Android (5.0 and later) has allowed MDM (Mobile Device Management) solutions to pass dictionaries directly in the applications, that can be downloaded through MDM. This functionality is supported by AirWatch. The dictionary reference contains settings that can be defined via MDM. The MDM enrollment setup skips all the prompts and user intervention for installation and activation of the inSync mobile app. This ensures that each user undergoes the same set of steps when enrolling their Android devices. For example, the dictionary contains configuration information about the server address, email address of the user, mass deployment token that is required for authenticating the user, and security information like allow or restrict copy, allow or restrict opening the files in different apps.
Airwatch uses Android for work. Android for work enables IT to create a work profile that contains apps that users use only for business cases and it helps to keep personal and business data private.
Many applications require users to enter URL, port, email address, and various configurations as part of a one time setup of an application. These manual configurations can impact the adoption and success of an organization’s mobile app initiatives, increase the burden on a help desk fielding calls from users, and adds the burden of maintaining documentation that needs to be updated frequently as new updates to the application are made available.
By leveraging native APIs, these configurations can be set remotely by the Enterprise Media Manager (EMM) Server to simplify the setup process for end users, and alleviate the help desk and documentation burden caused by manual setup. An app developer can define a set of configuration keys it accepts from an EMM Server, and an organization administrator sets the keys and values in the EMM provider’s management console that will be pushed into the app.
Apps commonly implement the following types of configurations:
- Backend service configuration: URL, port, use SSL, group/tenant code
- User configuration: username, email, domain
As an inSync user, all you have to do is enroll the Android device, and install the inSync mobile app from AirWatch. In quick and easy steps, you can install and monitor the inSync mobile app on all Android user devices in your organization. This allows you to have complete visibility of all Android devices in your organization on which the inSync mobile app is installed.
Workflow when the inSync mobile app is launched for the first time
|Step no.||What happens|
inSync administrator generates the mass deployment token from the inSync Master Management Console.
The mass deployment token allows you to distribute and silently activate the inSync mobile app on multiple Android devices.
For generating the mass deployment token, see the following topics:
inSync administrator executes the following tasks, and provides the information to AirWatch Server:
AirWatch Server syncs the mass deployment token, IP address, user's email ID, and configuration policies with the inSync mobile app.
inSync user launches the inSync mobile app on the Android device.
|5.||inSync mobile app uses mass deployment token, Server IP, and user's email ID provided by AirWatch Server to authenticate with inSync Server.|
inSync Server sends device token to inSync mobile app.
|7.||The device token is saved securely in the Android device and is used for subsequent authentication.|
Workflow when the inSync mobile app is already authenticated
|Step no.||What happens|
|1.||AirWatch Server syncs the the mass deployment token, IP address, user's email ID, and configuration policies with the inSync mobile app.|
|2.||inSync user launches the inSync mobile app on the mobile device. The inSync mobile app functions per the configuration and security policies that are configured at the AirWatch Server.|
Workflow when the inSync mobile app is unauthorized
|Step no.||What happens|
From the AirWatch console, the AirWatch administrator will disable or delete the user at the AirWatch Server.
When the user is deleted from AirWatch, then the inSync mobile app that is on the user's device will be unauthorized. Additionally, the AirWatch Server will automatically delete the inSync mobile app from the user's Android device.
Backup and restore workflow for inSync mobile app
This topic provides the complete backup and restore workflow.
inSync mobile app sends the device token, user's email ID, and device ID to the inSync Server for authentication.
|2.||Upon successful authentication, a token is sent by inSync Server to the inSync mobile app.|
|3.||inSync mobile app sends this token to the inSync storage node for authorization.|
|4.||Upon successful authorization, the storage node acknowledges the request.|
|5.||Backup and restore tasks can be carried out.|
Ports used by inSync mobile app
To ensure even greater security and firewall management, inSync now directs all communication traffic through a single port (SSL/443) for Backup, Restore, Sync, and Share. This reduces the number of required firewall ports for deployment.