iManage Work Mobility for iOS supports Managed App Configuration in two ways:

  • You can use iManage Control Center to create an .immconfig file, and upload it into an MDM tool.
    For more information, refer to Creating configuration files.
  • If a file upload isn't supported on your MDM tool, you can manually enter the key-value pairs. 

IMPORTANT:

The following settings must be configured as shown for the iManage Work Mobility for iOS app to be deployed:

    • version = 2

The following settings must be configured for the iManage Work Mobility for iOS app to be deployed:

    • server0_uuid
    • server0_name
    • server0_auth
    • server0_url

    • enable_downloading

    • enable_printing

    • enable_airdrop

    • enable_native_email

    • open_in_send

    • open_in_receive

    • enable_privacy_curtain

    • enable_touch_id_for_passcode

    • number_of_passcode_retries_min_3_max_20_default_10

    • passcode_grace_period_seconds_min_10_max_999999999_default_60

    • show_demo_connection


IMPORTANT:

Identifiers are case-sensitive and must match exactly as defined.

The following table lists the key-value pairs that can be specified:

Table: Key-value Pairs

 Identifier

Type

Default

Description

version

Integer

2

Specifies the format version for configuration and is required. It must be set to 2.

POLICY CONFIGURATION

open_in_receive

Boolean

true

Use this policy to restrict users from receiving document(s) in iManage Work Mobility for iOS from other applications.

true: Users can import documents to iManage Work Mobility for iOS from other applications.

false: Restricts the users from importing documents to the iManage Work Mobility for iOS from other applications.

NOTE:

This feature may be restricted or disabled due to MDM policies.

open_in_send

Boolean

true

Use this policy to restrict users from sending document(s) in iManage Work Mobility for iOS to other applications.

true: Lets the users to send documents from iManage Work Mobility for iOS to other applications through Open In feature of iOS.

false: Documents can't be sent from iManage Work Mobility for iOS to other applications.

NOTES:

  • This feature may be restricted or disabled because of MDM policies.
  • If the application receiving the file doesn't support the file type, this feature may be restricted.
  • When this value is set to false, AirPrint and AirDrop are automatically disabled as well.

enable_native_email


Boolean

true

Use this policy to restrict users from sending document(s) as email attachments from iManage Work Mobility for iOS through the native email (Mail app) application.

true: Lets users to send the iManage Work document(s) as email attachments using the iOS Mail app.

false: Prevents users from sending iManage Work document(s) as email attachments.

NOTE:

  • Emailing a document appears when a user taps iOS Activity or Email. If you want to prevent emailing documents, then you must also set enable_open_in_send to false. This also restricts users from editing documents from iManage Work Mobility for iOS.
  • This feature may be restricted or disabled because of MDM policies.
  • NRLs aren't restricted by any application policies currently.

enable_airdrop

Boolean

true

Use this policy to restrict users from sharing documents in iManage Work Mobility for iOS using AirDrop. Apple's AirDrop feature enables the transfer of files between supported Macs and iOS devices without using email or a mass storage device.

true: Lets the user to share the downloaded documents through AirDrop.

false: Disables sharing the documents through AirDrop.

NOTE:

  • This feature may be restricted or disabled because of MDM policies.
  • If open_in_send is set to false, AirDrop is always disabled.

enable_printing

Boolean

true

Use this policy to restrict users from printing documents from iManage Work Mobility for iOS.

true: Lets users to print downloaded documents through iOS AirPrint.

false: Disables the printing of documents.

NOTES:

  • This feature may be restricted or disabled due to MDM policies.
  • If open_in_send is set to false, AirPrint is always disabled.

IMPORTANT:

If your MDM policy configuration restricts emailing documents out of iManage Work Mobility for iOS, users can use Print Preview of a PDF to get around this, as it can be distributed through the iOS Mail app.

Apple bug report # - 45524779.

enable_downloading

Boolean

true

Use this policy to restrict users from downloading documents to their mobile devices from iManage Work Mobility for iOS.

true: Documents may be downloaded to the device.

false: Prevents bulk download of documents to the device.

