Versions Compared

Version Old Version 17 New Version Current
Changes made by

Avi J. Levin

David Elkarat

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In this guide, we are going to learn how to install SkypeShieldSphereShield for SfB's dedicated app for MobileIron

...

Regarding Conditional Access SkypeShield SphereShield for SfB can function according to the following approaches:

  • WiFi - Registration can only be done from and a WiFi network that requires a certificate in order to connect to. The certificate is managed by the MDM.
  • SkypeShield Application -  Registration can be performed only by using a specific SkypeShield (SkS) app, that is only available from the corporate store/catalog to the devices that are managed.
  • VPN Redirection - Registration can only be done from a device that is configured to work with Split Tunnel VPN managed by the MDM.

Prerequisites

Before we begin the installation we need to make sure we have a SkypeShield app package containing:

...

All of the package components will be provided to you by AGAT administration team.

To use internally by AGAT/wiki/spaces/SKYP/pages/625247362     /wiki/spaces/SKYP/pages/625247178


Important Notes:

Due to technology limitation, the implementation of iOS and Android apps is different.

  • For Android deployment, please send the lyncdiscover URL to support@agatsoftware.com.
  • For iOS deployment, it is required to edit the AppConfig.txt file and change the company name and default host field with the appropriate values.

Create a Label for Testing your App (optional)

MobileIron Core utilizes labels in order to associate policies and apps with devices. It is possible to create a new label so that your policies will
affect only specific devices.

  1. In MobileIron's Admin Portal go to Device & Users → Labels
  2. Click
  3. Enter a name for the Label
  4. Click 


Upload SkypeShield App to MobileIron Core

For iOS

  1. In MobileIron's Admin Portal go to Apps → App Catalog
  2. Click 
  3. Select 'In House' and browse to select 'SkypeShield_MobileIron.ipa':


  4. Click Next
  5. Click Next
  6. Click Finish
  7. Open the App Catalog in Apps → App Catalog
  8. Select the row listing your app and click Actions → Apply to Labels


  9. Select iOS label or another custom label you've created for specific devices.
  10. Click 


For Android

  1. In MobileIron's Admin Portal go to Apps → App Catalog
  2. Click 
  3. Select 'In House' and browse to select 'SkypeShield_MobileIron.apk':


  4. Click Next
  5. Click Next
  6. Click Finish
  7. Open the App Catalog in Apps → App Catalog
  8. Select the row listing your app and click Actions → Apply to Labels


  9. Select an Android label or another custom label you've created for specific devices.
  10. Click 


Enable AppConnect in MobileIron Core

  1. In the Admin Portal navigate to Settings → Additional Products → Licensed Products
  2. Enable 'AppConnect for Third-party and In-house Apps'



  3. Click


Edit the Default AppConnect Global Policy

In order for SkypeShield SphereShield for SfB to work properly, it is required to have a global policy configured.

  1. In MobileIron's Admin Portal go to  Policies & Configs → Policies
  2. Select 'Default AppConnect Global Policy' and click  on the right pane window that has popped up.


  3. Make sure 'Enabled' is selected


AppConnect Passcode

Regardless of whether the device's password is turned On or Off, the user will be required to create a secured apps passcode.
Then the user will use that passcode for access to all secured apps. It is up to your company security preferences to create secure apps passcode.

...

5. Under 'Security Policies'  set the policy according to your needs and requirements.

6. Click 


AppConnect Container Policy

Create a

...

SkypeShield AppConnect Container Policy

An app is be authorized only an AppConnect container policy for that app can be found on the device.

For iOS

  1. In Mobileiron's Admin Portal go to Policies & Configs → Configurations


  2. Select Add New → AppConect → Container Policy


  3. Enter a name for AppConnect container policy
  4. In the Application field you can either enter the bundle ID of SkypeShield SphereShield for SfB manually or select it from the drop-down list and it will be added automatically.
  5. Click 
  6. Select the SkypeShield SphereShield for SfB container policy you've created. and go to Actions → Apply To Label
     

For Android

For Android, an AppConnect container policy is created Automatically. You can find it under the name 'SkypeShield' and package ID 'foregepond.com.agat.skypeshield'.

...

  1. Select the SkypeShield app policy
  2. Click on Actions → Remove From Label.
  3. Select the Android label and click 
  4. Select your label once more and click Action → Apply To Label
  5. Select your required label and click 



AppConnect App Configuration

The SkypeShield app retrieves its configuration settings from your MobileIron MDM environment.

For iOS

  1. In MobileIron's Admin Portal, select Policies & Configs → Configurations
  2. Click Add New → AppConnect → App Configuration


  3. Enter a name for the AppConnect app configuration.
  4. n the Application field you can either enter the bundle ID of the SkypeShield SphereShield for SfB manually or select it from the drop-down list and it will be added automatically.
  5. Scroll down to 'App-Specific Configurations' and click on  to add a new key/value pair
  6. The key value should be 'AppConfig' and the value is the content of AppConfig.txt (provided by AGAT).


  7. Click 
  8. Select the SkypeShield App Configuration you've created.
  9. Click Actions → Apply To Label
  10. Select the default iOS label or any other custom label you've created for specific devices.


For Android

Not required 


Web Services Being Used by

...

SphereShield for SfB 

Authentication

Access to the web service is granted y using roles. Only administrators with the '‘Manage administrators and device spaces'  can assign the 'API' role to a user.

  1. In MobileIron's Admin Portal go to Admin → Admins
  2. Select a user from the list.
  3. Click Actions → Edit Roles
  4. Select the API role which is listed under 'Other Roles'


  5. Click

Get Devices by Status

A device in MobileIron can exist in a variety of different states. Each one of them can be retrieved using an  API request.

...

  • Enrollment in progress
  • Active
  • Retired
  • Lost
  • Wiped

can be retrieved.

Get Device Details

Device details such as the manufacturer. model, OS, status and registered email address can be retrieved in the following ways:

...