Instructions for App Vendors

SIMSme Business

Technical Documentation

SIMSme Business | v.2019.01 | January 2019

Instructions for App Vendors:

Please fill in the appropriate field for each section. If you do not have capabilities for a specific section, you do not need to fill it out.We have broken up app management capabilities in the following ways: Deployment (all apps supported), Configuration, Tunneling (all apps supported), SSO, Access Control, and Security Policies. Fields that are already populated and not highlighted are native operating system and/or EMM capabilities. You can leave these as is. Once completed, include this in your submission to the AppConfig.org website. After being filled out by your organization and submitted, the AppConfig team will remove the instruction section, validate formatting, convert to PDF and make this doc available on the appconfig.org website.

Introduction

The following document describes the technical capabilities and deployment the native mobile SIMSme Business app to devices based on the best practices documented by the AppConfig Community.Reference EMM vendor specific setup documentation available on the AppConfig Community site for details on how to configure each of these capabilities with the EMM vendor of your choice.

App Deployment

EMM solutions have the capability to deploy native applications that live on the public app stores to devices. Operating systems such as iOS, Android, and Windows provide EMM vendors native built-in APIs as part of the MDM “Mobile Device Management” protocols documented by the operating systems to make this possible. Using this capability, the SIMSme Business app that is in the public app store can be installed automatically or via a self-service catalog with EMM platforms participating in AppConfig Community. Alternatively, some customers may choose to build a custom app built using the Force.com development platform. In this case, the resulting app will likely be deployed as an internal or in-house app. EMM vendors participating in AppConfig Community have the capability to deploy these types of apps as well.

App Configuration

For some customers, the first time use of the SIMSme Business application requires the manual configuration of a custom domain. EMM vendors participating in AppConfig Community have the ability to auto-configure these settings. The end user no longer has to input these values themselves. Please reference the matrix below for more information.

Configuration Key / Description / Value / Type / iOS Support / Android for Work Support
disableNoPwLogin / If set to True, the option “Ask password at startup” is set and the user can’t disable it. / true / false / Boolean / Yes / Coming soon
simsLockApplicationDelay / After how many minutes the application asks for the password, if the app was in background. / 0-10 / Integer / Yes / Coming soon
forceComplexPin / If set to true, the user must use a complex code, no pin code. / true/false / Boolean / Yes / Coming soon
simsPasswordTries / The application swipes the data, if the user entered the wrong password for 3, 5 or 10 times. / 3,5,10
/ Integer / Yes / Coming soon
disableSaveToCameraRoll / If set to true, the automatic save to cameraroll is disabled / true/false / Boolean / Yes / Coming soon
disableSendMedia / If set to true, only textmessages can be send. No images, videos and files. / true/false / Boolean / Yes / Coming soon
disableOpenIn / If set to true, the images can be saved to cameraroll and received files can’t be opened. / true/false / Boolean / Yes / Coming soon
passwordMinLength / Minimum length of Password / 0-99 / Integer / Yes / Coming soon
passwordMinSpecialChar / Minimum number of special chars like #-/ are required. / 0-99 / Integer / Yes / Coming soon
passwordMinDigit / Minimum number of digits are required. / 0-99 / Integer / Yes / Coming soon
passwordMinLowercase / Minimum number of lowercase characters for the password. / 0-99 / Integer / Yes / Coming soon
passwordMinUppercase / Minimum number of uppercase characters for the password. / 0-99 / Integer / Yes / Coming soon
passwordMinClasses / How many different groups (digits, special characters, lowercase, uppercase) are required. / 0-4 / Integer / Yes / Coming soon
passwordMaxDuration / If set, the user must change his password after xx days. / 0-65535 / Integer / Yes / Coming soon
passwordReuseEntries / If set, the application will check, if the new password was already used. The application will only remember as many password, as the setting said. / 0-100
/ Integer / Yes / Coming soon
disableExportChat / If set to true, the user can’t export chats. / true/false
/ Boolean / Yes / Coming soon

App Tunnel

EMM vendors who participate in AppConfig Community have the ability to enable native app tunneling features on supported mobile devices using a protocol called per-app VPN. Many EMM vendors provide customers a built-in per-app VPN or App Tunneling solution as part of the EMM offering, as well as integrate with 3rd party per-app VPN providers such as Cisco, Palo Alto Networks, F5, and Pulse Secure.

Single Sign On

SIMSme Business(does not yet) support delegating the login process to a company’s SAML identity provider. EMM vendors participating in AppConfig Community have the ability to auto-deploy the appropriate certificates and credentials to the mobile device to auto-login the user into this SAML identity provider that has been setup.

Note: The SAML identity provider that is used must support the native SSO capabilities that are documented in the AppConfig Community. Visit the SSO section of the AppConfig Community dev center for an up to date list of identity providers that have been tested to work successfully with single sign-on.

The following SSO protocols are supported in the SIMSme Business app:

SSO Support / iOS Support (Y/N) / Android Support (Y/N)
Certificate based authentication to SAML identity provider / N / -
Kerberos based authentication to SAML identity provider / N / -

When using the certificate based authentication approach, the following App Configuration key/value pairs must be used to initiate the SSO process:

Configuration Key / Description / Value / Type / iOS Support / Android for Work Support
-

Access Control

For security reasons, enterprises may want to prevent users from downloading SIMSme Business to their unmanaged or unapproved device. The following approaches of preventing access to the SIMSme Business app on unapproved devices is supported:

Access Control Support Type / iOS Support (y/n) / Android Support (y/n)
SAML Identity provider based access control / N / -
App Config Based Access Control / N / -

Security Policies

Some organizations may require the SIMSme Businessapp to have more granular security and data loss protection within itself to prevent sensitive data and documents from leaking outside company control. Lastly, EMM can leverage the native OS protocols to wipe and remove all corporate data on the device and uninstall the SIMSme Business app.

Security Policy / iOS Support (Y/N) / Android Support (Y/N)
Native OS Encryption / Y (enforced with device pincode) / -
Managed Open In / Y (iOS managed open in policy) / -
Copy / Paste Control / N / -
Screenshot Control / N / -

The following config key/value pairs correspond to any security controls above that are implemented via app configuration keys.

Key / Description / Value / Type / iOS Support / Android for Work Support
disableOpenIn / If set to true, the images can be saved to cameraroll and received files can’t be opened. / true/false / Boolean / Yes / Coming soon

SIMSme Business | v.2019.01 | January 2019

Page 1