Versions Compared

Version Old Version 12 New Version 13
Changes made by

Agat Support

Agat Support

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Table of Content Zone

In this guide, we are going to learn how to install SkypeShield's dedicated app for MobileIron

MDM integration has 2 types of behaviors:

  • Conditional Registration - Limiting registration only to managed devices by the MDM vendor.
  • Conditional Access -  Consistent validation that the device is managed and did not become out of compliance.

Regarding Conditional Access SkypeShield can function according to the following approaches:

  • WiFi - Registration can only be done from and a WiFi network that requires a certificate in order to connect to. The certificate is managed by the MDM.
  • SkypeShield Application -  Registration can be performed only by using a specific SkypeShield (SkS) app, that is only available from the corporate store/catalog to the devices that are managed.

Prerequisites

Before we begin the installation we need to make sure we have a SkypeShield app package containing:

  • SkypeShield_MobileIron.ipa
  • SkypeShield_MobileIron.apk
  • AppConfig.txt

All of the package components will be provided to you by AGAT administration team.

Important Notes:

Due to technology limitation, the implementation of iOS and Android apps is different.

  • For Android deployment, please send over the lyncdiscover URL over to support@agatsoftware.com.
  • For iOS deployment, it is required to edit the AppConfig.txt file and change the company name and default host field with the appropriate values.

Create a Label for Testing your App (optional)

MobileIron Core utilizes labels in order to associate policies and apps with devices. It is possible to create a new label so that your policies will
affect only specific devices.

  1. In MobileIron's Admin Portal go to Device & Users → Labels
  2. Click Image Added
  3. Enter a name for the Label
  4. Click Image Added


Upload SkypeShield App to MobileIron Core

For iOS

  1. In MobileIron's Admin Portal go to Apps → App Catalog
  2. Click Image Added
  3. Select 'In House' and browse to select 'SkypeShield_MobileIron.ipa':
    Image Added

  4. Click Next
  5. Click Next
  6. Click Finish
  7. Open the App Catalog in Apps → App Catalog
  8. Select the row listing your app and click Actions → Apply to Labels
    Image Added

  9. Select iOS label or another custom label you've created for specific devices.
  10. Click Image Added


For Android

  1. In MobileIron's Admin Portal go to Apps → App Catalog
  2. Click Image Added
  3. Select 'In House' and browse to select 'SkypeShield_MobileIron.apk':
    Image Added

  4. Click Next
  5. Click Next
  6. Click Finish
  7. Open the App Catalog in Apps → App Catalog
  8. Select the row listing your app and click Actions → Apply to Labels
    Image Added

  9. Select an Android label or another custom label you've created for specific devices.
  10. Click Image Added


Enable AppConnect in MobileIron Core

  1. In the Admin Portal navigate to Settings → Additional Products → Licensed Products
  2. Enable 'AppConnect for Third-party and In-house Apps'
    Image Added


  3. Click Image Added


Edit the Default AppConnect Global Policy

In order for SkypeShield to work properly, it is required to have a global policy configured.

  1. In MobileIron's Admin Portal go to  Policies & Configs → Policies
  2. Select 'Default AppConnect Global Policy' and click Image Added on the right pane window that has popped up.
    Image Added

  3. Make sure 'Enabled' is selected
    Image Added


AppConnect Passcode

Regardless of whether the device's password is turned On or Off, the user will be required to create a secured apps passcode.
Then the user will use that passcode for access to all secured apps. It is up to your company security preferences to create secure apps passcode.

4. Select the types of device to whom passcode will apply.
Image Added

5. Under 'Security Policies'  set the policy according to your needs and requirements.

6. Click Image Added


AppConnect Container Policy

Create a SkypeShiedl AppConnect Container Policy

An app is be authorized only an AppConnect container policy for that app can be found on the device.

For iOS

  1. In Mobileiron's Admin Portal go to Policies & Configs → Configurations
    Image Added

  2. Select Add New → AppConect → Container Policy
    Image Added

  3. Enter a name for AppConnect container policy
  4. In the Application field you can either enter the bundle ID of the SkypeShield manually or select it from the drop-down list and it will be added automatically.
    Image Added
  5. Click Image Added
  6. Select the SkypeShield container policy you've created. and go to Actions → Apply To Label
     

For Android

For Android, an AppConnect container policy is created Automatically. You can find it under the name 'SkypeShield' and package ID 'foregepond.com.agat.skypeshield'.
Image Added


You can configure the policy by selecting it and clicking Image Added.

Info
titleNote

Make sure you are selecting a policy with a 'Configuration Type'  of APPPOLICY

By default, SkypeShield AppConnect policy is applied to Android label. To change that do the following:

  1. Select the SkypeShield app policy
  2. Click on Actions → Remove From Label.
  3. Select the Android label and click Image Added
  4. Select your label once more and click Action → Apply To Label
  5. Select your required label and click Image Added



AppConnect App Configuration

The SkypeShield app retrieves its configuration settings from your MobileIron MDM environment.

For iOS

  1. In MobileIron's Admin Portal, select Policies & Configs → Configurations
  2. Click Add New → AppConnect → App Configuration
    Image Added

  3. Enter a name for the AppConnect app configuration.
  4. n the Application field you can either enter the bundle ID of the SkypeShield manually or select it from the drop-down list and it will be added automatically.
  5. Scroll down to 'App-Specific Configurations' and click on Image Added to add a new key/value pair
  6. The key value should be 'AppConfig' and the value is the content of AppConfig.txt (provided by AGAT).
    Image Added

  7. Click Image Added
  8. Select the SkypeShield App Configuration you've created.
  9. Click Actions → Apply To Label
  10. Select the default iOS label or any other custom label you've created for specific devices.


