SkypeShield Application Installation Guide for AirWatch

Owned by Agat Support
Last updated: Apr 11, 2022 by Avi J. Levin (Unlicensed)
5 min read


In this guide, we are going to learn how to install SphereShield for SfB's dedicated app for AirWatch

MDM integration has 2 types of behaviors:

  • Conditional Registration - Limiting registration only to managed devices by the MDM vendor.
  • Conditional Access -  Consistent validation that the device is managed and did not become out of compliance.

Regarding Conditional Access SphereShield for SfB can function according to the following approaches:

  • WiFi - Registration can only be done from a WiFi network that requires a certificate in order to connect to. The certificate is managed by the MDM.
  • SkypeShield Application -  Registration can be performed only by using a specific SkypeShield (SkS) app, that is only available from the corporate store/catalog to the devices that are managed.
  • VPN Redirection - Registration can only be done from a device that is configured to work with Split Tunnel VPN managed by the MDM.

You can implement the app for both Android and iOS devices:

  • Android  - deployment is performed using the AirWatch SDK which allows interaction with the Airwatch Agent in order to collect data about the user and device. For example, UDID.
  • iOS  - deployment is performed using AppConfig technology.

Prerequisites

Before we begin the installation we need to make sure we have a SkypeShield app package containing:

  • SkypeShield_AirWatch.ipa
  • SkypeShield_AirWatch.apk
  • AppConfig.txt

All of the package components will be provided to you by AGAT administration team.


Upload SkypeShield Application to AirWatch Console

For iOS

  1. In the AirWatch console click on Add → Internal Application
  2. Select SkypeShield_AirWatch.ipa and click 
  3. You'll be presented with a screen describing  SkypeShield application details. After you are done configuring it to your needs click 
  4. In the Internal Apps page select the SkypeShield app you've created and click 


  5. Click 
  6. Under 'Select Assignment Groups', specify the required Smart Group.
  7. Scroll down activate 'Application Configuration' 
  8. Set the following value to each of the fields:
    Configuration Key - AppConfig
    Value Type - string
    Configuration Value - the content of the AppConfig.txt file



  9. Click 
  10. Click 


For Android

Create AirWatch Android SDK Profile

Airwatch allows the SkypeShield app to integrate with the Admin Console, in order to retrieve the latest settings that are applied to the application.
It is possible to update the setting periodically when required, without a single change to the application source code. 

  1. In the AirWatch Admin Console go to Groups & Settings → All Settings
  2. Navigate to Apps → Setting and Policies → Profiles.  Click 


  3. Click SDK Profile → Android
  4. Specify a name for the Android SDK profile.
  5. Go to Customer Settings and click 

  6. Copy & Paste the contents of the AppConfig.txt file (provide by AGAT as part of the SkypeShield Android package) into the 'Custom Setting' field.

    Note

    AppConfig.txt is a unique file that contains parameters specific to your company. The value in the screenshot above is for illustration purposes only.

  7. Click 



Upload SkypeShield Android Application
  1. In the AirWatch console click on Add → Internal Application
  2. Select SkypeShield_AirWatch.apk and click 
  3. You'll be presented with a screen describing  SkypeShield application details. Click More → SDK



  4. Select the Android SDK profile you've created and click 
  5. In the Internal Apps page select the SkypeShield app you've created and click 



  6. Click 
  7. Select the required Assignment Group  and click 


  8. Click 


Renewing the Provisioning Profile for SkypShield iOS 

It is possible to renew the Apple iOS provisioning profile without requiring end users to reinstall the application.
AirWatch Console notifies 60 days before expiration and enables renewing the file for all the application associated with it.

Access to the expiration links of Apple's iOS provisioning profile is allowed only for users from the applicable Organization Group.

  1. In the AirWatch Admin Console open Apps & Books → Applications → Native → Internal


  2. Click the expiration for the application which you want to update the provisioning profile.


  3. Click  and upload the replacement file.
  4. Select 'Update Provisioning Profile For All Applications' the profile to all associated apps. This option will be visible only if multiple apps share the same provisioning profile.
  5. Click 

Expired Apple iOS Provisioning Profiles

When an Apple iOS provision profile expires, users cannot access the associated application or install it.
The following AirWatch document, Provisioning Profiles and Updates explains why renewing provisioning profiles help mitigate issues in AirWatch.



AppConfig Explained

The AppConfig file is used in order to get certain values from the MDM server that will be used by the app.
These are the main values of the AppConfig file:

  • SkypeShieldAndroidVersion \ minSkypeShieldAndroidVersion - the minimum version of Android SkypeShield that is allowed.
  • SkypeShieldIosVersion \ minSkypeShieldIosVersion - the minimum version of iOS SkypeShield that is allowed.
  • pacakgeKey -  a value stored in SkypeShield's DB in order to authenticate the app. This field is not mandatory and will be left empty in most cases.
    If it's in use, it must match the value in the Access Portal DB.
  • CompanyName - a value store in SkypeShield DB in order to identify the company which is using the app. This is used in order to prevent other users from other companies from using the app.
    This field must match the value in the Access Porta DB.
  • DefaultHost - a field that is used to dictate the address to whom the launcher will send MDM information. It should be the address of your lyncdiscover URL that's published by the Bastion.