Distribute Android Enterprise apps
Citrix Endpoint Management manages apps deployed to devices. You can organize and deploy the following types of Android Enterprise apps.
- Managed app store apps: These apps include free apps available in the managed Google Play Store. For example, GoToMeeting.
- MDX: Apps prepared with the MAM SDK or wrapped with the MDX Toolkit. These apps include MDX policies. You get MDX apps from internal sources and public stores. Deploy Citrix mobile productivity apps as MDX apps.
- Enterprise: Private apps you develop or get from another source. You provide these apps to your users through the managed Google Play Store. The managed Google Play Store is the Google enterprise app store.
- MDX-enabled private apps: Enterprise apps prepared with the MAM SDK or wrapped with the MDX Toolkit.
You can add enterprise apps and MDX-enabled private apps two different ways.
- Add the apps to the Citrix Endpoint Management console as enterprise apps, as described in the Enterprise apps and MDX-enabled private apps sections in this article.
- Publish the apps directly to the managed Google Play Store using your Google developer account. Then add the apps to the Citrix Endpoint Management console as managed app store apps. See Managed app store apps.
If you publish apps using your Google developer account and then switch to using the Citrix Endpoint Management console, the ownership of the apps differs. You need to manage your apps in both locations, in this case. Citrix recommends adding your apps using one method or the other.
If you need to remove self-managed apps from the managed Google Play Store, open a ticket with Google. Developers can disable, but not delete, apps from the managed Google Play Store.
The following sections provide more in-depth information for Android Enterprise app configuration. For information about distributing apps, see Add Apps. That article includes:
- The general workflows for adding web and SaaS apps or web links
- The required app workflow for enterprise and public store apps
- How to deliver enterprise apps from the Citrix Content Delivery Network (CDN) for Enterprise Apps
Managed app store apps
You can add free apps available on the managed Google Play Store to Citrix Endpoint Management.
Note:
To make all apps in the Google Play store accessible from managed Google Play, use the Access all apps in the managed Google Play store server property. See Server properties. Setting this property to true allows all Android Enterprise users to access public Google Play store apps. You can then use the Restrictions device policy to control access to these apps.
Step 1: Add and configure apps
-
In the Citrix Endpoint Management console, navigate to Configure > Apps. Click Add.
-
Click Public App Store.
-
In the App Information pane, type the following information:
- Name: Type a descriptive name for the app. The name appears under App Name on the Apps table.
- Description: Type an optional description of the app.
-
Select Android Enterprise as the platform.
-
Type the app name or package ID in the search box and click Search. You can locate the package ID in the Google Play store. The ID is in the URL of the app. For example,
com.Slack
is the package ID inhttps://play.google.com/store/apps/details?id=com.Slack&hl=en_US
. -
Apps matching the search criteria appear. Click the desired app then click Select.
-
Click Select again.
-
Click the app icon and configure the app Name and Description.
-
Assign any delivery groups to the app and click Save. For information, see Deploy resources.
Step 2: Configure app deployment
- Navigate to Configure > Delivery Groups and select the delivery group you configured. Click Edit.
- In the Apps section, drag the desired apps to the Required Apps box.
- On the Summary page, click Save.
- On the Delivery Groups page, select the delivery group and click Deploy.
MDX apps
Add MDX files to Citrix Endpoint Management and configure app details and policy settings. To configure Citrix mobile productivity apps for Android Enterprise, add them as MDX apps. For information about the app policies that are available for each device platform type, see:
Step 1: Add and configure apps
-
For Citrix mobile productivity apps, download the public-store MDX files: Go to https://www.citrix.com/downloads. Navigate to Citrix Endpoint Management (XenMobile) > Citrix Endpoint Management Productivity Apps.
For other types of MDX apps, get the MDX file.
-
In the Citrix Endpoint Management console, click Configure > Apps. Click Add. The Add App dialog box appears.
-
Click MDX. The MDX App Information page appears. In the App Information pane, type the following information:
- Name: Type a descriptive name for the app. The name appears under App Name on the Apps table.
- Description: Type an optional description of the app.
-
Select Android Enterprise as the platform.
-
Click Upload and navigate to the MDX file. Android Enterprise only supports apps prepared with the MAM SDK or MDX Toolkit.
-
The UI notifies you if the attached application requires approval from the managed Google Play Store. To approve the application without leaving the Citrix Endpoint Management console, click Yes.
After the managed Google Play Store opens, follow the instructions to approve and save the app.
When you successfully add the app, the App details page appears.
-
-
Configure these settings:
- File name: Type the file name associated with the app.
- App Description: Type a description for the app.
- App version: Optionally, type the app version number.
- Package ID: Type the package ID for the app got from the managed Google Play Store.
- Minimum OS version: Optionally, type the oldest operating system version that the device can run to use the app.
- Maximum OS version: Optionally, type the most recent operating system that the device must run to use the app.
- Excluded devices: Optionally, type the manufacturer or models of devices that can’t run the app.
