Egnyte Help Desk

Device Entitlement Guide

Overview

Device Entitlement is a mobile security feature that allows administrators to manage which mobile devices are allowed to use the Egnyte mobile app. Device Entitlement works alongside Enterprise Mobility Management (EMM) solutions to identify whether users are accessing Egnyte on a managed device.  Administrators can control whether access on unmanaged devices is allow or set up additional restrictions to minimize risk of data loss. Egnyte must enable Device Entitlement for your domain. Admins can contact support@egnyte.com to get Device Entitlement enabled.

Requirements

  • Device Entitlement is only available with Egnyte’s Device Control package.
  • This feature also requires a compatible MDM/MAM/EMM solution. A full list of supported Mobile Management solutions be found here.
  • Users' devices are already enrolled and setup with the MDM
  • Min Supported version: iOS 7 or Android 5.0 (Lollipop)

Setup

Step 1: The admin enables and configures Device Entitlement from Egnyte’s Web UI
Step 2: Connect Egnyte to your Mobile Management solution

Optionally, there are some additional steps that you can take to tailor security for unmanaged devices to your company’s preference. Additionally, we will explain how you can automatically install the Egnyte app on all managed devices so that your end users will have a seamless onboarding experience.

Step 1: Setting up Device Entitlement in Egnyte

1. If you have purchased the Egnyte Device Control package, you can enable Device Entitlement from our Web UI. Tap on your profile icon from the top right corner to go to the Egnyte Settings View.

WebUIMDM.png

2. Access the Applications panel by navigating to the Configuration tab, under Settings. Toggle Mobile Device Entitlement to enable the feature.

SettingsMDM.png

3. Once enabled, generate a Mobile Device Entitlement Token and save this string for the second part of the Setup.

ToggleMDM.png

If you are managing multiple Egnyte domains (via Multi-Entity Management), please set the Mobile Device Entitlement Token to be the same across all of your Egnyte domains. If an end user tries to authenticate into a domain that is using a different Mobile Device Entitlement token, it will be treated as an unmanaged device and thus, will have restricted access.

Step 2: Linking your MDM to Egnyte

Each MDM is slightly different, so we have created separate guides for the common mobile management solutions that we support. Our Device Entitlement feature works with all of the mobile management solutions mentioned on AppConfig.org.

1. From your Mobile Iron admin console, choose Apps from the top menu. Then click on +Add
MI1.png
 
2. Choose the platform you’d like to add with the appstore dropdown menu. Search for Egnyte in the text box and then click next.
MI2.png
 
3. Review that you’ve selected the right app and hit next again, where you can set your distribution filters for the App Catalog. Anyone who can install the app from the App Catalog will be considered a managed device. Click on Next when you’re done.
MI3.png
 
4. In the App Configurations section, tap the + button on the iOS Managed App Configuration row.
MI4.png
 
For managed Android apps, it's under the Android for Work row
AndroidWork.png
 
5. Fill in the name as something you can remember and reference later (ie. Egnyte Device Entitlement Configs). Then click on the +Add button to fill in the Device Entitlement token then Next then Done when you have finished.
  • Your key should be “deviceEntitlementToken”
  • Your Device Entitlement Token should be copy/pasted from Step 1 into the value field

Optional:

  • You can auto-install our app on managed devices so that your end users don’t even need to search for the app in the app catalog.
1. From your Airwatch admin console, choose Apps & Books from the left-side menu, then choose the Public tab and then Add Application
AW1.png
 
2. Choose which platform (iOS or Android) and input Egnyte in the Name field. Hit Next for Airwatch to search the appstore for the Egnyte app.
AW2.png
 
3. Select Egnyte from the search results and without changing any settings here, choose Save & Assign
AW3.png
 
4. Now, Egnyte should be added to your list view. Select the row’s radio button and choose to Edit Assignment
AW4.png
 
5. Scroll down until you see the Policies’ Application Configuration section. Click on the Add button to add your Device Entitlement Token
AW5.png
 
6. Set the Configuration Key to “deviceEntitlementToken” and copy paste the Device Entitlement Token from the webUI (via Step 1) into the Configuration Value field. It should look like the screenshot below when you’re done. Click on Save & Assign, then Publish on the next screen to finish.
AW6.png
 
AW7.png
 
7. The app should now be available in the app catalog for your users to download and install. Any apps installed through the app catalog will receive the Device Entitlement Token that you’ve provided, and these devices will be treated as managed. Any apps installed outside of the MDM will be considered unmanaged, and thus have restricted or limited access.

 

Optional:

  • You can choose a Silent Install setup to auto-install our app on managed devices.

(Optional) Step 3: Scalable Authentication Assist

To help onboard your managed users faster, you can pre-install and pre-fill some of your end user’s input fields through your MDM. When your users open the app, all they will simply open the app and type in their password*.

In the App Policy view, choose to add the following key value pairs so that these values are injected into your end user’s device for a seamless authentication experience.

Key

Value

Notes

login

<user's username or email>

This field is ignored when the field useSSO is set to true.

The value should be filled with an Airwatch variable so that each of your end user's devices will have this field prefilled with their username or email. The available variables that you can select from can be referenced under the "Insert Lookup Value" button, on the right side of the input box.

This value can't be read if the company uses SSO login. Username must follow set convention to work.

domain

<domain name>

iOS: <domain name>.egnyte.com   Android: <domain name>

useSSO

<true or false>

False by default.

deviceEntitlementToken

<String>

This string needs to match what is set in the Web UI Device Control panel.


*Single-sign-on users will still have to type in both username and password, but no longer need to fill in the domain field.

End User Experience

  • Your end users will not need to do anything unique.
  • If unmanaged access is restricted, he will simply not be able to login
  • If unmanaged devices are allowed access, but with feature restrictions then those features will simply not be available when the end user is using the app.

Troubleshooting

Question 1: I’m trying to integrate Device Entitlement with Android for Work. However, my device is not letting me install a work profile. What is wrong?

Answer 1: Your device might be rooted. Android for Work does not support rooted devices.

Egnyte Community

Egnyte Community

Want to connect with other Egnyte users and our Egnyte team? Share ideas and ask questions in our Community.