NOTE:

If enable_downloading is set to false, SPE is disabled.

enable_privacy_curtain

Boolean

true

Use this policy to disable Privacy Curtain. Privacy Curtain is a security feature that obscures the contents of iManage Work Mobility for iOS when the application isn't active.

true: The Privacy Curtain is displayed when the application isn't active, obscuring any content that is on the screen.

false: The Privacy Curtain is disabled.

enable_touch_id_for_passcode

Boolean

true

Use this policy to prevent users from signing into iManage Work Mobility for iOS through Touch ID on their mobile device. Touch ID is Apple's fingerprint identity sensor and is a form of bio-metric security meant to be more convenient than entering a passcode or password, especially on iPhones, iPads, and Macs.

true: The user gets an option to enable Touch ID when configuring App Lock. 

false: Touch ID isn't offered.

NOTE:

Even if this setting is true, the Touch ID must be set up and configured on the device first. Also note that this setting may be restricted because of MDM policies. When Touch ID is used, the application passcode (not the iOS passcode) is stored in the Keychain (the application passcode is used as an encryption key).

Therefore, the most secure configuration is for Touch ID to be disabled; the application passcode is never stored, and documents can't be viewed until the user provides the application passcode.

show_demo_connection

Boolean

true

IMPORTANT:

We recommend you disable the Demo connection for any production environments so that is not visible to users.

If a user has signed into the Demo connection, it can't be removed from the list of connections that appears on the side bar.

Server connection that connects to a public iManage demo server, which can be used to test the iManage Work Mobility for iOS application before it is deployed in your environment.


true: The Demo connection is displayed at the bottom of the servers list on the sign in screen.

false: The Demo connection isn't displayed.

number_of_passcode_retries_min_3_max_20_default_10

Integer

10

This is the number of times the application passcode can be entered before all locally stored data is erased from the device (no data is impacted on the server).

The minimum value is 3, and the maximum is 20.

NOTE:

Additionally, you may lose any local changes that you have made to your documents.

passcode_grace_period_seconds_min_10_max_999999999_default_60

Integer

10

When switching away from the application, there's a time delay before the App Lock is enforced, requiring the user to enter the application passcode (or if configured, Touch ID). The minimum is 10 seconds; the maximum is 999999999 seconds (effectively only requiring the user to enter the application passcode or use Touch ID when the application starts or restarts).

prevent_copy_to_clipboard

Boolean

false

Use this policy to restrict users from copying content in iManage Work Mobility for iOS, and pasting it into a clipboard or pasteboard. This policy configuration secures iManage Work data.

false: This setting is the default, and allows users to copy text from an iManage document to other applications.

IMPORTANT:

If this key is missing, false is set.

true: The clipboard or pasteboard in iManage Work Mobility for iOS is cleared when a user copies text from any document. This effectively stops copying any data from iManage Work Mobility for iOS as the user can't paste any text into other application(s).

IMPORTANT:

When you enable prevent_copy_to_clipboard policy, it's applied across iManage Work Mobility for iOS, and you can't select applications (for example, your managed apps) that can be excluded from this restriction.


view_mode

Boolean

false

Use this policy to offer users a View-Only experience in iManage Work Mobility for iOS.

Disabled (default): - This allows the user to:

  1. Edit documents with an external application
  2. Drag and drop documents to a folder
  3. Upload documents to a folder using the upload option
  4. File an email
  5. Auto upload
  6. Use Experimental Conversion to PDF Settings
  7. Annotate documents

Enabled: This setting prevents the user from performing the following activities:

  1. Open documents with an external application.

    NOTE:

    Having open_in_send enabled with View-only Mode also enabled allows for previewing files in an external application. Any edits made to the document won't get saved to iManage.

  2. Drag and drop documents to a folder
  3. Upload documents to a folder using the upload option
  4. File an email
  5. Auto upload
  6. Use Experimental Conversion to PDF Settings
  7. Annotate documents

When enabled, this setting supercedes the open_in_receive and enable_app_extensions settings. Even if those are enabled, the app won't honor them when this policy setting (view_mode) is enabled. 

