Managed App Configuration is supported in BlackBerry through App Policies. Before you deploy an application using BlackBerry UEM, you must set the policies. All the fields in Managed App Config must be specified, even if they are not applicable.

Use the following instructions to configure App Policies in the BlackBerry UEM for the iManage Work Mobility app:

  1. Select Apps.

  2. Select the iManage Work 10 Mobility app. 
    Figure: iManage Work 10 Mobility app in BlackBerry UEM

  3. Modify an existing App configuration by selecting the name in the App configuration list.

  4. On the Config Version tab, set Configuration File Version to 2.
    Figure: Config Version

  5. Select Mobility Policies. The list of available policy settings appears. Refer to the following table for descriptions of each option.

    Figure: Mobility Policies

    Table: Mobility Policies

    Option

    Default Value

    Description

    Open in (Receive)

    -

    Not used by iManage Work Mobility for BlackBerry Dynamics. 

    This is controlled through the BlackBerry framework.

    This setting controls whether users can receive copy of file(s) on iManage Work Mobility for BlackBerry Dynamics from other BlackBerry SDK-enabled applications through the Transfer Files service.

    (Optional) If DLP is disabled through the UEM (not recommended), it allows the iOS method of Open In to receive files from non-BlackBerry SDK-enabled applications.

    Open in (Send)

    -

    Not used by iManage Work Mobility for BlackBerry Dynamics. 

    This is controlled through the BlackBerry framework.

    This setting controls whether users  send a copy of a file(s) from iManage Work Mobility for BlackBerry Dynamics to other BlackBerry SDK-enabled applications through the Transfer Files service.

    (Optional) If DLP is disabled through the UEM (not recommended), it allows the iOS method of Open In to send files to non-BlackBerry SDK-enabled applications.

    Enable Native Email

    -

    Not used by iManage Work Mobility for BlackBerry Dynamics.

    The native iOS email API is unavailable. Instead, the BlackBerry Send Message service is used.

    Enable App Extensions

    -

    Not used by iManage Work Mobility for BlackBerry.

    This is controlled through the BlackBerry framework.

    Enable AirDrop

    -

    Not used by iManage Work Mobility for BlackBerry Dynamics. 

    This is controlled through the BlackBerry framework.

    Enable Privacy Curtain

    -

    Not used by iManage Work Mobility for BlackBerry Dynamics

    The BlackBerry framework has its own method of obscuring screen contents.

    Enable Touch ID for Passcode

    -

    Not used by iManage Work Mobility for BlackBerry Dynamics

    The BlackBerry framework has its own passcode support.

    Number of Passcode Retries

    -

    Not used by iManage Work Mobility for BlackBerry Dynamics.

    The BlackBerry framework has its own passcode settings.

    Grace Period in Seconds

    -

    Not used by iManage Work Mobility for BlackBerry Dynamics. 

    The BlackBerry framework has its own passcode settings.

    Enable Printing

    -

    Not used by iManage Work Mobility for BlackBerry Dynamics. 

    This is controlled through the BlackBerry framework.

    Enable Downloading

    Enabled

    If this policy is enabled, users can download a copy of matter(s) or file(s) on their iOS mobile device for offline use.

    Show demo connection

    Disabled

    If this policy is enabled, Demo is displayed on the Sign In screen, which connects to a public iManage demo server. You can use this server to test iManage Work Mobility application before it is deployed in your environment.

    This is disabled by default, and Demo is not listed on the Sign In screen.

    IMPORTANT:

    It is recommended that you disable the Demo connection for production environments.

    User ID Pre-fill (auth=0 Only)

    Disabled

    Enables the MDM system to record the user ID after a successful authentication.

    With this policy enabled, the User ID field auto-fills the Username during the next login, when a user successfully signs into the iManage Work Mobility for BlackBerry application.

    NOTE: This is supported only when server_auth is set to 0 or 3).

