Administering Jive Mobile Apps for ios and Android

Similar documents
Administering Jive Mobile Apps

8.0 Help for Community Managers About Jive for Google Docs...4. System Requirements & Best Practices... 5

9.0 Help for Community Managers About Jive for Google Docs...4. System Requirements & Best Practices... 5

Cloud Help for Community Managers...3. Release Notes System Requirements Administering Jive for Office... 6

8.0 Help for Community Managers Release Notes System Requirements Administering Jive for Office... 6

Pulse Workspace Appliance. Administration Guide

Introduction to application management

Salesforce Mobile App Security Guide

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

SAML-Based SSO Solution

Enterprise Access Gateway Management for Exostar s IAM Platform June 2018

Community Manager Guide: Jive Jabber Add-on

Sophos Mobile. super administrator guide. product version: 8.6

Sophos Mobile. super administrator guide. Product Version: 8

Jive Connects for IBM Sametime

VST Hospital Administrator Guide. Version 2.0.4

About This Document 3. Overview 3. System Requirements 3. Installation & Setup 4

Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.

Sophos Mobile super administrator guide. Product version: 7.1

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

Guide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

BIG-IP Access Policy Manager : Authentication and Single Sign-On. Version 13.1

ForgeRock Access Management Core Concepts AM-400 Course Description. Revision B

VMware Workspace ONE Quick Configuration Guide. VMware AirWatch 9.1

1Y Citrix. Designing Deploying and Managing Citrix XenMobile 10 Enterprise Solutions

Guide to Deploying VMware Workspace ONE. VMware Identity Manager VMware AirWatch 9.1

AirWatch Container. VMware Workspace ONE UEM

Deploying VMware Workspace ONE Intelligent Hub. October 2018 VMware Workspace ONE

VMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018

Workspace ONE UEM Notification Service. VMware Workspace ONE UEM 1811

Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.

Integrating AirWatch and VMware Identity Manager

BlackBerry UEM Configuration Guide

Manage SAML Single Sign-On

Configuration Guide. BlackBerry UEM. Version 12.9

Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.

How to Configure Authentication and Access Control (AAA)

VMware Workspace ONE UEM Integration with Apple School Manager

VMware AirWatch Integration with Apple School Manager Integrate with Apple's School Manager to automatically enroll devices and manage classes

Application / Document Management. MaaS360 e-learning Portal Course 3

Administering Workspace ONE in VMware Identity Manager Services with AirWatch. VMware AirWatch 9.1.1

Introduction Secure Message Center (Webmail, Mobile & Visually Impaired) Webmail... 2 Mobile & Tablet... 4 Visually Impaired...

Securing Office 365 with Okta

Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1

Integration Guide. LoginTC

Setting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager

VMware AirWatch Integration with Apple School Manager Integrate with Apple's School Manager to automatically enroll devices and manage classes

SAML-Based SSO Solution

Using Jive for Outlook

Enhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation

Salesforce Mobile App Security Guide

Five9 Plus Adapter for Agent Desktop Toolkit

SAP Security in a Hybrid World. Kiran Kola

Google Sync Integration Guide. VMware Workspace ONE UEM 1902

Office 365 and Azure Active Directory Identities In-depth

Cloud Secure Integration with ADFS. Deployment Guide

Configuration Guide. BlackBerry UEM. Version 12.7 Maintenance Release 2

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

IMPLEMENTING SINGLE SIGN-ON (SSO) TO KERBEROS CONSTRAINED DELEGATION AND HEADER-BASED APPS. VMware Identity Manager.

Salesforce1 Mobile Security White Paper. Revised: April 2014

USING PRODUCT PROVISIONING TO DELIVER FILES TO WINDOWS 10: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Symantec Mobile Management for Configuration Manager 7.2 MR1 Release Notes

Comodo Endpoint Manager Software Version 6.26

VMware AirWatch System Settings Reference Manual for On-Premises Customers A comprehensive listing of AirWatch system settings. AirWatch v9.

ZENworks 2017 Update 4 Troubleshooting Mobile Device Management

Introduction... 5 Configuring Single Sign-On... 7 Prerequisites for Configuring Single Sign-On... 7 Installing Oracle HTTP Server...

