Managing TrueContext Mobile Apps with an AppConfig EMM
About
The AppConfig Community is an EMM (enterprise mobility management) specification designed to standardize app configuration and management. There is a growing number of EMM vendors who support the AppConfig approach. TrueContext is one of the AppConfig partners, meaning it's easy to deploy secure and scalable solutions for mobile workforces within an EMM framework. As the world moves towards Unified Endpoint Management (UEM), or the ability to bring together all kinds of devices and platforms into one solution, AppConfig partners stand ready to provide seamless out-of-the-box experiences and secure work-ready apps with minimal setup.
The AppConfig specification covers most of the device and application management features used by enterprises today. For mobility software vendors, AppConfig provides a specification to develop against that provides very valuable management and security features, without the effort and complexity of app wrapping or SDK embedding.
The following article describes the technical capabilities and deployment the native mobile TrueContext app to devices based on the best practices documented by the AppConfig Community. Reference EMM vendor specific setup documentation available on the AppConfig Community site for details on how to configure each of these capabilities with the EMM vendor of your choice.
App Deployment
EMM solutions can deploy native applications that live on the public app stores to devices. Operating systems such as iOS, Android, and Windows provide EMM vendors native built-in APIs as part of the MDM (Mobile Device Management) protocols documented by the operating systems to make this possible. Using this capability, the TrueContext app in the public app store can be installed automatically or via a self-service catalog with EMM platforms participating in AppConfig Community. Alternatively, white label customers may elect to deploy as an internal or in-house app. EMM vendors participating in the AppConfig Community have the capability to deploy these types of apps as well.
App Configuration
EMM vendors participating in AppConfig Community can auto-configure these settings. The end user no longer has to input these values themselves. Please reference the table below for more information.
| Configuration Key | Description | Value | Type | iOS Support | Android Support |
| Log Level (PFManagedLogLevel) | Select the application log level | Info | string | ✔ | ✔ |
| PFManagedUserName | TrueContext Login User ID | Null | string | ✔ | |
| PFManagedPassword | User Password | Null | string | ✔ | |
| Compression (0-100) PFManagedPhotoCompression | Greater amounts of compression lead to smaller file sizes and lower quality photos. | 30 | Numeric | ✔ | ✔ |
| Resolution PFManagedPhotoResolution | Select the maximum size of the long edge of the image | string | ✔ | ✔ | |
| PFManagedConfirmSend | Confirm that form submissions have been sent. Click this checkbox to enable | True | boolean | ✔ | ✔ |
| PFManagedConfirmReceive | Click this checkbox to enable | True | boolean | ✔ | |
| PFManagedConfirmDiscard | Confirm discard of form in progress. Check this box to enable | True | boolean | ✔ | |
| PFManagedConfirmClear | Confirm clearing of all answers in in-progress form. Check this box to enable. | True | boolean | ✔ | |
|
Custom Maximum Size PFManagedPhotoResolutionCustomSize |
Only if Resolution is “Custom” – allows users to set a maximum size of images in <insert type here>. Please enter the custom maximum size (minimum 200). | No default (can only be specified if resolution is “Custom” | Numeric | ✔ | ✔ |
|
Audio Quality PFManagedAudioQuality |
Select the quality level of recorded audio | Medium Quality | Low/Medium/High | ✔ | ✔ |
|
Show Hints PFManagedShowHints |
Give helpful tips and ideas on how to use the app. Click this checkbox to enable. | True | True/False | ✔ | ✔ |
| PFManagedBarcodeCamera | Select front or rear. | Rear | string | ✔ |
Single Sign On
TrueContext supports delegating the login process to a company’s SAML identity provider. EMM vendors participating in AppConfig Community can auto-deploy the appropriate certificates and credentials to the mobile device to auto-login the user into this SAML identity provider that has been setup.
Note: The SAML identity provider used must support the native SSO capabilities documented in the AppConfig Community. Visit the SSO section of the AppConfig Community Dev Center for an up-to-date list of identity providers that have been tested to work successfully with single sign-on.
The following SSO protocols are supported in the TrueContext app:
| SSO Support | iOS Support (Y/N) | Android Support (Y/N) |
| Certificate based authentication to SAML identity provider |
Y |
Y |
| Kerberos based authentication to SAML identity provider |
N |
N |
When using the certificate-based authentication approach, the following App Configuration key/value pairs must be used to initiate the SSO process.
To support existing integrations, some items will continue to use “prontoforms” or “pf” in the domain or code.
For more detailed information about what’s changing, visit https://support.truecontext.com/hc/en-us/articles/19516168513556
| Configuration Key | Description | Value | Type | iOS Support | Android Support |
| Relay State | N/A | Y | Y | ||
| Audience |
Prontoforms.com/prod Note:If your IdP requires a unique entity ID for each of your TrueContext teams, contact support@truecontext.com. The Support team will start the process of setting you up with a unique entity ID per team. |
URL | Y | Y | |
|
Recipient |
Who will receive the certificate | https://live.prontoforms.com/saml/SSO | URL | Y | Y |
| ACS (Consumer) URL Validator | ^https:\/\/live\.prontoforms\.com\/saml\/SSO$ | URL | Y | Y | |
| ACS (Consumer) URL |
https://live.prontoforms.com/saml/SSO |
URL |
Y |
Y |
|
|
Single Logout URL |
https://live.prontoforms.com/saml/SSO |
URL |
Y |
Y |
Access Control
For security reasons, enterprises may want to prevent users from downloading TrueContext to their unmanaged or unapproved device. The following approaches to preventing access to the TrueContext app on unapproved devices are supported:
| Access Control Support Type | iOS Support (y/n) | Android Support (y/n) |
| SAML Identity provider-based access control | Y | Y |
| App Config Based Access Control | Not Supported | Not Supported |
Security Policies
Some organizations may require the TrueContext app to have more granular security and data loss protection within itself to prevent sensitive data and documents from leaking outside company control. EMM can leverage the native OS protocols to wipe and remove all corporate data on the device and uninstall the TrueContext app.
| Security Policy | iOS Support (Y/N) | Android Support (Y/N) |
| Native OS Encryption | Y (enforced with device PIN code) | Y (enforced with device PIN code) |
| Managed Open In | Y (iOS managed open in policy) | Y (Android for Work policy) |
| Copy / Paste Control | Not Supported | Y (Android for Work policy) |
| Screenshot Control | Not Supported | Y (Android for Work policy) |