App policy configurations

The following settings are configurable in the Apple Managed App Configuration in Ivanti's administration portal.

Figure: App Configurations > Configuration Setup

Table: App Configuration settings

Identifier	Default	Description
Version	2	Specifies the format version for configuration and is required. IMPORTANT: Version must be set to 2.
Web Authentication Mode	�For existing deployments, no default (not set). Allow Safari for Login setting is used instead. For new deployments, the default is 2 (ASWebAuthenticationSession).	Use this policy setting to control which web-based authentication controller (embedded browser) is used when users are prompted to sign in to iManage Work. 0 – WKWebView: Enables the legacy embedded web-based authentication controller, WKWebView. Figure: Sign in screen for WKWebView 1 – SFSafariViewController: enables the Safari-based web-based authentication controller, SFSafariViewController. Figure: Sign in screen for SFSafariViewController The primary difference to the user is the addition of the browser buttons at the top of the screen. 2 – ASWebAuthenticationSession: Recommended by iManage. Enables Apple's latest ASWebAuthentication embedded web view controller for web-based authentication. NOTE: With option 2, the first time a user attempts to sign in to iManage Work, they are presented with a prompt. Users must tap Continue to proceed to the iManage Work sign in screen, as shown in the second figure below. Figure: User confirmation prompt during initial sign in - ASWebAuthenticationSession Figure: Sign in screen for ASWebAuthenticationSession 3 – Default browser. Rather than using an embedded web view or web view controller, the app switches to the iOS default browser, and when authentication is complete, the browser switches back to the Work 10 app. By default the default browser is Safari, but the user can change this to any browser such as Edge or Chrome. 4 – Microsoft Edge browser (if installed). Similar to 3 above, but instead of loading the default browser, a specific URL for Microsoft Edge is used. If the user has specified a different default browser and authentication needs to be on Edge, use this setting. If Edge is not installed, no sign in screen will be displayed and the user will not be able to sign in. 5 – Google Chrome browser (if installed). Similar to 3 above, but instead of loading the default browser, a specific URL for Google Chrome is used. If the user has specified a different default browser and authentication needs to be on Chrome, use this setting. If Chrome is not installed, no sign in screen will be displayed and the user will not be able to sign in. 6 – AirWatch/VMware Workspace One browser (if installed). Similar to 3 above, but instead of loading the default browser, a specific URL for Workspace One is used. If the user has specified a different default browser and authentication needs to be on Workspace One, use this setting. If Workspace One is not installed, no sign in screen will be displayed and the user will not be able to sign in. When set, this Web Authentication Mode policy setting replaces the Allow Safari For Login policy setting. For customers who have already deployed iManage Work Mobility: If the new Web Authentication Mode policy setting is blank or not set, iManage Work Mobility uses the value set for Allow Safari for Login instead. For customers deploying iManage Work 10.20.2 or later for the first time: If both Web Authentication Mode and Allow Safari for Login policy settings are blank or not set, iManage Work Mobility defaults to Web Authentication Mode = 2 (ASWebAuthenticationSession). NOTES: The Web Authentication Mode policy setting is ignored if the Server0 Auth policy setting is set to 0 (Explicit Login). This utilizes a standard login dialog instead of a web-based authentication controller. Regardless of this Web Authentication Mode setting, iManage Work Mobility uses the WKWebView embedded web controller when displaying pages directly from iManage Work Web, such as a document's Timeline, or for iManage Share pages.
Allow Safari for Login	true	Use this policy to restrict users from signing in to the application using Safari in iManage Work Mobility. true – When users select Sign In on the Work Mobility application, they are directed to a new Safari window to sign in using their company credentials. false – When users select Sign In on the Work Mobility application, they are directed to an embedded web view window to sign in using their company credentials. NOTES: If the Web Authentication Mode is set to any value, this Allow Safari for Login setting is ignored. When set to false, users cannot save their credentials in the secure iOS Keychain.
Open In (Send)	true	Use this policy to restrict users from sending document(s) in iManage Work Mobility for Ivanti to other applications. true – Enables users to send documents from iManage Work Mobility to other applications through the Open In feature of iOS. false – documents cannot be sent from iManage Work Mobility for iOS to other applications. NOTES: This feature may be restricted or disabled because of MDM policies. When this value is set to false, AirPrint and AirDrop are automatically disabled as well. If the application receiving the file does not support the file type, this feature may be restricted.
Open In (Receiving)	true	Use this policy to restrict users from receiving document(s) in iManage Work Mobility from other applications. true - Users can import documents to iManage Work Mobility from other applications. false - Restricts users from importing documents to the iManage Work Mobility from other applications. NOTE: This feature may be restricted or disabled because of MDM policies.
Enable Native Email	true	Use this policy to restrict users from sending document(s) as email attachments from iManage Work Mobility through native email (Mail app) application. true - enables the users to send the iManage Work document(s) as email attachments using the iOS Mail app. false - prevents the users from sending iManage Work document(s) as email attachments. NOTES: Emailing a document appears when a user taps the iOS Activity or Email button. If you want to prevent emailing documents, then you must also set enable_open_in_send to false. This also restricts users from editing the document from iManage Work Mobility. NRLs are not restricted by any application policies currently.
Enable App Extensions	true	Not applicable for iManage Work Mobility for Ivanti.
Enable Airdrop	true	Use this policy to restrict users from sharing documents in iManage Work Mobility using AirDrop. Apple's AirDrop feature enables the transfer of files between supported macOS computers and iOS devices without using mail or a mass storage device. true - Enables the ability for users to share downloaded documents through AirDrop. false - Disables sharing the documents through AirDrop. NOTES: This feature may be restricted or disabled because of MDM policies. If Open In (Send) is set to false, AirDrop is always disabled.
Enable Printing	true	Use this policy to restrict users from printing documents from iManage Work Mobility. true - Enables the users to print downloaded documents through iOS AirPrint. false - Disables the printing of documents. NOTES: This feature may be restricted or disabled due to MDM policies. If Open In (Send) is set to false, AirPrint is always disabled. If your MDM policy configuration restricts emailing documents out of iManage Work Mobility, users can use Print Preview of a PDF to get around this, as it can be distributed through iOS Mail app. Apple bug report # - 45524779
Enable Downloading	true	Use this policy to restrict users from downloading documents to their mobile devices from iManage Work Mobility. Set one of the following parameters: true - documents may be downloaded to the device. false - prevents bulk download of documents to the device.
Show Demo Connection	true	Displays an option to connect to a public iManage demo server, which can be used to test the iManage Work Mobility application before it is deployed in your environment. true - The Demo connection is displayed at the bottom of the servers list on the sign in screen. false - The Demo connection is not displayed. NOTES: If the user has signed into the Demo connection, it cannot be removed from the list of connections that appears on the side bar. iManage recommends you disable the Demo connection for any production environments so that is not visible to users.
Enable Privacy Curtain	true	By default, the iManage Work Mobility for Ivanti app will blur the screen when it goes into the background. This setting is not applicable for iManage Work Mobility for Ivanti. If you want to disable this functionality, the `MI_AC_ENABLE_SCREEN_BLURRING = false` key pair setting must be added in the Ivanti managed app config settings.
Prevent Copy to Clipboard	false	Use this policy to restrict users from copying content in iManage Work Mobility and pasting it into clipboard or pasteboard. This policy configuration secures iManage Work data. false - Allows users to copy text from an iManage document to other applications. true - Prevents users from copying text from an iManage document. The clipboard or pasteboard in iManage Work Mobility is cleared when a user copies text from any document. This effectively stops copying any data from iManage Work Mobility as the user cannot paste any text into other application(s). NOTE: This feature may be restricted or disabled due to MDM policies.
Enable Analytics	true	This policy controls whether a user will be prompted to opt in or out of sending analytics to iManage. It does not explicitly set up analytics on the app. This option is enabled by default. NOTES: iManage does not track the actual data such as client and matter information, document names, and so on. Users opting in for analytics are not tracked individually. Data collected is not to determine individual use.