Table of Contents. VMware AirWatch: Technology Partner Integration

VMware AirWatch Mobile Application Management Guide Enable access to public and enterprise apps

ios App Resigning and VoIP Certificate Guide

NotifySCM Workspace Administration Guide

Guide to Deploying VMware Workspace ONE with VMware Identity Manager. SEP 2018 VMware Workspace ONE

VMware AirWatch - Workspace ONE, Single Sign-on and VMware Identity Manager

Sophos Mobile. super administrator guide. product version: 9

Centrify for Dropbox Deployment Guide

Relativity's mobile app Guide

Cloud Secure. Microsoft Office 365. Configuration Guide. Product Release Document Revisions Published Date

Table of Contents HOL-1757-MBL-6

User Management in Resource Manager


CONFIGURING BASIC MACOS MANAGEMENT: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

9.0 Help for End Users Release Notes Using Jive for Outlook...5

Setting Up the Server

INSTALLATION AND SETUP VMware Workspace ONE

Swyft Mobile for Saleforce TM. User Guide

Box Connector. Version 2.0. User Guide

Push Notifications (On-Premises Deployments)

VMware Notification Service v2.0 Installation and Configuration Guide Configure ENS2 for cloud and on-premises deployments

VMware AirWatch System Settings Reference Manual for SaaS Customers A comprehensive listing of AirWatch system settings

Workday Deployment Guide Version 4.0

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Better MDM

Verizon MDM UEM Unified Endpoint Management

Single Sign-On for PCF. User's Guide

Provisioning Mobile Device Manager in the Control Panel. Admin Guide

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

Colligo Briefcase. for Good Technology. Administrator Guide

Sophos Mobile as a Service

VMware Identity Manager Administration. MAY 2018 VMware Identity Manager 3.2

Amazon AppStream 2.0: SOLIDWORKS Deployment Guide

Comodo Endpoint Manager Software Version 6.25

Transcription:

Administering Jive Mobile Apps for ios and Android

TOC 2 Contents Administering Jive Mobile Apps...3 Configuring Jive for Android and ios...3 Custom App Wrapping for ios...3 Authentication with Mobile Apps... 3 Authenticating with Standard OAuth...3 Authenticating with SAML SSO...4 Authenticating with Activity-Based OAuth...4 First-Time Only Authentication with SAML...5 Forced OAuth for Mobile Only...5 Troubleshooting OAuth Errors...6 Native Apps and Push Notifications... 6 Native App Caching: Android...7 Native App Caching: ios...7

Administering Jive Mobile Apps 3 Administering Jive Mobile Apps Setting up the Jive side of the apps can include connecting to the community, choosing an authentication method, and customizing the look and feel of the apps to reflect the unique branding of your community. Configuring Jive for Android and ios No Jive-side configuration is required to use the apps, unless you can't or don't want to use your Jive installation's SSO setup to authenticate Mobile users. In general, if you have licensed Jive Mobile, you don't need to do anything to let your users download the Mobile app from the App Store and get started. By default, the Mobile app will use whatever authentication method you've set up for your Jive site, and you can use the default settings for push notifications. Here are some situations where you might want to do further configuration: You have an SSO configuration for your Jive site that you can't or don't want to use with Mobile. For example, if your sign-in page for SSO is on a VPN (and not accessible to mobile devices), or SSO timeout policy is mobileunfriendly, you should read the section on Authenticating with Mobile Apps and consider your options. You want to distribute a customized or wrapped version of the app. Custom App Wrapping for ios With Mobile 3, we are introducing a program to enable custom enterprise distribution of the ios app, including wrapping with MDM tools like Good Dynamics or MobileIron. If you participate in this program, you will be provided access to ios binaries (.ipa files) for the Jive app, and will be able to perform some customizations, as well as app signing and wrapping. You can also contract with Jive professional services for app wrapping with Good Dynamics or MobileIron. Contact your Jive account representative for more information. Jive internally tests a wrapped version with Good Dynamics and Mobile Iron. However, we cannot provide technical support if you implement app wrapping without our assistance. We recommend that if you do so, you assign this task to a mobile expert within your company. To verify success, we recommend testing the ios app outside MDM, then wrapping and testing again. If you have a problem with Jive functionality after the app is wrapped, the problem can be isolated to the wrapped app, and you will need to reach out to your MDM vendor for assistance. Note: App wrapping is not yet available for the Android app. Authentication with Mobile Apps With Jive 7 and Mobile 3, Jive Mobile apps support OAuth 2 as both an Authorization Server and a Resource Server. This enables several new authentication methods. Basic authentication is no longer supported. Authenticating with Standard OAuth When you have the Jive for ios or Jive for Android add-on installed through the Jive Add-ons interface, standard OAuth is the default configuration. In previous versions, Jive used basic auth as an authentication option for mobile apps. As of Jive 7, we use OAuth2 with the username/password grant. When users enter a username and password on the mobile device, all subsequent API calls go through OAuth instead of basic auth. This authentication method is much more secure, because the username and password are never stored on the mobile device.