NOTE: After this policy is enabled, when users edit a document and try saving it back to the iManage Work Mobility app, the following error message appears:

    'MDM Policy - Application policy prevents from receiving files.

  1. The Edit button is disabled and the Share button is displayed. Users will be unable to checkout the document, but they can send it to other apps for viewing
    • Open_in_send must be set to true.
    • If open_in_send is set to false, the Share button isn't displayed.
  2. Selecting Email allows the user to send an NRL or HTTPS link to the document.
    • If open_in_send is true, users can send the document as an attachment, or send the document to Outlook or any other app.
    • If open_in_send is set to false, the user can only share the NRL and HTTPS link.

web_authentication_mode

Integer

For existing deployments, no default (not set).
allow_safari_for_login setting is used instead.

For new deployments, the default is 2 (ASWebAuthenticationSession).

Use this policy setting to control which web-based authentication controller (embedded browser) is used when users are prompted to sign in to iManage Work.

0 – WKWebView: Enables the legacy embedded web-based authentication controller, WKWebView.

Figure: Sign in screen for WKWebView

1 – SFSafariViewController: Enables the Safari-based web-based authentication controller, SFSafariViewController.

Figure: Sign in screen for SFSafariViewController

The primary difference to the user is the addition of the browser buttons at the top of the screen.

2 – ASWebAuthenticationSession: This is recommended by iManage. Enables Apple's latest ASWebAuthentication embedded web view controller for web-based authentication.

NOTE:

With option 2, the first time a user attempts to sign in to iManage Work, they're presented with a prompt. Users must tap Continue to proceed to the iManage Work sign-in screen, as shown in the second figure below.

Figure: User confirmation prompt during initial sign in - ASWebAuthenticationSession


Figure: Sign in screen for ASWebAuthenticationSession

3 – Default browser: Rather than using an embedded web view or web view controller, the app switches to the iOS default browser, and when authentication is complete, the browser switches back to the Work 10 app.

By default, the default browser is Safari, but the user can change this to any browser such as Edge or Chrome.

4 – Microsoft Edge browser (if installed): Similar to 3 above, but instead of loading the default browser, a specific URL for Microsoft Edge is used. If the user has specified a different default browser and authentication needs to be on Edge, use this setting.
If Edge isn't installed, no sign-in screen is displayed and the user isn't able to sign in.

5 – Google Chrome browser (if installed): Similar to 3 above, but instead of loading the default browser, a specific URL for Google Chrome is used. If the user has specified a different default browser and authentication needs to be on Chrome, use this setting.
If Chrome isn't installed, no sign-in screen is displayed and the user isn't able to sign in.

6 – AirWatch/VMware Workspace One browser (if installed): Similar to 3 above, but instead of loading the default browser, a specific URL for Workspace One is used. If the user has specified a different default browser and authentication needs to be on Workspace One, use this setting.

If Workspace One isn't installed, no sign-in screen is displayed and the user isn't able to sign in.

When set, this web_authentication_mode policy setting replaces the allow_safari_for_login policy setting. 

For customers who have already deployed iManage Work Mobility:

  • If the web_authentication_mode policy setting is blank or not set, iManage Work Mobility uses the value set for allow_safari_for_login instead.

For customers deploying iManage Work 10.20.2 or later for the first time:

  • If both web_authentication_mode and allow_safari_for_login policy settings are blank or not set, iManage Work Mobility defaults to web_authentication_mode = 2 (ASWebAuthenticationSession).


NOTE: The web_authentication_mode policy setting is ignored if the Server0 Auth policy setting is set to 0 (Explicit Login). This uses a standard sign-in dialog instead of a web-based authentication controller.

NOTE: Regardless of this web_authentication_mode setting, iManage Work Mobility uses the WKWebView embedded web controller when displaying pages directly from iManage Work Web, such as a document's Timeline, or for iManage Share pages.

allow_safari_for_login

Boolean

true

Use this policy to restrict users from signing in to the application using Safari in iManage Work Mobility for iOS.