View Mode	false	Use this policy to offer users a View-Only experience in iManage Work Mobility. false - Disables View Mode. This allows the user to: Edit documents with an external application Drag and drop documents to a folder Upload documents to a folder using the upload option File an email Auto upload Use Experimental Conversion to PDF Settings Annotate documents true - Enables View Mode. This setting supercedes the Open In (Receiving) and Enable App Extensions settings. Even if those are set to true, those settings are ignored when View Mode is set to true. This setting restricts the user from: Open documents with an external application NOTE: Having Open In (Send) enabled with View Mode also enabled allows for previewing in an external application. Any edits made to the document will not get saved to iManage. Drag and drop documents to a folder Upload documents to a folder using the upload option File an email Auto upload Use Experimental Conversion to PDF Settings Annotate documents NOTE: If View Mode is enabled, when users try to edit a document and try saving it back to the iManage Work Mobility app, the following error message appears: MDM Policy - Application policy prevents from receiving files.
Enable Touch ID / Face ID	true	Enables users to sign into iManage Work Mobility for Ivanti through Touch ID or Face ID on their mobile device. This setting is not applicable for iManage Work Mobility for Ivanti. This is controlled within Ivanti.
Number of Passcode Retries	10	The number of times the application passcode can be entered before all locally stored data is erased from the device (no data is impacted on the server). This setting is not applicable for iManage Work Mobility for Ivanti. This is controlled within Ivanti.
Passcode Grace Period	60	When switching away from the application, there is a time delay before the App Lock is enforced, requiring the user to enter the application passcode (or if configured, Touch ID). The minimum is 10 seconds; the maximum is 999999999 seconds (effectively only requiring the user to enter the application passcode or use Touch ID when the application starts or restarts). This setting is not applicable for iManage Work Mobility for Ivanti. This is controlled within Ivanti.
Login User Pre-fill	-	Allows you to optionally enter a UserID in the login dialog. This applies only when App policy configurations #server_auth is set to 0 - Standard/Explicit.
Custom User Agent (WKWebView Only)	-	If set, this will change the WKWebView’s user agent to the value specified (a text value). This setting only applies if WKWebView is used for authentication. Use this setting only when directed by iManage Support. Changing this setting could prevent users from being able to sign in.
SERVER CONFIGURATION Any number of servers may be included. These are displayed in numerical order based on the integer in the identifier, starting with 0. For example, Server0 is the first server, Server1 is the second server, and so on. NOTE: You must define the following settings for least one entry (server0) to enable the users to connect.
Server0 UUID	-	A UUID to uniquely identify this entry. These can be generated here. Example: `b985dc4b-3232-4719-9d1d-cf0162badc30` NOTE: After a UUID is assigned to a server, the mapping between the UUID and server cannot be altered as this can cause connectivity issues to the clients. IMPORTANT: UUID cannot be blank or duplicated. If any of the servers have a duplicate or blank UUID, that `.immconfig` file is rejected and a previously passed file is implemented.
Server0 Name	-	The name that will be displayed in the app in the list of available iManage Work connections.
Server0 URL		The iManage Work URL for users to access iManage Work via this app. For the cloudimanage.com iManage Work endpoint, enter `cloudimanage.com` For imanage.work endpoints or on premises customers, enter the Work Server URL that matches the SSL certification. NOTE: Adding HTTPS or ports such as ':8000' to this value are ignored. HTTPS and port 443 are always used. SSL/TLS is always used, in accordance with the most secure settings of iOS security.
Server0 Auth	-	The authentication type for the server. The valid values are: 0 - Standard: Supports both Work credentials and domain/username and password for explicit network authentication. 1 - ADFS (On premises ADFS Server): Displays an embedded web view where the user must follow whatever authentication procedures the company has defined for the ADFS implementation. 2 - Common login: Provides a single sign-on for iManage Work 10 client applications. The login UI maintains information about the currently signed-in user in its session cookie. 3 - Use Oauth2 Refresh Token and Access Tokens. See Enable access request tokens for more information. This option minimizes the number of times a user is prompted to login. Username, password, and access tokens and refresh tokens are stored in the iOS Keychain.