| Table of Contents |
|---|
In this guide, we are going to learn how to install SkypeShieldSphereShield for SfB's dedicated app for MobileIron
...
Regarding Conditional Access SkypeShield SphereShield for SfB can function according to the following approaches:
- WiFi - Registration can only be done from and a WiFi network that requires a certificate in order to connect to. The certificate is managed by the MDM.
- SkypeShield Application - Registration can be performed only by using a specific SkypeShield (SkS) app, that is only available from the corporate store/catalog to the devices that are managed.
- VPN Redirection - Registration can only be done from a device that is configured to work with Split Tunnel VPN managed by the MDM.
Prerequisites
Before we begin the installtion installation we need to make sure we have a SkypeShield app package containing:
- SkypeShield_MobileIron.ipa
- SkypeShield_MobileIron.apk
- AppConfig.txt
All of the package components will be provided to you by AGAT administration team.
To use internally by AGAT: /wiki/spaces/SKYP/pages/625247362 /wiki/spaces/SKYP/pages/625247178
Important Notes:
Due to technology limitation, the implementation of iOS and Android apps is different.
- For Android deployment, please send over the lyncdiscover URL over to support@agatsoftware.com.
- For iOS deployment, it is required to edit the AppConfig.txt file and change the company name and default host field with the appropriate values.
...
- In the Admin Portal navigate to Settings → Additional Products → Licensed Products
- Enable 'AppConnect for Third-party and In-house Apps'
- Click
Edit the Default AppConnect Global Policy
In order for SphereShield for SfB to work properly, it is required to have a global policy configured.
- In MobileIron's Admin Portal go to Policies & Configs → Policies
- Select 'Default AppConnect Global Policy' and click
on the right pane window that has popped up.
- Make sure 'Enabled' is selected
AppConnect Passcode
Regardless of whether the device's password is turned On or Off, the user will be required to create a secured apps passcode.
Then the user will use that passcode for access to all secured apps. It is up to your company security preferences to create secure apps passcode.
4. Select the types of device to whom passcode will apply.
5. Under 'Security Policies' set the policy according to your needs and requirements.
6. Click 
AppConnect Container Policy
Create a SkypeShield AppConnect Container Policy
An app is be authorized only an AppConnect container policy for that app can be found on the device.
For iOS
- In Mobileiron's Admin Portal go to Policies & Configs → Configurations
- Select Add New → AppConect → Container Policy
- Enter a name for AppConnect container policy
- In the Application field you can either enter the bundle ID of SphereShield for SfB manually or select it from the drop-down list and it will be added automatically.
- Click
- Select the SphereShield for SfB container policy you've created. and go to Actions → Apply To Label
For Android
For Android, an AppConnect container policy is created Automatically. You can find it under the name 'SkypeShield' and package ID 'foregepond.com.agat.skypeshield'.
You can configure the policy by selecting it and clicking 
.
| Info | ||
|---|---|---|
| ||
Make sure you are selecting a policy with a 'Configuration Type' of APPPOLICY |
By default, SkypeShield AppConnect policy is applied to Android label. To change that do the following:
- Select the SkypeShield app policy
- Click on Actions → Remove From Label.
- Select the Android label and click
- Select your label once more and click Action → Apply To Label
- Select your required label and click
AppConnect App Configuration
The SkypeShield app retrieves its configuration settings from your MobileIron MDM environment.
For iOS
- In MobileIron's Admin Portal, select Policies & Configs → Configurations
- Click Add New → AppConnect → App Configuration
- Enter a name for the AppConnect app configuration.
- n the Application field you can either enter the bundle ID of the SphereShield for SfB manually or select it from the drop-down list and it will be added automatically.
- Scroll down to 'App-Specific Configurations' and click on
to add a new key/value pair - The key value should be 'AppConfig' and the value is the content of AppConfig.txt (provided by AGAT).
- Click
- Select the SkypeShield App Configuration you've created.
- Click Actions → Apply To Label
- Select the default iOS label or any other custom label you've created for specific devices.
For Android
Not required
Web Services Being Used by SphereShield for SfB
Authentication
Access to the web service is granted y using roles. Only administrators with the '‘Manage administrators and device spaces' can assign the 'API' role to a user.
- In MobileIron's Admin Portal go to Admin → Admins
- Select a user from the list.
- Click Actions → Edit Roles
- Select the API role which is listed under 'Other Roles'
- Click
Get Devices by Status
A device in MobileIron can exist in a variety of different states. Each one of them can be retrieved using an API request.
For example, states such as:
- Enrollment in progress
- Active
- Retired
- Lost
- Wiped
can be retrieved.
Get Device Details
Device details such as the manufacturer. model, OS, status and registered email address can be retrieved in the following ways:
- Search by phone number
- Search by user ID - if the user has more than 1 device, multiple devices will be returned.
- Search by a label - the API will return all devices assigned to that label.
For example, the following request will query the API for all devices assigned to the Android label: