the uploading enterprise android app.
Download URL The location where the Android enterprise .apk file is hosted. Organizations must use the local organization specific CDN location to host enterprise apps for Android. When an app is distributed, the app is downloaded from the specified location instead of from the MaaS360 tenant CDN. Note: After an app is distributed, you can use the Download URL field in the App Summary page to modify the download URL. When you modify the URL, new installations pick up the app from the updated location.Description The description of the app. Category The comma-separated categories for the app. These categories help users to find the app in the user App Catalog. Screenshots Screenshots of the app. -
- Select the Policies and Distribution tab and enter the following
details.
Option Description Remove app on The app is automatically removed in the following scenarios. -
- MDM Control Removal
- When the administrator or a user stops the MDM control of a device.
-
- Selective Wipe
- When a selective wipe is issued to the device.
-
- Deletion from portal or stopping Distribution
- When the app is deleted from IBM MaaS360 Portal or distribution to a specific distribution list is stopped.
-
- Sign out from Shared Device
- When the user signs out of a shared device. If the user signs back into the device, the app is restored on the device.
Note: The Remove App on MDM Control Removal and Remove App on Selective Wipe options are supported on SAFE, LG, Zebra, Kyocera, Bluebird, and M3 SM10.Install Settings - Install Automatically
- The app is installed on devices instantly without user intervention.
Note: The app is installed immediately after the app is distributed to the following devices: Android Enterprise, Samsung for Enterprise (SAFE), LG, Zebra, Kyocera, Bluebird, and M3 SM10.Schedule Download Time Note: Select the Install Settings checkbox to view this option.Click the box and enter a time to initiate the app download on the device. If the field is empty, then the app download starts immediately.Note: Download the app before you install the app on the device.Schedule Install Time Note: Select the Install Settings checkbox to view this option.Click the box and enter a time for a scheduled installation. If the field is empty, then the app installation starts immediately after the app download.Security Policies The following policy is enforced on the app: -
- Restrict Data Backup to Google Play
- Prevents a backup of data from the app to Google Play.
-
- Enforce Authentication
- Requires authentication to access the app. Based on authentication type, users are prompted to provide a corporate or local MDM password.
-
- Enforce Compliance
- The app cannot be accessed if the device is out of compliance. The Usage data
access permission must be enabled on the device for the MaaS360 app to restrict access to the app when the device is in out-of-compliance
(OOC). To enable, go to Settings > Usage data access > MaaS360 > Allow usage tracking.Note: Samsung, LG (up to Android 9.0), Honeywell, Zebra, Kyocera (up to Android 8.0), Bluebird, and M3 SM10 devices that are enrolled in Device Admin mode do not require the Usage data access access.
Distribute to The devices that receive the app. Use the plus icon to add multiple distributions. You can use MaaS360 to distribute an app to devices in the following ways. -
- None
- The app is loaded in the App Catalog, but the app is not distributed to devices immediately.
-
- Specific Device
- The app is loaded in the App Catalog and deployed to a specific device.
-
- Group
- The app is deployed to a group of devices.
-
- All Devices
- All devices receive the app.
MaaS360 supports the Send Email distribution option that sends the recipient an email message about the new app.
-
- Select the Configuration tab and enter the following
details.
Option Description Prompt for user authentication for Gateway when App is in background Displays the authentication screen for MaaS360 Mobile Enterprise Gateway (MEG) when the app is in the background. Trust user added certs This option enables a wrapped app to trust user-added certificates. Note: This option is supported on Android 7.0 and later.Advanced Settings Enter the configuration attributes that are provided by the app developer. For these values, you can use variables such as fixed string, username(%username%),domain(%domain%),email(%email%),deviceId(%csn%), or any other custom user attributes. For more information, see Android app wrapping parameters. - Select the Wrapping and Signing tab and enter the following
details.
Option Description Apply WorkPlace Policy Select this option to apply policies to the WorkPlace container, which are the default policies for the app. Enforce WorkPlace Encryption Select this option to wrap and sign the app with MaaS360 Application Security and to access encryption parameters for Android. The wrapping process for MaaS360 Application Security supports encrypting data (files and databases) in the wrapped app. For more information about data encryption parameters that are available for Android enterprise apps, see Data encryption parameters.
Note: If the Enforce WorkPlace Encryption option is not displayed in the IBM MaaS360 Portal during app wrapping, contact IBM Support to enable this feature in the Portal.Enable App Analytics Collects app-related usage and performance data for analysis. Note: This option requires MaaS360 for Android 6.05+ on the device.Enable App Signing Select this option to enable app signing without app wrapping. Provide a code-signing certificate and a password. - Select the Advanced tab and enter the following details.
Option Description App Discovery Portal Enter the custom app attribute values that are supplied for the app and specify whether to display the app in the App Discovery Portal. For more information about the values for custom app attribute, see Adding apps to the App Catalog. Users can use the App Discovery Portal to request apps that are distributed to other users in the organization. -
- Not Available
- The app is not visible in the App Discovery Portal.
-
- Viewing Only
- The app is visible in the App Discovery Portal.
-
- Viewing & Request
- The app is visible in the App Discovery Portal for requests.Note: The Viewing & Request option is not available for Windows apps.
-
- Click Add.