If the active identity isn't managed, the SDK won't apply protections.īecause the SDK has no application-specific knowledge, it must trust the application to share the correct active identity. If the active identity is managed, the SDK will apply protections. Your application must always keep the SDK informed of the identity that is in current use, otherwise known as the active identity. The user does not need to log out and log back into this account to make this change. If no other managed identity has been registered, the SDK will start treating this identity as managed once it is targeted with policy. See Register for notifications from the SDK for more detail.Īn account that is not targeted with app protection policy at registration time will be considered unmanaged.Įven if the account is not licensed for or targeted with app protection policy, the SDK will periodically check if this account becomes licensed and targeted at a later time. If a managed identity has already been registered on the device and your app registers another identity that is also targeted with app protection policy, the SDK will return _USER and prompt the end user with options to remediate. The SDK won't enforce policy for identities it considers unmanaged.Ĭurrently, the Intune App SDK only supports a single managed identity per device.Īs soon as *any- SDK-integrated application registers a managed identity, all subsequently registered identities, even if they're currently targeted with app protection policies, will be treated as unmanaged. The SDK will enforce policy for identities it considers managed. If the account is targeted with app protection policy, the SDK considers it managed otherwise, it is unmanaged. Managed vs Unmanaged IdentitiesĪs described in Registering for App Protection Policy, your application is responsible for informing the SDK when a user logs in.Īt the moment of login, the user's account may or may not be targeted with app protection policy. When integrating multi-identity support, ensure that your app also has access to aadId, tenantId, and authority when setting the identity using the current APIs. In the future, the SDK APIs may present a more holistic identity structure that includes all fields provided at account registration time, not just upn. If your application already supports multiple accounts logged in simultaneously, and you want to retain this multi-account support with app protection policies, your application is considered multi-identity. The Intune App SDK can optionally enforce policy on a per-identity level. These applications are considered single-identity.īy completing the previous stages, your application has successfully integrated as single-identity and can enforce all basic policies.Īpps that are intended to stay single-identity can skip this section and proceed to Stage 6: App Configuration. Identity: the set of data that the Intune App SDK uses to uniquely identify an account.īy default, the Intune App SDK applies policy to your entire application.Īfter registering an account with app protection policy targeted, the SDK associates every file and every activity with that account's identity and will apply that account's targeted policy universally.įor many developers, this is the desired app protection behavior for their application.Account: the software record belonging to an organization that uniquely identifies a user's entity.Further differentiated as end user, the human using the Android app, and admin / admin user / IT admin / IT Pro, the human using the Microsoft Intune admin center. User: the human being using the software product.This guide attempts to differentiate as follows: The terms "user", "account", and "identity" are often used interchangeably. Thoroughly test app protection policy enforcement for both managed and unmanaged identities.Add code to inform the SDK of active and changing identities throughout your application.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |