Configure MobileIron

Configure MobileIron integration with the Connections Mobile app.

• This task is applicable to Connections on iOS only. For more information about configuring MobileIron for iOS, see the MobileIron administration guide.

• Connections supports MobileIron VSP version 5.7 and higher.

When a mobile device is managed by a mobile device management (MDM) product such as MobileIron, we can erase the data from the device if it is lost or stolen.

To erase Connections data only, follow the instructions in the Wiping app data from a device. To erase all data on a device and return it to its factory state, follow the instructions in the MobileIron product documentation.

If we plan to deploy the Connections mobile app in an environment that is managed by MobileIron, specify the MobileIron App Configuration and the Container Policy.

If we deploy the Connections mobile app in an environment that is already managed by MobileIron, the Connections app automatically runs in a secure mode that is managed by MobileIron.

If the Connections app was deployed before the MobileIron Mobile@Work app is installed on users' mobile devices, we must force Connections to switch from unmanaged to managed mode. To force this switch, set up the MobileIron App Configuration and Container Policy, and then provide the following instructions to the users:

1. Download and install the Mobile@Work app on the device.

2. If the Connections app is running, close it. If necessary, force the app to close. The app must be closed when we change the MDM state. The new MDM state is applied when the app is restarted.

3. Open the Settings app on the devices and open the entry for Connections.

4. Toggle Reset MDM State.

5. Start the Connections app. When Connections is restarted, it detects MobileIron and runs in managed mode.

6. Restart the device. The updated MDM policy is applied to the device.

To enable MobileIron integration with Connections:

• Create an AppConnect App Configuration:

  1. Log in to the MobileIron VSP console and click POLICIES & CONFIGS.

  2. Click Add New > AppConnect > Configuration.

  3. Enter a Name and Description for this configuration.

  4. Enter the following Application identifier for Connections: com.ibm.lotus.connections.

  5. In the AppTunnel section, enter the URL Wildcard and Port of the gateway in the dmgrZ that points to the Connections server.

     • The DMZ refers to a firewall configuration for securing the local area network where the Connections app server is located. Users can access the server only by first passing through the MobileIron Sentry URL.

     • The Port value refers to the port number of the gateway, not the Connections server. If we are not using a gateway, do not specify a port number.

     • We can specify either the URL of the Connections server, such as www.connections.myco.com, or a wildcard URL, such as *.connections.myco.com or www.connections.myco.com*.

  6. Select the URL of the MobileIron Sentry.

  7. Specify ANY in the Service field.

     • IBM recommends specifying ANY in this field but the organization might require a different configuration.

     • If we already specified a wildcard URL, specify ANY or CIFS_ANY in this field.

  8. Select an Identity Certificate.

  9. Specify App-specific Configurations - optional key-value pairs used to auto-complete the enrollment form for users.

     Only the server-user key-value pair is supported by IBM Connections. Adding other key-value pairs to the configuration causes the Connections app to ignore the entire App-specific configuration.

     server

     The actual URL of the Connections server.

     user

     A MobileIron reserved value of $EMAIL$ or $USERID$. These variables are populated from the devices user record in the MobileIron VSP, and relate to user names in the Connections deployment. Alternatively, we can specify a literal user name; for example: jdoe@connections.myco.com.

     • Values are case-sensitive.

     • The Value field cannot be empty. $NULL$ is not supported by Connections.
     • MobileIron does not validate the entries in the Value field; therefore, ensure the values are syntactically and functionally correct.

  10. Click Save.

  We do not have to specify an App-specific Configuration for Connections.

• Create an AppConnect Container Policy:

  Your MobileIron configuration overrides the settings for the AllowCopyandPaste, AllowPrint, and AllowExport properties in mobile-config.xml.

  1. Log in to the MobileIron VSP console and click POLICIES & CONFIGS.

  2. Click Add New > AppConnect > Container Policy.

  3. Enter a Name and Description for this configuration.

  4. Enter the following Application identifier for Connections: com.ibm.lotus.connections.

  5. Set policies for Print, Copy/Paste To, and Open In. When you select the Open In policy, we can specify a list of allowed apps.

  6. Click Save.

• Verify the settings:

  The Connections Mobile app is now in a managed state, provided the following conditions are true:

  • The MobileIron VSP has both a Container Policy and an App Configuration.

  • The mobile device is registered.

  • The MobileIron and Connections apps were installed on the devices in the correct sequence (first MobileIron, then Connections).

  We can verify that Connections is managed by MobileIron by opening Help & Support, under My Account. When Connections is managed by MobileIron, the MobileIron library version is displayed.

What to do next

For more information about MobileIron, go to the MobileIron website.

Parent topic:
Configure security for Mobile

Related reference:

Mobile configuration properties