For Android

Not required 


Web Services Being Used by SkypeShield

Authentication

Access to the web service is granted y using roles. Only administrators with the '‘Manage administrators and device spaces'  can assign the 'API' role to a user.

  1. In MobileIron's Admin Portal go to Admin → Admins
  2. Select a user from the list.
  3. Click Actions → Edit Roles
    Image Added
  4. Select the API role which is listed under 'Other Roles'
    Image Added

  5. Click Image Added

Get Devices by Status

A device in MobileIron can exist in a variety of different states. Each one of them can be retrieved using an  API request.

For example, states such as:

  • Enrollment in progress
  • Active
  • Retired
  • Lost
  • Wipen

can be retrieved.

Get Device Details

Device details such as the manufacturer. model, OS, status and registered email address can be retrieved in the following ways:

  • Search by phone number
  • Search by user ID - if the user has more than 1 device, multiple devices will be returned.
  • Search by a label - the API will return all devices assigned to that label.

For example, the following request will query the API for all devices assigned to the Android label:

https://mycore.mobileiron.com/api/v1/dm/labels/android




In this guide, we are going to learn how to install SkypeShield's dedicated app for MobileIron

...

  1. In MobileIron's Admin Portal go to Device & Users → Labels
  2. Click
  3. Enter a name for the Label
  4. Click 


Upload SkypeShield App to MobileIron Core

For iOS

  1. In MobileIron's Admin Portal go to Apps → App Catalog
  2. Click 
  3. Select 'In House' and browse to select 'SkypeShield_MobileIron.ipa':


  4. Click Next
  5. Click Next
  6. Click Finish
  7. Open the App Catalog in Apps → App Catalog
  8. Select the row listing your app and click Actions → Apply to Labels


  9. Select iOS label or another custom label you've created for specific devices.
  10. Click 


For Android

  1. In MobileIron's Admin Portal go to Apps → App Catalog
  2. Click 
  3. Select 'In House' and browse to select 'SkypeShield_MobileIron.apk':


  4. Click Next
  5. Click Next
  6. Click Finish
  7. Open the App Catalog in Apps → App Catalog
  8. Select the row listing your app and click Actions → Apply to Labels


  9. Select an Android label or another custom label you've created for specific devices.
  10. Click 


Enable AppConnect in MobileIron Core

  1. In the Admin Portal navigate to Settings → Additional Products → Licensed Products
  2. Enable 'AppConnect for Third-party and In-house Apps'



  3. Click


Edit the Default AppConnect Global Policy

In order for SkypeShield to work properly, it is required to have a global policy configured.

  1. In MobileIron's Admin Portal go to  Policies & Configs → Policies
  2. Select 'Default AppConnect Global Policy' and click  on the right pane window that has popped up.


  3. Make sure 'Enabled' is selected


AppConnect Passcode

Regardless of whether the device's password is turned On or Off, the user will be required to create a secured apps passcode.
Then the user will use that passcode for access to all secured apps. It is up to your company security preferences to create secure apps passcode.

...

5. Under 'Security Policies'  set the policy according to your needs and requirements.

6. Click 


AppConnect Container Policy

Create a SkypeShiedl AppConnect Container Policy

An app is be authorized only an AppConnect container policy for that app can be found on the device.

For iOS

  1. In Mobileiron's Admin Portal go to Policies & Configs → Configurations


  2. Select Add New → AppConect → Container Policy


  3. Enter a name for AppConnect container policy
  4. In the Application field you can either enter the bundle ID of the SkypeShield manually or select it from the drop-down list and it will be added automatically.
  5. Click 
  6. Select the SkypeShield container policy you've created. and go to Actions → Apply To Label
     

For Android

For Android, an AppConnect container policy is created Automatically. You can find it under the name 'SkypeShield' and package ID 'foregepond.com.agat.skypeshield'.

...

  1. Select the SkypeShield app policy
  2. Click on Actions → Remove From Label.
  3. Select the Android label and click 
  4. Select your label once more and click Action → Apply To Label
  5. Select your required label and click 



AppConnect App Configuration

The SkypeShield app retrieves its configuration settings from your MobileIron MDM environment.

For iOS

  1. In MobileIron's Admin Portal, select Policies & Configs → Configurations
  2. Click Add New → AppConnect → App Configuration


  3. Enter a name for the AppConnect app configuration.
  4. n the Application field you can either enter the bundle ID of the SkypeShield manually or select it from the drop-down list and it will be added automatically.
  5. Scroll down to 'App-Specific Configurations' and click on  to add a new key/value pair
  6. The key value should be 'AppConfig' and the value is the content of AppConfig.txt (provided by AGAT).


  7. Click 
  8. Select the SkypeShield App Configuration you've created.
  9. Click Actions → Apply To Label
  10. Select the default iOS label or any other custom label you've created for specific devices.


For Android

Not required 


Web Services Being Used by SkypeShield

Authentication

Access to the web service is granted y using roles. Only administrators with the '‘Manage administrators and device spaces'  can assign the 'API' role to a user.

  1. In MobileIron's Admin Portal go to Admin → Admins
  2. Select a user from the list.
  3. Click Actions → Edit Roles
  4. Select the API role which is listed under 'Other Roles'


  5. Click

Get Devices by Status

A device in MobileIron can exist in a variety of different states. Each one of them can be retrieved using an  API request.

...

  • Enrollment in progress
  • Active
  • Retired
  • Lost
  • Wipen

can be retrieved.

Get Device Details

Device details such as the manufacturer. model, OS, status and registered email address can be retrieved in the following ways:

...