-
Configure the MDX Policies. MDX policies vary by platform and include options for policy areas, including authentication, device security, and app restrictions. In the console, each of the policies has a tooltip that describes the policy. For information about the app policies that are available for each device platform type, see:
-
Configure the deployment rules and store configuration.
-
Assign any delivery groups to the app and click Save. For information, see Deploy resources.
Step 2: Configure app deployment
-
Navigate to Configure > Delivery Groups and select the delivery group you configured. Click Edit.
-
In the Apps section, drag the desired apps to the Required Apps box.
-
On the Summary page, click Save.
-
On the Delivery Groups page, select the delivery group and click Deploy.
Enterprise apps
Enterprise apps represent private apps that aren’t prepared with the MAM SDK or MDX Toolkit. You develop these apps yourself or get them directly from other sources. To add an enterprise app, you need the APK file associated with the app. Make sure that you follow Google Best practices for private apps.
Watch this video to learn more:
Step 1: Add and configure apps
Add the app one of two ways:
- Publish the app directly to the managed Google Play Store and add it to the Citrix Endpoint Management console as a Managed play store app. Follow the Google documentation on how to Publish private apps, and then follow the steps in the Managed app store apps section.
- Add the app to the Citrix Endpoint Management console as an enterprise app. Do the following steps:
-
In the Citrix Endpoint Management console, click Configure > Apps. Click Add. The Add App dialog box appears.
-
Click Enterprise. In the App Information pane, type the following information:
- Name: Type a descriptive name for the app. This name is listed under App Name on the Apps table.
- Description: Type an optional description of the app.
-
Select Android Enterprise as the platform.
-
The Upload button opens the managed Google Play Store. You do not need to register for a developer account to publish a private app. Click the Plus icon in the lower right corner to continue.
-
Type the name for your app and upload the .apk file. When finished, click Create. It might take up to 10 minutes for your private app to publish.
-
Enter an email address to get updates about your apps.
-
After your application is published, click the icon for the private app. If you want to add an app description, change the app icon, and other actions, click Make advanced edits. Otherwise, click Select to open the app information page.
-
-
Click Next. The app information page for the platform appears.
-
Configure the settings for the platform type, such as:
- File name: Optionally, type a new name for the app.
- App description: Optionally, type a new description for the app.
- App version: You can’t change this field.
- Package ID: Unique identifier of your app.
- Minimum OS version: Optionally, type the oldest operating system version that the device can run to use the app.
- Maximum OS version: Optionally, type the most recent operating system that the device must run to use the app.
- Excluded devices: Optionally, type the manufacturer or models of devices that can’t run the app.
-
Configure the deployment rules and store configuration.
-
Assign any delivery groups to the app and click Save. For information, see Deploy resources.
Step 2: Configure app deployment
-
Navigate to Configure > Delivery Groups and select the delivery group you configured. Click Edit.
-
In the Apps section, drag the desired apps to the Required Apps box.
-
On the Summary page, click Save.
-
On the Delivery Groups page, select the delivery group and click Deploy.
MDX-enabled private apps
To add Android Enterprise apps as MDX-enabled enterprise apps:
- Create a private Android Enterprise app and MDX-enable the app.
- Add the app to the Citrix Endpoint Management console.
- Host and publish the app on the managed Google Play Store.
- Add the app to the Citrix Endpoint Management console as an Enterprise app.
- Add the MDX file to Citrix Endpoint Management.
If you decide to host and publish apps through the Google Play Store, don’t opt in for Google certificate signing. Sign the app with the same certificate used to MDX-enable the app. For more information on publishing apps, see Google documentation on Publishing your app and Signing your app. The MAM SDK doesn’t wrap apps, so it doesn’t require a certificate other than the one used to develop the app.
For more information about publishing private apps through the Google Play Console, see the Google documentation on how to Publish private apps from the Play Console.
To publish an app through Citrix Endpoint Management, see the following sections.
Prepare an Android Enterprise app
When you create an Android Enterprise app, make sure that you follow Google Best practices for private apps.
After you create an Android Enterprise app, integrate the MAM SDK with the app or wrap the app by using the MDX Toolkit. Then, add the resulting files to XenMobile.
You can update the app by uploading an updated.apk file. The following steps cover app wrapping with the MDX Toolkit.
-
Create your Android Enterprise app and generate a signed .apk file.
