7.5. Managed configurations for the IDERI note mobile client app

Most Mobile Device Management (MDM) solutions allow to remotely predefine settings for supported apps by using managed configurations or application restrictions.

Using a managed configuration with the IDERI note mobile client app - be it the Android version or the iOS version - an administrator can predefine properties in the IDERI note mobile app’s “New connection...” dialog for the “Server name”, “Port number” and “Domain name” values (see also figure 2.9). With these values already initialized by the MDM system, users merely need to specify their Active Directory® user name and password.

If the IDERI note Gateway is configured in such a way, that the certificate for the TLS connection is derived from the certificate authority used for client authentication, mobile app users have to confirm the CA’s certificate hash and common name during connection setup. In order to make a well informed decision about this, users should receive those values out-of-band in a secure manner and compare the values for the CA shown in the app with those received beforehand. Using a managed app configuration for the CA certificate hash and the CA certificate common name using the CAHash and CACommonName properties, users are relieved from carrying out this procedure as these values come from the app installation via MDM.

Table Managed configuration properties for the IDERI note mobile client app shows the available properties of the managed configuration for the IDERI note mobile client app, along with an explanation of the value’s effect on app behaviour.

Managed configuration properties for the IDERI note mobile client app
ServerName The IDERI note Gateway server name.
DomainName The Active Directory domain name.
ServerPort The TCP port to be used by the app for the connection to the IDERI note Gateway server.
CAHash The certificate hash (thumbprint) of the IDERI note Gateway CA. Specifying this value suppresses the certificate confirmation prompt when adding a new connection in the IDERI note mobile app, if a TLS certificate for the IDERI note Gateway has been created from the IDERI note Gateway CA. This parameter has to be used in conjunction with the CACommonName property.
CACommonName The common name (subject) of the IDERI note Gateway CA. Specifying this value suppresses the certificate confirmation prompt when adding a new connection in the IDERI note mobile app, if a TLS certificate for the IDERI note Gateway has been created from the IDERI note Gateway CA. This parameter has to be used in conjunction with the CAHash property.

In order to support MDM administrators with ready-made configuration files, the IDERI note adminstrative tools ship with the files “specfile.xml”, “ManagedAppConfig.plist” and “ManagedAppConfig.json” in the “mobile” subdirectory of the installation. These files’ contents are also listed below.

7.5.1. specfile.xml

<managedAppConfiguration>
    <version>3.5.1515</version>
    <bundleId>com.ideri.IDERInoteClient</bundleId>
    <dict>
        <string keyName="ServerName">
        </string>
        <string keyName="DomainName">
        </string>
        <integer keyName="ServerPort">
            <defaultValue>
                <value>443</value>
            </defaultValue>
        </integer>
        <string keyName="CAHash">
        </string>
        <string keyName="CACommonName">
        </string>
    </dict>
    <presentation defaultLocale="en-US">
        <field keyName="ServerName" type="input">
            <label>
                <language value="en-US">
                    Name of the IDERI note Gateway Server
                </language>
            </label>
            <description>
                <language value="en-US"></language>
            </description>
        </field>
        <field keyName="DomainName" type="input">
            <label>
                <language value="en-US">
                    Active Directory Domain Name
                </language>
            </label>
            <description>
                <language value="en-US"></language>
            </description>
        </field>
        <field keyName="ServerPort" type="input">
            <label>
                <language value="en-US">
                    TCP port for the IDERI note Gateway Server
                </language>
            </label>
            <description>
                <language value="en-US"></language>
            </description>
        </field>
        <field keyName="CAHash" type="input">
            <label>
                <language value="en-US">
                    Certificate hash for trusted CA
                </language>
            </label>
            <description>
                <language value="en-US"></language>
            </description>
        </field>
        <field keyName="CACommonName" type="input">
            <label>
                <language value="en-US">
                    Certificate common name for trusted CA
                </language>
            </label>
            <description>
                <language value="en-US"></language>
            </description>
        </field>
    </presentation>
</managedAppConfiguration>

7.5.2. ManagedAppConfig.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
    "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>ServerName</key>
        <string></string>
        <key>DomainName</key>
        <string></string>
        <key>ServerPort</key>
        <integer></integer>
        <key>CAHash</key>
        <string></string>
        <key>CACommonName</key>
        <string></string>
    </dict>
</plist>

7.5.3. ManagedAppConfig.json

{
    "kind": "androidenterprise#managedConfiguration",
    "productId": "app:com.ideri.IDERInoteClient",
    "managedProperty": [
        {
            "key": "ServerName",
            "valueString": ""
        },
        {
            "key": "ServerPort",
            "valueInteger": 0
        },
        {
            "key": "DomainName",
            "valueString": ""
        },
        {
            "key": "CAHash",
            "valueString": ""
        },
        {
            "key": "CACommonName",
            "valueString": ""
        }
    ]
}