NOTE: If web_authentication_mode is set to any value, this allow_safari_for_login setting is ignored.

true: This setting is the default. When users select Sign In on the Work Mobility application, they're directed to a new Safari window to sign in using their company credentials.

NOTE:

With the allow_safari_for_login policy set to true, Safari allows users to save their credentials in the secure iOS Keychain.

false: When users select Sign In on the Work Mobility application, they're directed to an embedded web view window to sign in using their company credentials.

NOTE:

With the allow_safari_for_login policy set to false, users wouldn't be able to save their credentials in the secure iOS Keychain.


enable_analytics

Boolean

true

This policy controls whether a user will be prompted to opt in or out of sending analytics to iManage. It doesn't explicitly enable analytics on the app.

This option is enabled by default.

NOTES:

  • iManage doesn't track the actual data such as client and matter information, document names, and so on.
  • Users opting in for analytics aren't tracked individually.
  • Data collected isn't to determine individual use.

login_user_account_auth0_only

String

-

Allows you to optionally enter a UserID in the sign-in dialog. This applies only when Server Authentication is set to 0 - Standard/Explicit.

force_user_interaction_on_edit_in_place

Boolean

false

Use this policy to control how the app responds when a user saves edits back to iManage Work. This setting is available in iManage Work 10 Mobility version 10.23.4 and later.

false: This setting is the default. After editing a document opened from iManage Work, navigating back to the iManage Work Mobility app automatically saves the user's changes as a new version of the document. Additional edits to the open document are saved to the same version. When finished with their changes, the user must manually check in the file in iManage Work. 

true: After editing a document in iManage Work, navigating back to the iManage Work Mobility app prompts the user with the following dialog. This gives the user control over how they want to save their edits. 

  • Save as New Version: Saves the edits as a new version of the document in iManage Work.
  • Save & Sync: Saves the edits to the existing version of the document in iManage Work.

 

SERVER CONFIGURATION

Any number of servers may be included. These are displayed in numerical order based on the integer in the identifier, starting with 0. For example, server2_uuid is the third server.

NOTE:

You must define the following settings for least one entry (server0) to allow users to connect.

server0_uuid

String

-

A Universally Unique Identifier (UUID) to uniquely identify this entry. These can be generated by visiting https://www.uuidgenerator.net/version4.

Example: b985dc4b-3232-4719-9d1d-cf0162badc30

NOTES:

  • After a UUID is assigned to a server, the mapping between the UUID and server can't be altered because it can cause connectivity issues for the clients.
  • UUID can't be blank or duplicated. If any of the servers have a duplicate or blank UUID, that .immconfig file is rejected and a previously passed file is implemented. 

server0_name

String

-

The name that'll be displayed in the app in the list of available iManage Work connections.

server0_auth


Integer

-

The authentication type for the server. The valid values are:

0 - Standard: Supports both iManage Work credentials and domain/username and password for explicit network authentication.

1 - ADFS (On premises ADFS Server): Displays an embedded web view where the user must follow whatever authentication procedures the company has defined for the ADFS implementation.

2 - Common login: Provides a single sign-on for iManage Work 10 client applications. The login UI maintains information about the currently signed-in user in its session cookie.

3 - Use Oauth2 Refresh Token and Access Tokens: For more information, refer to Enable access request tokens. This option minimizes the number of times a user is prompted to sign in.

Username, password, and access tokens and refresh tokens are stored in the iOS Keychain.

 server0_url

 Text

 -

The iManage Work URL for users to access iManage Work through this app.

  • For iManage Work at cloudimanage.com, enter cloudimanage.com
  • For imanage.work or on-premises customers, enter the iManage Work URL that matches the SSL certification.

NOTE:

Adding HTTPS or ports such as :8000 to this value is ignored. HTTPS and port 443 are always used. SSL/TLS is always used, in accordance with the most secure settings of iOS security.


For more information on configuration files deployment, refer to Deploying configuration files.