How to deploy Sapho App with MobileIron and AppConnect

Audience: System administrators installing and configuring Sapho Server

MobileIron AppConnect containerizes apps to protect corporate data-at-rest without touching personal data. Once applications are wrapped with the MobileIron AppConnect wrapper they are integrated into a secure container on the device. Each app becomes a secure container whose data is encrypted, protected from unauthorized access, and removable.

Wrapping the App

To enable AppConnect functionality, you will first need to wrap the app:

  1. Log in to the AppConnect Wrapping Portal.
  2. Navigate to Menu → Wrapped Apps → Create New
  3. Upload your .apk or .ipa distribution file. The app file will then be wrapped for you automatically.

Your AppConnect setup for MobileIron on Android devices is now complete.

For iOS devices, please continue with the following steps:

iOS Specifics

  1. Download the signing bash script sign_wrapped_app.sh, which can be found in the Wrapping Portal. Please note, you will need to have a Private Key (and a distribution certificate) from the Apple Developer Portal properly stored in your Keychain in macOS.
  2. Find your Signing Identity (the -i argument for the next command) by running:
    security find-identity -p codesigning -v | 
    grep "iPhone Distribution: Sapho, Inc."
  3. Run the signing script on the wrapped .ipa file using the correct Signing Identity (the -i argument) from the previous step, e.g.:
    ./sign_wrapped_app.sh -i "QL1EE0LALXP4GADO13NARNZDN1IY803VD898PWQF" 
    -b "com.sapho.apps.acme" Acme-1.1.1-Enterprise-wrapped.ipa

Checking App Sanity

This simple tool is great for finding a lot of potential app distribution problems:

  1. Log in to the MobileIron AppSanity Portal.
  2. iOS: Upload the wrapped and signed .ipa file and make sure that all checks are OK.
    Android: Upload the wrapped .apk file and check whether all the information is correct (Android checks are only informative).

Deploy Sapho App to MobileIron

Once you have successfully wrapped your Sapho App, you can add it to App Catalog in the MobileIron Admin Console.

Here’s how to do it:

  1. In the MobileIron Admin Console, click +Add.
  2. Upload your wrapped .ipa /.apk file.

    Notice that the AppConnect Wrapper version is present. Click Next.
  3. Click + to add your AppConnect Configuration. This is how you integrate Sapho Server and MobileIron to enable Single Sign-On.

    Proper AppConnect Configuration is essential to enabling MobileIron SSO to automatically sign users into the Sapho mobile app. You will need to set up two variables tin MobileIron: saphoUID and saphoToken.

    Both of these variables can be found in Sapho Builder in the Provider details for MobileIron:

    There are a few more variables that can be preset in the MobileIron AppConnect Configuration: USER_CUSTOM_1, USER_CUSTOM_2 and USER_CUSTOM_3.
    These variables are pushed along with the other AppConnect variables to the Sapho App.
    In Sapho Builder the Custom User Variables can be used for various user-related tasks, e.g. for prefilling Search Page fields.

    Here is an example of an AppConnect custom configuration in MobileIron:
  4. Complete the configuration wizard to finish adding the Sapho App to the MobileIron App Catalog. You will be able to use custom AppConnect variables in apps connected to your Sapho Server right away.