Imprivata Mobile Access Management customers can have more than one Mobile Device Management system (MDM) configured to their environment, and need to configure the Imprivata Locker app (Android) to correctly communicate with the appropriate MDM system for their Android devices.
When the MDM deploys the Locker app (Android) to the devices, the Locker app passes several bits of information back to the GroundControl server to correctly identify the MDM.
Prerequisites
This procedure assumes the following:
- In Mobile Access Management, you already enabled API integration for the MDM systems.
- In your MDM system, you have enabled the API integration. See the articles for your MDM:
Gather Android API Information from Mobile Access Management
- In the MAM console, navigate to Admin > MDMs tab.
- To access the MDM system page, click one of the MDM options: AirWatch, Intune, Samsung Knox Manage, or SOTI.
- In the Android Locker App Configuration section, click Show details.
VMware Workspace ONE (AirWatch) Example
- Copy the app config values from the Android Locker App Configuration section using the copy to clipboard icon next to each item. You will use these values when configuring AppConfig values in your MDM in the next task.
- Mobile Access Management MDM ID
- Mobile Access Management Server
- Device Identifier.
NOTE: The Device Identifier AppConfig value is formatted differently depending on your MDM.
Configure AppConfig in the MDMs
Use the AppConfig values from Mobile Access Management in your MDM system.
- In the Workspace ONE UEM console, specify the user groups that will receive the Imprivata Locker (Android) app.
- On the distribution screen, name the assignment and in the Assignment Groups field, enter the name of the user group or smart group.
- Configure how to deploy Imprivata Locker. Select Auto.
- From the menu on the left, click Application Configuration.
- Add three new keys for the AppConfig and paste the values you copied from the GroundControl MDM tab:
- Mobile Access Management MDM ID
- Mobile Access Management Server
- Device Identifier
- Save the change, then click Save and Publish, then Publish.
- In the Intune admin console, navigate to Client Apps > App Configuration Policies > + Add.
- Enter a policy name.
- Set Device Enrollment Type to Managed Devices.
- Set Platform to Android.
- Select the app to configure from the Associated app.
- Click Configuration settings and select Use configuration designer from the Configuration settings format dropdown.
- Add three new keys for the AppConfig and paste the values you copied from the GroundControl MDM tab:
- GroundControl MDM ID
- GroundControl Server
- Device Identifier
- Click OK at the bottom of the tab, then Add to finish.
In the Knox Manage admin console:
- In Group, create a user group for the GroundControl users.
- In Application, add applications, including the Imprivata Locker app for Android.
- Assign the applications to the user group.
- Set up the app configuration for the Imprivata Locker app:
- Click Modify settings, then click Set Configuration.
- In the Managed Configuration box, type AppConfig. Enter the AppConfig values.
- In the GroundControl MDM ID box, click Configure and type the GroundControl MDM ID.
- In the GroundControl Server box, click Configure and type the GroundControl server.
- In the Device Identifier box, click Configure and type the Device Identifier.
- Optionally, in the Emergency PIN box, type the Emergency PIN.
- Optionally, in the Configuration Flags box, type enrollAndroidPIN to allow the use of native Android PIN.
Supported in GroundControl 6.2 and later.
Step 1: Create an App Policy for Imprivata Locker
- In the SOTI console, navigate to Policies > Apps and click New App Policy.
- In the Create App Policy dialog, select Android > Android Enterprise.
- On the General tab, type a name in the App Policy Name box.
- On the Apps tab, click + to add apps to the policy.
- On the Select Apps page, in the Apps section, select the Google Managed Enterprise account you added.
- Click Managed Google Play.
- Add the Imprivata Locker app from the Managed Google Play Store.
- Add any other apps, as needed.
Step 2: Configure the Imprivata Locker App
- In the SOTI console, click the gear icon for the Imprivata Locker app.
- Click the Enable Managed App Config toggle.
- Enter AppConfig values from the GroundControl admin console:
- Add three new keys for the AppConfig and paste the values you copied from the GroundControl MDM tab:
- GroundControl MDM ID
- GroundControl Server
- Device Identifier
- Click Save.
