Welcome to
Help Desk

Product Updates
Training
Support
Ideas Contact Support

Mobile App - Device Entitlement


Device Entitlement is a mobile security feature that allows administrators to manage which mobile devices are allowed to use the Egnyte mobile app. Device Entitlement works alongside Enterprise Mobility Management (EMM) solutions to identify whether users are accessing Egnyte on a managed device. Administrators can control whether access on unmanaged devices is allowed or set up additional restrictions to minimize the risk of data loss. Egnyte must enable Device Entitlement for your domain. Admins can contact support@egnyte.com to get Device Entitlement enabled.  

Requirements 

  • Device Entitlement is only available with Egnyte’s Device Control package
  • This feature also requires a compatible MDM/MAM/EMM solution
  • Users' devices are already enrolled and setup with the MDM
  • Minimum Supported version: iOS 10.0 or Android 6.0

Setup

Step 1: The admin enables and configures Device Entitlement from Egnyte’s Web UI
Step 2: Connect Egnyte to your Mobile Management solution

Optionally, there are some additional steps that you can take to tailor security for unmanaged devices to your company’s preference.

Step 1: Setting up Device Entitlement in Egnyte

1. If you have purchased the Egnyte Device Control package, you can enable Device Entitlement from our Web UI. Click Settings.

2. Access the Applications panel by navigating to the Configuration tab, then select the Applications page. Toggle Mobile Device Entitlement on to enable the feature.

 webui_redesign_mobile_device_entitlement.jpg

3. Once enabled, generate a Mobile Device Entitlement Token and save this string for the second part of the setup.

webui_redesign_mobile_device_entitlement_enable.jpg

Note: If you are managing multiple Egnyte domains (via Multi-Entity Management), please set the Mobile Device Entitlement Token to be the same across all of your Egnyte domains. If an end user tries to authenticate into a domain that is using a different Mobile Device Entitlement token, it will be treated as an unmanaged device and will have restricted access.

Step 2: Linking your MDM to Egnyte

Each MDM is slightly different, so we have created separate guides for the common mobile management solutions that we support.

MobileIron

AirWatch

MobileIron

1. From your MobileIron admin console, choose Apps from the top menu, then click +Add.

MI1.png
 
2. Choose the platform you’d like to add with the app store drop-down menu. Search for Egnyte in the text box and then click Next.

MI2.png
 
3. Review that you’ve selected the right app and hit Next again, where you can set your distribution filters for the App Catalog. This is where you can mass deploy the app to your users if you so choose. Anyone who can install the app from the App Catalog will be considered a managed device. Click on Next when you’re done.

MI3.png
 
4. In the App Configurations section, tap the + button on the iOS Managed App Configuration row for Apple devices.

MI4.png
 
For managed Android apps, it's under the Android for Work row.

AndroidWork.png
 
5. Fill in the name as something you can remember and reference later (e.g. Egnyte Device Entitlement Configs). Then click the +Add button to fill in the Device Entitlement token then select Next, and then Done when you have finished.
  • Your key should be deviceEntitlementToken
  • Your Device Entitlement Token should be copy/pasted from Step 1 into the value field.

Optional:

  • You can auto-install our app on managed devices so that your end-users don’t even need to search for the app in the app catalog.

 

Step 3: Restriction Customization (Optional)

Once you have successfully configured Device Entitlement for your domain, you can choose to further customize access restrictions from the Egnyte Web UI.

For managed users, you can set your restrictions under the Mobile section, right above the Device Entitlement section in Egnyte.

For unmanaged users, you can customize restrictions separately for Admin/Power Users and Standard Users. Enable either section to further block local storage, require a passcode lock, and/or block 3rd party app access.

Note: More restrictive settings will always overwrite less restrictive ones.

 

Step 4: Scalable Authentication Assist (Optional)

To help onboard your managed users faster, you can pre-install and pre-fill some of your end user’s input fields through your MDM. When your users open the app, all they will simply open the app and type in their password.

Note: Single sign-on users will still have to type in both username and password, but no longer need to fill in the domain field.

In the App Policy view, choose to add the following key-value pairs so that these values are injected into your end user’s device for a seamless authentication experience.

Key

Value

Notes

login

<user's username or email>

This field is ignored when the field useSSO is set to true.

The value should be filled with a MobileIron variable so that each of your end user's devices will have this field prefilled with their username or email. The available variables that you can select from can be found under the Admin -> Attributes section in your Mobile Iron portal.

This value can't be read if the company uses SSO login. Username must follow set convention to work.

domain

<domain name>

iOS: <domain name>.egnyte.com   Android: <domain name>

deviceEntitlementToken

<String>

This string needs to match what is set in the Web UI Device Control panel.

 

Airwatch

1. From your AirWatch admin console, choose Apps & Books from the left-side menu, then choose the Public tab, then Add Application.

AW1.png
 
2. Choose which platform (iOS or Android) and input Egnyte in the Name field. Hit Next for AirWatch to search the app store for the Egnyte app.

AW2.png
 
3. Select Egnyte from the search results and without changing any settings here, choose Save & Assign.

AW3.png
 
4. Now, Egnyte should be added to your list view. Select the row’s radio button and choose to Edit Assignment.

AW4.png
 
5. Scroll down until you see the Policies’ Application Configuration section. Click on the Add button to add your Device Entitlement Token.

AW5.png
 
6. Set the Configuration Key to deviceEntitlementToken then copy and paste the Device Entitlement Token from the Web UI (Step 1) into the Configuration Value field. It should look like the screenshot below when you’re done. Click on Save & Assign, then Publish on the next screen to finish.

AW6.png
 
AW7.png
 
7. The app should now be available in the app catalog for your users to download and install. Any apps installed through the app catalog will receive the Device Entitlement Token that you’ve provided, and these devices will be treated as managed. Any apps installed outside of the MDM will be considered unmanaged, and thus have restricted or limited access.

Optional:

  • You can choose a Silent Install setup to auto-install (mass deployment) our app on managed devices.

Step 3: Scalable Authentication Assist (Optional)

To help onboard your managed users faster, you can pre-install and pre-fill some of your end user’s input fields through your MDM. When your users open the app, all they will simply open the app and type in their password.

Note: Single sign-on users will still have to type in both username and password, but no longer need to fill in the domain field.

In the App Policy view, choose to add the following key-value pairs so that these values are injected into your end user’s device for a seamless authentication experience.

Key

Value

Notes

login

<user's username or email>

This field is ignored when the field useSSO is set to true.

The value should be filled with an AirWatch variable so that each of your end user's devices will have this field pre-filled with their username or email. The available variables that you can select from can be referenced under the Insert Lookup Value button, on the right side of the input box.

This value can't be read if the company uses SSO login. Username must follow set convention to work.

domain

<domain name>

iOS: <domain name>.egnyte.com  

Android: <domain name>

deviceEntitlementToken

<String>

This string needs to match what is set in the Web UI Device Control panel.

 

End-User Experience

  • Your end-users will not need to do anything unique.
  • If unmanaged access is restricted, he will simply not be able to log in
  • If unmanaged devices are allowed access, but with feature restrictions then those features will simply not be available when the end-user is using the app.

Troubleshooting

Question 1: I’m trying to integrate Device Entitlement with Android for Work. However, my device is not letting me install a work profile. What is wrong?

Answer 1: Your device might be rooted. Android for Work does not support rooted devices.

Was this article helpful?
1 out of 2 found this helpful

For technical assistance, please contact us.