Pushing settings to enrolled devices

Settings are sent as key-value pairs (see Managed App Configuration keys). These can be pushed to enrolled devices through the EMM console interface or via an xml file.

The settings allow the EMM provider to:

  • Define the Tenant URL to which the users connect.
  • Set the Tenant URL field to be read-only on the device.
  • Substitute an alternate name (a “mask”) to the address so mobile users will not see the actual URL to which they are connecting.
  • Designate devices as “organisational” devices. This is used by organisations that customise access based on device-type.
  • Enable Android devices to detect an “App Logout” message to initiate a forced logout.

Refer to the items below for more information.

It is recommended that the “tenantUrl” key should be part of every push by the EMM console. Note that if a push does not contain “tenantUrl,” but other supported keys are pushed, the app will honour the pushed settings and the devices will still show the most-recently pushed tenantUrl. If no tenantUrl was ever pushed, then the user would have to manually enter the Tenant URL.

When the app receives an updated URL, the following message is presented to all logged-in users: “Tenant URL updated. Unsaved data will be lost.” Tapping OK will log the user out of the mobile app and will return to the Login screen, pointing to the updated Tenant URL.

Note: In this case, if affected users have pending push notifications or offline date, this data will be discarded. Refer to the “Timing the update” section below.

When an EMM administrator performs a Push, all settings are updated, even settings that are not part of the push. If a key is not included in the push, this essentially clears the setting to the following:

  • tenantUrl – The most recently pushed URL
  • readOnlyTenantUrl – False
  • tenantUrlMask – No mask
  • appLogoutIntent – Devices will not detect an App Logout broadcast
  • isOrganizationalDevice – devices will not send an Organisation Device flag to the system.

Updates should occur within a published plan-maintenance window, especially when URL propagation is included. Pushing an updated URL will logout all logged-in users without saving their unsaved data.