Administering Jive Mobile Apps 4 If you also have SAML SSO enabled on the instance, and you prefer to use OAuth rather than SAML for mobile authentication only, please refer to "Forced OAuth for Mobile Only," below. If you want Mobile users to authenticate through SAML SSO, but you prefer different timeout settings for mobile devices, see "Initial Authentication Through SAML Followed by OAuth." 1. Under your name or avatar, select Add-Ons. 2. Make sure the Jive for ios or Jive for Android app add-on is installed and enabled. If you are using an on-premise version earlier than 7.0.1, or your instance isn't connected to the Internet, you may need to contact Jive Support to install this add-on. 3. Next to the app listing, click the gear icon and select Settings. Then click Advanced. 4. If necessary, adjust the Access Token and Refresh Token timeout settings. The default settings are 48 hours for the Access Token and 15 years for the Refresh Token. Authenticating with SAML SSO When your Jive instance is configured with SAML SSO, Jive s Mobile apps will follow the same authentication flow as the regular web UI. Mobile detects whether SAML SSO is enabled by making a call to yourcommunity/api/version as shown in the following example: throw 'allowillegalresourcecall is false.'; { "jiveversion" : "7.0.0.0 ", "jivecoreversions" : [ { "version" : 2, "revision" : 3, "uri" : "/api/core/v2", "documentation" : "https://developers.jivesoftware.com/api/ v3/rest" }, { "version" : 3, "revision" : 4, "uri" : "/api/core/v3", "documentation" : "https://developers.jivesoftware.com/api/ v3/rest" } ], "instanceurl" : "https://yourcommunity.com", "ssoenabled" : [ "saml" ], } Implementing SAML SSO for your Jive site extends the functionality to Jive Mobile. However, use the following steps to ensure that the SAML SSO timeout behaves correctly on a mobile device: 1. Check the value of the auth.lifetime system property in the Jive admin console. 2. Make sure this value is the same as the SAML SSO timeout. Authenticating with Activity-Based OAuth You can choose to extend users OAuth access tokens based on continued activity. By default, users will be required to re-authenticate after 15 minutes of inactivity on the device. The activity-based OAuth method works like a very basic application lock. You set it up by setting the Refresh Token to time out earlier than the Access Token, which ensures that the Access Token is not refreshed before the Refresh Token has expired. 1. Under your name or avatar, select Add-Ons.

Administering Jive Mobile Apps 5 2. Make sure the Jive for ios or Jive for Android app add-on is installed and enabled. If you are using an on-premise version earlier than 7.0.1, or your instance isn't connected to the Internet, you may need to contact Jive Support to install this add-on. 3. Next to the ios app listing, click the gear icon and select Settings. Then click Advanced. 4. Set the Access Token and Refresh Token timeout settings to very short intervals. The Refresh Token timeout setting should be at least 1 minute shorter than the Access Token timeout setting. 5. Select Automatically extend access token expiration upon activity. First-Time Only Authentication with SAML With this method, a user authenticates initially through SAML SSO. Then Jive Mobile converts the session to a longer-lived OAuth session. Note: This option is not available for versions earlier than Jive 7.0.1. This method is achieved by setting the Access Token and Refresh Token timeouts for the Add-on to an interval greater than the timeout settings of SAML SSO, thereby circumventing the timeout settings of both auth.lifetime (the Jive authentication session) and the SAML SSO session. Keep in mind that if you use the default values for the Access Token timeout (48 hours) and the Refresh Token timeout (15 years), the user will not need to log in again on mobile unless the device s authentication is revoked or the values are changed. This method has the following advantages: The user can revoke a device authenticated through SAML SSO, a feature that is not available by using regular SAML SSO login alone. Users who authenticated through the mobile clients and the regular web UI can have different timeout settings, while using the same authentication login flow and the same IdP. To configure this method: 1. Make sure SAML SSO is enabled. 2. Make sure the Jive for ios or Jive for Android app add-on is installed and enabled. If you are using an on-premise version earlier than 7.0.1, or your instance isn't connected to the Internet, you may need to contact Jive Support to install this add-on. 3. Next to the app listing, click the gear icon and select Settings. Then click Advanced. 4. Set the Access Token and Refresh Token timeout settings to interval greater than the timeout settings of SAML SSO. 5. Enable Allow this add-on to obtain an access token using an authenticated session. (Enabling this setting returns a 200 status code when /api/addons/extensionuuid/session-grant-allowed is passed. Otherwise, this call returns a 403 error.) Forced OAuth for Mobile Only You can enforce OAuth as the authentication method for Mobile users only, even if the instance is configured with SAML SSO. Note: This option is not available for versions earlier than Jive 7.0.1. If this setting is enabled, users accessing Jive on a mobile device will not use the SAML SSO login flow but instead enter a username and password. They will then use an OAuth token for all subsequent API calls. 1. Make sure a directory server such as LDAP is configured on the community. 2. In the admin console, add the system property jive.coreapi.force.oauth and set it to true. 3. Verify that the setting has been applied. If it's working correctly, "ssoenabled": ["saml"] should be removed when making a call to /api/version.

