ibm connections 5 mobile customization & administration
DESCRIPTION
Learn about the various ways you can customize the IBM Connections Mobile App.TRANSCRIPT
© 2014 IBM Corporation
Mobile Customization & AdministrationIBM Connections 5.0 Workshop
Author: Paul GodbyIBM Ecosystem DevelopmentDuration: 30 minutes
Agenda
● Overview● Application Management● Security Management
IBM Connections Mobile
● One application per mobile OS● Regardless of the server deployment & level
IBM Greenhouse Customer A3.0.1.x
Customer N5.0.x
......IBM SmartCloud™
Architecture
● Server requirements● Minimum Connections 3.0.1 + Mobile refresh (L061851)
– Connections 3.0.1 CR2 – added application management capabilities
– Connections 4.0 CR1 – added mobile security management capabilities
● Connections Mobile enterprise appplication installed
Client Components
● Mobile apps● iPhone, iPad, iPod Touch
– iOS 6, 7
● Android– Android 2.3.3+
● BlackBerry– BlackBerry 6, 7
● Microbrowser version● Server
● Mobile Application Management● Mobile Security Management
Agenda
● Overview● Application Management● Security Management
Customization
● Available since IBM Connections 3.0.1 CR2 (and version 3.2 of the App)● What can be customized?
● Custom login form● Custom EULA● Rebranding● Add / remove services● Rename services● Add additional application launchers
● Customizations / extensions are defined in file: mobile-config.xml
Service customization
● By default, if a service is enabled in IBM Connections, it will be enabled on mobile● An administrator can disable a mobile service by
● Setting enabled = false for the application in mobile-config.xml● An administrator can remove a service from the home screen but make it available
to other applications (ie: Files in Communities) by● Setting displayInLauncher=false
Service customization – Files
● Additional configuration is available for the Files application
Rebranding
● You can rebrand:● The App name
– Only in the app itself! You will still see “IBM Connections” in Android or iOS
● The service labels used for various applications
Service Labels
Extensibility
● You can add additional services and include:● Icons for different devices and densities● Service label● Service URL
E-mail Notifications
● When a user follows objects in Connections he/she will receive an e-mail digest● By default, the digest only contains direct links to the Connections server apps
● To include additional links for mobile device access:
Custom URIs
● Connections Mobile App can be started from a browser, or another mobile app, on the device using the following URIs
● Launch App → ibmscp://com.ibm.connections/launch● Open Profile → ibmscp://com.ibm.connections/profiles?<uid=X>|<email=Y>● Open Community → ibmscp://com.ibm.connections/communities?<uid=X>● Open File → ibmscp://com.ibm.connections/files?<uid=X>● And More!!! → http://www.ibm.com/support/docview.wss?uid=swg21601146
● BlackBerry does not support ibmscp, so use an http prefix instead
Agenda
● Overview● Application Management● Security Management
Mobile Security Management Overview
● Designed to prevent data loss in the event of a lost or stolen device● Provides
● Secure access to data stored on the device● Ability to control user access to data● Ability to remove enterprise data from the device (if needed)
● Capabilities● Password retention policies for storing password on device● Expose/hide e-mail addresses● Allow/prevent geolocation information to be used● Allow/prevent copy & paste in the app● Allow/prevent app documents to be shared during sync (ie: iTunes)
● Available in IBM Connections 4.0+● Is not a full-fledged Mobile Device Management (MDM) solution
– For full capabilities: MobileIron, McAfee, BigFix, Tango, Tivoli Endpoint Manager, etc.
Topology – Deployed on Connections server
Configure Mobile Administrators
● Enable MobileAdmin settings in mobile-config.xml
● Restart Mobile Administration application● In the Integrated Solutions Console, map users to administrator role
● Mobile Administration URL: https://host:port/mobileAdmin
Device Registration
● Initiated the first time the user logs in after installing the app on a device● Registration process logs:
● User name● Device name● Device id● Policy compliance status
Configuration Profile
● Provisioning occurs during app registration process on the device
● Upon login, application will check server for policy updates
Remote Wipe & Access Denial
● Administrator can issue Remote Wipe Request for a lost device● Administrator can deny application access
● Reasons: lost device, security, functionality, performance, etc.● If a lost device is recovered, administrator can clear Remote Wipe or Access Denial
Administration Audit
● Audit actions that can be enabled / disabled● Device registration, Enable / disable Access Denial, Enable / disable Remote
Wipe● Configuration
● Inactive user reap interval– Length of time user can be inactive without being removed from registration
● Audit purge interval– Length of time an audit event should be retained in the database
Custom Login Form
● A custom login form can be defined for various authentication mechanisms such as TAM, SiteMinder, SPNEGO, etc.
● The Connections App presents the same login interface regardless of the login form/mechanism enabled in the environment
Custom EULA/Information page(s)
● Enterprise User License Agreement (EULA) or information pages can be defined to be presented to users before they are granted app access
Two factor client certificate authentication
● Requires the mobile user to provide a certificate during the login process● Android 4.0+
● Uses the unified keychain● Can be installed via a p12 or ibmmbd file
● iOS● Certificate must be installed in the app's keychain● Must add “ibmmbd” extension to certificate to it can be opened by the app● User gains access to ibmmbd file via website or e-mail; User then opens the file
in the Connections App to import it into the keychain● See “Configuring access with client certificates” in wiki
Client certificate authentication flow
● The IBM Connections Mobile App● Attempts to make a connection to the server● Is challenged for a client certificate by the server● Sends certificate to the server● Is allowed to connect by the server● Is challenged for IBM Connections server credentials● Sends IBM Connections credentials● Is granted access to all available services
Other settings
● Allow/prevent browser access to the mobile app.● User will get redirected to appstore URL is web access is disabled● <WebClientAccess>
● Set the default service used when a user logs in● <DefaultApplication>
Thanks!
● Access FREE education on the IBM Collaboration Solutions portfolio of products today!
1. Visit the IBM Greenhouse and create a free account.
Link → http://greenhouse.lotus.com/
2. Visit the IBM Collaboration Solutions Ecosystem Development Community
Link → https://greenhouse.lotus.com/communities/community/icsecod
3. Learn new skills and share these links with your friends and colleagues!