    Prevent copy to clipboard

    -

    Not used by iManage Work Mobility for BlackBerry Dynamics.

    This is controlled through the BlackBerry framework.

    View-only Mode

    Disabled

    Use this policy to offer users a View-Only experience in iManage Work Mobility for BlackBerry Dynamics.

    Disabled (default) - This allows the user to:

    1. Edit documents with an external application
    2. Drag and drop documents to a folder
    3. Upload documents to a folder using the upload option
    4. File an email
    5. Auto upload
    6. Use Experimental Conversion to PDF Settings
    7. Annotate documents

    Enabled - This setting prevents the user from performing the following activities:

    1. Open documents with an external application. NOTE: Having open_in_send enabled with View-only Mode also enabled allows for previewing files in an external application. Any edits made to the document will not get saved to iManage.

    2. Drag and drop documents to a folder
    3. Upload documents to a folder using the upload option
    4. File an email
    5. Auto upload
    6. Use Experimental Conversion to PDF Settings
    7. Annotate documents

    When enabled, this setting supercedes the open_in_receive and enable_app_extensions settings. Even if those are enabled, the app will not honor them when this policy setting (view_mode) is enabled. 

    NOTE: After this policy is enabled, when users edit a document and try saving it back to the iManage Work Mobility app, the following error message appears:

        'MDM Policy - Application policy prevents from receiving files.'

    Enable Analytics

    Enabled

    This policy controls whether a user will be prompted to opt in or out of sending analytics to iManage. It does not explicitly enable analytics on the app.

    This option is enabled by default.

    NOTE:

    • iManage does not track the actual data, such as client and matter information, document names, and so on.
    • Users opting in for analytics are not tracked individually.
    • Data collected is not to determine individual use.

    Web Authentication Mode

    �For existing deployments, no default (not set).
    Allow Safari for Login setting is used instead.

    For new deployments, the default is 2 (ASWebAuthenticationSession).

    Use this policy setting to control which web-based authentication controller (embedded browser) is used when users are prompted to sign in to iManage Work.

    0 – WKWebView: Enables the legacy embedded web-based authentication controller, WKWebView.

    Figure: Sign in screen for WKWebView

    1 – SFSafariViewController: This option is not supported for iManage Work Mobility for BlackBerry Dynamics and should not be used as Safari is not supported with BlackBerry.  If set to 1, users will see a blank white screen instead of a valid sign in screen during web-based authentication, and will be unable to sign in to iManage Work.

    2 – ASWebAuthenticationSession: Recommended by iManage. Enables Apple's latest ASWebAuthentication embedded web view controller for web-based authentication.

    NOTE: With option 2, the first time a user attempts to sign in to iManage Work, they are presented with a prompt. Users must tap Continue in order to proceed to the iManage Work sign in screen, as shown in the second figure below.

    Figure: User confirmation prompt during initial sign in - ASWebAuthenticationSession


    Figure: Sign in screen for ASWebAuthenticationSession

    3 – Default browser.  Rather than using an embedded web view or web view controller, the app switches to the iOS default browser, and when authentication is complete, the browser switches back to the Work 10 app.
    By default the default browser is Safari, but the user can change this to any browser such as Edge or Chrome.

    4 – Microsoft Edge browser (if installed).  Similar to 3 above, but instead of loading the default browser, a specific URL for Microsoft Edge is used. If the user has specified a different default browser and authentication needs to be on Edge, use this setting.
    If Edge is not installed, no sign in screen will be displayed and the user will not be able to sign in.

    5 – Google Chrome browser (if installed).  Similar to 3 above, but instead of loading the default browser, a specific URL for Google Chrome is used. If the user has specified a different default browser and authentication needs to be on Chrome, use this setting.
    If Chrome is not installed, no sign in screen will be displayed and the user will not be able to sign in.

    6 – AirWatch/VMware Workspace One browser (if installed).  Similar to 3 above, but instead of loading the default browser, a specific URL for Workspace One is used. If the user has specified a different default browser and authentication needs to be on Workspace One, use this setting.
    If Workspace One is not installed, no sign in screen will be displayed and the user will not be able to sign in.


    When set, this Web Authentication Mode policy setting replaces the Allow Safari For Login policy setting. 

    For customers who have already deployed iManage Work Mobility:

    • If the new Web Authentication Mode policy setting is blank or not set, iManage Work Mobility uses Web Authentication Mode = 0 (WkWebView).

    For customers deploying iManage Work 10.20.2 or later for the first time:

    • If both Web Authentication Mode and Allow Safari for Login policy settings are blank or not set, iManage Work Mobility defaults to Web Authentication Mode = 2 (ASWebAuthenticationSession).


    NOTE: The Web Authentication Mode policy setting is ignored if the Server0 Auth policy setting is set to 0 (Explicit Login). This utilizes a standard login dialog instead of a web-based authentication controller.

    NOTE: Regardless of this Web Authentication Mode setting, iManage Work Mobility uses the WKWebView embedded web controller when displaying pages directly from iManage Work Web, such as a document's Timeline, or for iManage Share pages.

    Allow Safari for Login

    Enabled

    Not applicable for BlackBerry Dynamics. If the Web Authentication Mode policy setting is not set, WKWebView is used by default.

    Customer User Agent (WKWebView only)

    -

    If set, this will change the WKWebView’s user agent to the value specified (a text value).

    This setting only applies if WKWebView is used for authentication.

    Use this setting only when directed by iManage Support. Changing this setting could prevent users from being able to sign in.

    NOTE:

    The options that are not used by iManage Work Mobility for BlackBerry Dynamics can be set using the default IT Policy in BlackBerry UEM.
  6. Select the Work 10 Server tab to define the iManage Work connections for this policy.
  7. Enter the following information for each individual Work 10 connection (server0, server1, and so on).

    NOTE:

    You must define the following settings for least one entry (server0) to enable the users to connect.

    Although up to 50 server connections are supported, please update only the required number of connections, and leave the rest blank.

    Table: Work 10 Servers

    Name

    Type

    Description

    server0 UUID

    String

    A UUID to uniquely identify this entry. These can be generated here.

    Example: b985dc4b-3232-4719-9d1d-cf0162badc30

    NOTE:

    After a UUID is assigned to a server, the mapping between the UUID and server cannot be altered as this can cause connectivity issues to the clients.

    IMPORTANT:

    UUID cannot be blank or duplicated. If any of the servers have a duplicate or blank UUID, that .immconfig file is rejected and a previously passed file is implemented.

    server0 Display Name

    String

    The name that will be displayed in the app in the list of available iManage Work connections.

    server0 URL Endpoint (e.g. server.acme.com)

    String

    The iManage Work URL for users to access iManage Work through this app.

    • For cloudimanage.com iManage Work endpoint, enter cloudimanage.com
    • For imanage.work endpoints or on premises customers, enter the Work Server URL that matches the SSL certification.

    NOTE:

    Adding HTTPS or ports such as ':8000' to this value are ignored. HTTPS and port 443 are always used. SSL/TLS is always used, in accordance with the most secure settings of iOS security.

    server0 Authentication Mode (0, 1, 2, 3)

    Integer

    The authentication type for the server. The valid values are:

    0 - Standard: Supports both Work credentials and domain/username and password for explicit network authentication.

    1 - ADFS (On premises ADFS Server): Displays an embedded web view where the user must follow whatever authentication procedures the company has defined for the ADFS implementation.

    2 - Common login: Provides a single sign-on for iManage Work 10 client applications. The login UI maintains information about the currently signed-in user in its session cookie.

    3 - Use Oauth2 Refresh Token and Access Tokens. See Enable access request tokens iOS for more information. This option minimizes the number of times a user is prompted to login.
    Username, password, and access tokens and refresh tokens are stored in the iOS Keychain.
  8. Select Save to apply the changes.