Mobile Iron for Android Note: At this time, Mobile Device Management through Mobile Iron is available ONLY for iOS and Android. In a Nutshell In order to improve security, SAP Field Service Management has implemented Mobile Device Management for Field Service mobile on Android and iOS using Mobile Iron. This allows accounts to be associated with devices, ensuring that users can not use personal and/or unauthorized devices to access the account. Mobile Iron is a platform that secures the Android application. The Mobile Iron-enabled version of the Android application is distinct from the version available from the Google Play store. This build can be installed on an Android device using the Mobile@Work application described in the How to Install SAP Field Service Mobile via Mobile@Work below . After it is installed, you can then configure the app from the Mobile Iron CORE admin portal. ATTENTION: The following is the Application Identifier (Bundle Id) for Android: forgepond.com.coresuite.coresuitemobile. This is used for CONFIGURATION and POLICY, and is the identifier for the WRAPPED application, NOT the application from Google Play. Mobile Iron CORE Admin Portal For setup and configuration of the application access your Mobile Iron CORE admin portal and login using the admin credentials. Note: Please contact SAP Support for assistance in creating an account. Installation and Configuration Get SAP Field Service Mobile with Mobile Iron integration for Android ATTENTION: This is a temporary solution for providing wrapped builds. The reason behind this is that for iOS, Mobile Iron offers an SDK that can be used for integration. However, an SDK is not available for Android, thus requiring integrators to use a wrapper instead. View Steps There is a new application created on HockeyApp from where the wrapped build can be downloaded. The wrapped build downloaded from HockeyApp can not be installed on a device directly for security reasons. After downloading the build from HockeyApp the build should be uploaded to the Mobile Iron Core Portal (see the "Upload a new in-house application" section). After uploading the build to Mobile Iron Core Portal the admin will be available to publish the app to devices/users (see the "Publish an application to the users" section). Basic Configuration Steps SAP FSM Administration ATTENTION: The following configuration requires administrator credentials on the admin portal. These are currently not shared with customers. Please contact a SAP FSM consultant to complete the following steps. Mobile Iron CORE Admin Portal WARNING: On Android, for the wrapped application, there is a configuration and a policy created by default when the application is uploaded to the App Catalog. The DEFAULT CONFIGURATION and the DEFAULT POLICY are removed automatically when the application is removed, and using these to add custom configurations to the app is NOT recommended. Creating a new configuration and a new policy is the recommended approach. View Steps Go to your Mobile Iron CORE admin portal (E.g. https://de.mobileiron.net/coresystems/login.jsp) Go to Policies & Config Create a new app configuration and a Container Policy, and give it a name. (e.g. Coresuite Mobile Android Wrapped - Configuration / Policy). If you already have a configuration and policy, this step can be skipped, and you can click "Save" with no further changes. Mark the Configuration entry that you have created previously and edit it. Specify the application identifier. IMPORTANT: For "Application", use the identifier listed at the beginning of this document. Specify the access token. IMPORTANT: Must be the same as specified as Client ID in the SAP FSM Cloud admin tool (e.g. mdmAuth). Save the changes Mark the Policy entry that you have created previously and edit it. Specify the application identifier. IMPORTANT: For "Application", use the identifier listed at the beginning of this document. Save the changes. Next steps: Set up a label for Android. Assign the policy and configuration to that label. Upload a new in-house application. Push application to the users. Install application on user devices. Reference Guide How to Create a New User Account In order to be able to access the Mobile@Work app, a user needs an account on MobileIron platform that should be created by the Administrator. The Administrator can create a user account by completing the following steps: View Steps Login to Mobile Iron CORE admin portal. Open "Devices & Users" section. Select "Users" Navigate to Add > Add Local User Fill in the form and click the "Save" button. How to Create a New Label Labels are used to group users by category (ex: Android - includes all android devices, Android Developer - includes all android developers). In order to create a label, open Mobile Iron CORE admin portal, go to Devices & Users and complete the following steps: View Steps Tap on Labels tab. Click the Add Label button. Fill in the form with the name and criteria. Click the Save button. How to Create a Custom Policy for an Application Open Mobile Iron CORE admin portal, go to Policies & Configs section and complete the following steps: View Steps Navigate to Add new > AppConnect > Container Policy. Give it a name (i.e. SAP FSM Android Policy) In the Application field, enter the identifier noted at the begining of this document. Click "Save". How to Create a Custom Configuration for an Application Open Mobile Iron CORE admin portal, go to Policies & Configs section and complete the following steps. View Steps Navigate to Add new > AppConnect > App Configuration Give it a name (i.e. SAP FSM Android Configuration) In the Application field enter, the identifier noted at the beginning of this document. Click "Save". How to Add a Custom MDM access Token Configuration for an Application Open Mobile Iron CORE admin portal, go to Policies & Configs section and complete the following steps: View Steps Select the config created for the app (the CORE will create one by default). Configs have the Setting Type "APPCONFIG". Click the "Edit" button (from top-left corner) Scroll down to App-Specific Configurations and click the "Add" button. Add the following config: Key: accessToken Value: mdmAuth Click "Save". How to Assign the Configuration and Policy to a Label Adding the AppConfig and AppPolicy to a label makes it easy to apply to devices. When a new device is added to the portal, it can be assigned to a label. Everything configured for that label is applied to it automatically. View Steps Open Mobile Iron CORE admin portal, go to Policies & Configs section and follow the steps: Select both the AppConfig and AppPolicy created or updated in the previous steps. Click "More Actions" and "Apply To Label". Select the iOS label created in the How to create a "label" step. Click "Apply". How to Upload a New In-house Application In order to see all apps that are secured using AppConnect wrapper (Mobile Iron) open Mobile Iron CORE admin portal and go to Apps section. View Steps Follow the steps from "How to get the wrapped app which should be uploaded to the Mobile Iron CORE portal" chapter at the beginning of this document and get the wrapped application file. Go to Mobile Iron CORE admin portal > Apps > Apps Catalog > Remove the old app (if it exists) - you can not update it, you should remove the old application and add the new one. In order to add the new build click Add button > In-House > select the wrapped application file obtained at step 1 > Click the Next button > Wait for uploading the new build. When the new build is uploaded, add a short description to the build, select the category and then click the "Next" button. Click the "Next" button for the rest of configuration, then click "Finish". When successful, the new build will be visible in the Apps Catalog. How to Publish an Application to Users Note: This step is not required if you use the iOS app and get it from the Apple App store. In order to be visible for the users, you must complete the following steps: View Steps Open Mobile Iron CORE admin portal and go to Apps > Apps Catalog. Select the app that you want to push to users. Click the "Actions" button > Apply To Labels. Select a label from the list and Click the Apply. The application will be visible in App@Work app (iOS) or section (Android) for all the users included in the label. It can now be installed by following the tasks in chapter "How to install Coresuite Mobile via Mobile@Work". Note: To remove an app from a label, use "Remove From Labels" option. How to Install SAP FSM Mobile via Mobile@Work View Steps Install Mobile@Work from Google Play Store / Apple App Store. Open Mobile@Work and log in using credentials. Server Address: (ex: de.mobileiron.net:30511) it will be sent to the new user created in the section "How to create a new user account" via Email. User Name: user created in the section "How to create a new user account". Password: password from the user created in the section "How to create a new user account". Install App: Select Apps@Work from the menu. Tap Categories tab and select the category of the uploaded app (ex: "Testing") - the category is added when a new application is uploaded to the Apps Catalog. See the section: "How to upload a new In-House application". Tap on application (ex: SAP SM). Tap Request button to install the application. Open Coresuite app and you should be able to log in using SAP FSM credentials.