Administering Jive Mobile Apps 6 Troubleshooting OAuth Errors If you see an OAuth error when you try to connect using the Jive for ios or Jive for Android app, the most likely cause is that the correct add-on is not installed. Jive for ios and Jive for Android rely on mobile add-ons that are added to your site via the Jive Add-ons Registry. Cloud and Hosted sites should have these add-ons installed by default. However, in rare cases, a site may require the add-ons to be installed. If you see the "Unable to initiate OAuth login" error when trying to connect from a mobile app, this is the likely cause. Use the following steps to ensure your site can connect to the Add-ons Registry and then install the add-on(s) you need: 1. In the admin console, click Add-Ons > Add-on Services Settings and verify that Connections to Add-on Services is set to Allow. (If you don't have system admin privileges, you'll need Support to access this setting.) 2. Click your avatar in the top right of your site and select Add-ons. 3. From the Add-Ons tab, select All Add-ons > Available 4. Select the Jive for Android or Jive for ios add-on, and click Install. Native Apps and Push Notifications You can use the Native Apps settings to disable push notifications if you don't want to use them. Or, if you have a custom distribution of the native app, you can configure Jive to use an Apple or Android certificate to send push notifications. Fastpath: Admin Console: Mobile > Native Apps Push Notification Defaults By default, push notifications are on, and are relayed through the Jive Push Service. If you want to shut them off, click None - disable push notifications. Push notifications continue to send data through the Jive Push Service securely via HTTPS, but do not require authentication. To ensure Jive can send push notifications, you'll need to enable outbound traffic from your Jive instance to the following IP address on port 443: 204.93.84.65 Due to ios and Android security restrictions on which credentials are needed to push to an application, push notifications must go through Jive's push notification gateway to reach the standard Jive Mobile application. If you don't like this behavior, you can disable push notifications, or you can do a custom app distribution and configure custom push directly through Google's and Apple's servers, as described below. Custom Push Notifications Custom push notifications go directly from the Jive server to the appropriate notification services (GCM from Android and APNS for ios). For security, Android and ios require that the credentials used to send push notifications to an app match the credentials used to sign the distributed app. Therefore, to use custom push notifications, you must have a customized version of the app that is signed by your organization's appropriate credentials. You can upload your organization's APNS credentials and/or GCM key on the Mobile > Native Apps page of the Admin Console. Android If you enable custom push notifications for Android, be sure the Jive server allows POSTs to https:// android.googleapis.com/gcm/send. For more information about Android push notifications, you might want to check out their documentation.

Administering Jive Mobile Apps 7 ios To read more about how ios push notifications work, the Mac Developer Library describes the provisioning process at length here. For a more detailed discussion of ios app customization, you may want to ask your account manager for the following article in the Jive Community: How To: Configure the Jive ios App for Enterprise Distribution. Native App Caching: Android Caching behavior is designed to balance security and convenience. Table 1: Data That Can Be Cached or Stored on the Device User Avatars -- Content Creation Activities Community URL -- SSO Authentication Cookies Downloaded Attachments oauth token Inbox items The most recently mentioned users and recently selected places for content creation will be cached. These cookies are stored only if the main instance is using SAML SSO. Attachments are stored in the private application data folder. The oauth token is only stored if the main Jive instance is using oauth. Inbox items are stored in the private application data folder. Table 2: Data That Cannot be Cached or Stored on the Device Core API Responses The core application API returns instance-specific data about the community, such as user profiles and content. Native App Caching: ios Caching behavior is designed to balance security and convenience. Table 3: Data That Can Be Cached or Stored on the Device User Avatars -- Content Creation Activities Username, password, and community URL SSO Authentication Cookies The most recently mentioned users and recently selected places for content creation will be cached. This information is stored securely in the keychain. Username and password are only stored if the main instance is using Basic Authentication. These cookies are stored only if the main instance is using SAML SSO.

Administering Jive Mobile Apps 8 Downloaded Attachments oauth token Inbox items Attachments are stored using Data Protection. The oauth token is only stored if the main Jive instance is using oauth. Inbox items are stored using Data Protection. Table 4: Data That Cannot be Cached or Stored on the Device Core API Responses The core application API returns instance-specific data about the community, such as user profiles and content.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback