Sync external MDM

CONTENTS

If you are using a professional MDM (Mobile device management) solution, you can manage the settings so that only devices managed by the external MDM solution can access the LINE WORKS mobile app in the LINE WORKS ‘3rd-party MDM sync’ setting.

Reminders before activating the function

  • You can only use this function if you are using an external MDM solution other than the MDM provided by LINE WORKS. You also cannot use it together with LINE WORKS MDM.
    (If you change the 3rd-party MDM sync to ‘Use’, all the LINE WORKS MDM Exception Management settings that have already been set will be deleted.)
  • This function utilizes the (Managed) App Configuration method of the MDM Framework. Before activating this function, you must first check whether the MDM solution you are using supports the Managed App Configuration setting.
  • For Android OS devcies, this function is only available in the Android Enterprise environment. If there is a member using an Android device or if Android devices are provided as work devices, you must first build an Android Enterprise environment.
  • As soon as you activate this function, all members are automatically logged out of the mobile app, and from then on, they can only log in if the key value is synced through the external MDM solution. Before activating this function, you must first familiarize yourself with the process.

Sync process

To use the sync process, the administrator must activate the function in LINE WORKS Admin and then set the App Configuration for the LINE WORKS app in the administrator console of the MDM solution.

  1. In LINE WORKS Admin, activate the 3rd-party MDM sync and issue the key value.
  2. In the console of the external MDM solution, register the LINE WORKS app as a managed app.
  3. In the console of the external MDM solution, register the App Configuration issued by LINE WORKS Admin for the LINE WORKS app.
    • App Configuration Key: LineworksAuthCode
    • App Configuration Type: String/Text format
    • App Configuration Value: A unique value issued by LINE WORKS Admin
    • Below is an explanation of each term.
      Term
      Description
      Configuration Key
      • This is the configuration key used in Managed App Configuration.
      • The configuration key for 3rd-party MDM sync in LINE WORKS is LineworksAuthCode.
      Value Type
      • This is the format of the key value used in Managed App Configuration.
      • The key value for LINE WORKS 3rd-party MDM sync uses the ‘String’ (Text) format.
      Key Value
      • This is the key value used in Managed App Configuration.
      • Issued in LINE WORKS Admin, it can be generated automatically or entered directly.
        • Auto-generate: Admin uses the automatically generated key value.
        • Custom value: This is useful when you want to use the same key value within a group company, or when a key value was generated in advance and then entered into an external MDM console.
  4. The LINE WORKS app is distributed from the console of the external MDM solution to the members’ devices, or each member installs the LINE WORKS app through the external MDM.

If the Key (LineworksAuthCode) and Value (unique value for each domain) of App Configuration are synced without an issue to the LINE WORKS app according to Step 3, the user can then log into the LINE WORKS mobile app.

The guides below are all for Step 1. Steps 2 to 4 are for settings in each MDM solution. Since each solution requires a different method of setting, you need to refer to the instructions of each solution or contact the solution provider.

User settings

If you turn on the 3rd-party MDM sync function and save it as it is, all members will be automatically logged out from the mobile app within 10 minutes. They will only be able to access the mobile app if the correct key value has been synced with the mobile app through the external MDM.

Complete the App Configuration setting on the console of the external MDM before activating the 3rd-party MDM sync or after according to Steps 2 to 4 of the 3rd-party MDM sync process.

LINE WORKS Admin should be set up as follows:

  1. Select ‘Security’ from the menu on the left of Admin to expand the menu and press ‘Mobile Security’. On the mobile app, tap  to see the menu.
  2. Press ‘Advanced’ on the bottom of the screen to expand advanced features, including the ‘3rd-party MDM sync’ setting.
  3. Select the ‘Manage’ button on the right to access the settings screen.
  4. Open and turn on ’3rd-party MDM sync’.
  5. Check the precautions and press ‘OK’.
  6. Choose whether to restrict logging into other domains.
  7. A new key value has been automatically generated. If you want to set the key value yourself, you can select ‘Custom value’ and enter a new value.
  8. Click the ‘Save’ button on the top to save your changes.

Reissue the key value

If the key value was leaked or the company policy has changed, you can issue a new key value.

If the key value is reissued and saved, all members are forcibly logged out of the mobile app within 10 minutes, and the mobile app can only be used when the new key value is synced through the external MDM.

Before or after changing the key value, the App Configuration must be updated with the key value reissued from the console of the external MDM (according to Steps 2 to 4 of the external MDM sync process).

  1. Select ‘Security’ from the menu on the left of Admin to expand the menu and press ‘Mobile Security’. On the mobile app, tap  to see the menu.
  2. Press ‘Advanced’ on the bottom to expand advanced features, including the ‘Sync external MDM’ setting.
  3. Press the ‘Manage’ button on the right to access the settings screen.
  4. Turn off the ‘Sync external MDM’ function by pressing the toggle button on the right.
    • ‘Auto-generate’ for Key Value: Press the ‘Re-issue’ button on the right of the input field.
    • ‘Custom value’ for Key Value: Remove the existing value and enter a new value.
  5. Click the ‘Save’ button on the top to save your changes.

Restrict logging into other domain

If you activate this option while using the 3rd-party MDM sync function, you can block mobile devices managed by the external MDM from logging into LINE WORKS accounts that belong to other domains/groups.

Before activating ‘Restrict login with other domain account’, you need to familiarize yourself with the information below:

  • To use this function, you must set a unique key value that does not overlap with other domains, including that of the same group company.
  • After turning this option on, you cannot log into the accounts that belong to other domains/groups.
  • When this option is turned on, accounts that are not in the same LINE WORKS domain/group will be automatically logged out within 10 minutes on devices managed with the same key value. However, accounts will be logged out immediately only if at least one account belonging to this domain/group is logged in. If the account belonging to this device is not logged in while an account of other domain/group is logged in, the other domain/group accounts are logged out at the time when an account belonging to this domain/group is logged in.

Disable the function

If you no longer want to control access through external MDM sync, you can disable the 3rd-party MDM sync setting.

However, even if this function is disabled, the configuration key that has already been synced through the MDM solution will not be automatically disabled.

  1. Select ‘Security’ from the menu on the left of Admin to expand the menu and press ‘Mobile Security’. On the mobile app, tap  to see the menu.
  2. Select ‘Advanced’ on the bottom of the screen to expand advanced features, including the ‘3rd-partyMDM sync’ setting.
  3. Select the ‘Manage’ button on the right to access the settings screen.
  4. Open ’3rd-party MDM sync’ and turn off the function.
  5. Click the ‘Save’ button on the top to save your changes.
    Was this article helpful?
    • Yes
    • No
    Sorry about that! Please tell us why
    • The information provided in the guide is wrong.
    • The information is difficult to understand.
    • There is insufficient information on specific devices. (e.g. There is no explanation on Mobile.)
    • Other

    How can we make it better?

    Thank you for your feedback!