-
The following sample file has all known policies, some of which might not be applicable for your environment. Any unusable settings are ignored. Create an XML file with the following parameters:
<?xml version="1.0" encoding="UTF-8"?> <MobileAppPolicies> <PolicySchemaVersion> 1.0 </PolicySchemaVersion> <Policies> <DevicePasscode>false</DevicePasscode> <AppPasscode>false</AppPasscode> <MaxOfflinePeriod>72</MaxOfflinePeriod> <StepupAuthAddress/> <RequireUserEntropy>false</RequireUserEntropy> <BlockRootedDevices>true</BlockRootedDevices> <BlockDebuggerAccess>false</BlockDebuggerAccess> <RequireDeviceLock>false</RequireDeviceLock> <NonCompliantDeviceBehavior>AllowAppAfterWarning</NonCompliantDeviceBehavior> <WifiOnly>false</WifiOnly> <RequireInternalNetwork>false</RequireInternalNetwork> <InternalWifiNetworks/> <AllowedWifiNetworks/> <UpgradeGracePeriod>168</UpgradeGracePeriod> <WipeDataOnAppLock>false</WipeDataOnAppLock> <ActivePollPeriod>60</ActivePollPeriod> <PublicFileAccessLimitsList/> <CutAndCopy>Unrestricted</CutAndCopy> <Paste>Unrestricted</Paste> <DocumentExchange>Unrestricted</DocumentExchange> <OpenInExclusionList/> <InboundDocumentExchange>Unrestricted</InboundDocumentExchange> <InboundDocumentExchangeWhitelist/> <connectionSecurityLevel>TLS</connectionSecurityLevel> <DisableCamera>false</DisableCamera> <DisableGallery>false</DisableGallery> <DisableMicrophone>false</DisableMicrophone> <DisableLocation>false</DisableLocation> <DisableSms>false</DisableSms> <DisableScreenCapture>false</DisableScreenCapture> <DisableSensor>false</DisableSensor> <DisableNFC>false</DisableNFC> <BlockLogs>false</BlockLogs> <DisablePrinting>false</DisablePrinting> <MvpnNetworkAccess>MvpnNetworkAccessUnrestricted</MvpnNetworkAccess> <MvpnSessionRequired>False</MvpnSessionRequired> <NetworkAccess>NetworkAccessUnrestricted</NetworkAccess> <DisableLocalhostConnections>false</DisableLocalhostConnections> <CertificateLabel/> <DefaultLoggerOutput>file,console</DefaultLoggerOutput> <DefaultLoggerLevel>15</DefaultLoggerLevel> <MaxLogFiles>2</MaxLogFiles> <MaxLogFileSize>2</MaxLogFileSize> <RedirectSystemLogs>false</RedirectSystemLogs> <EncryptLogs>false</EncryptLogs> <GeofenceLongitude>0</GeofenceLongitude> <GeofenceLatitude>0</GeofenceLatitude> <GeofenceRadius>0</GeofenceRadius> <EnableGoogleAnalytics>false</EnableGoogleAnalytics> <Authentication>OfflineAccessOnly</Authentication> <ReauthenticationPeriod>480</ReauthenticationPeriod> <AuthFailuresBeforeLock>5</AuthFailuresBeforeLock> </Policies> </MobileAppPolicies> <!--NeedCopy-->
-
Wrap the app using the MDX Toolkit. For information about using the MDX Toolkit, see Wrapping Android mobile apps.
Set the apptype parameter to Premium. Use the XML file from the previous step in the command described next.
If you know the store URL for the app, set the storeURL parameter to the store URL. Users download the app from the store URL after you publish the app.
Here is an example of an MDX Toolkit command used to wrap an app called SampleAEapp:
``` java -Dfile.encoding=UTF-8 -Duser.country=US -Duser.language=en -Duser.variant -jar /Applications/Citrix/MDXToolkit/ManagedAppUtility.jar wrap -in ~/Desktop/AEAppFiles/SampleAEApp-input.apk -out ~/Desktop/AEAppFiles/SampleAEApp.mdx -MinPlatform 5.0 -keystore /MyKeystore -storepass mystorepwd123 -keyalias key0 -keypass mykeypwd123 -storeURL "https://play.google.com/store/apps/details?id=SampleAEappPackage" -appType Premium -premiumMdxPolicies <Path to Premium policy XML> <!--NeedCopy--> ```
Wrapping the app generates a wrapped .apk file and an .mdx file.
Add the wrapped .apk file
Add the app one of two ways:
- Publish the app directly to the managed Google Play Store and add it to the Citrix Endpoint Management console as a Managed play store app. Follow the Google documentation on how to Publish private apps, and then follow the steps in the Managed app store apps section.
- Add the app to the Citrix Endpoint Management console as an enterprise app. Do the following steps:
-
In the Citrix Endpoint Management console, click Configure > Apps. The Apps page opens.
-
Click Add. The Add App dialog box appears.
-
Click Enterprise. In the App Information pane, type the following information:
- Name: Type a descriptive name for the app. This name is listed under App Name on the Apps table.
- Description: Type an optional description of the app.
-
Select Android Enterprise as the platform.
-
The Upload button opens the managed Google Play Store. You do not need to register for a developer account to publish a private app. Click the Plus icon in the lower right corner to continue.
-
Type the name for your app and upload the .apk file. When finished, click Create. It might take up to 10 minutes for your private app to publish.
-
Enter an email address to get updates about your apps.
-
After your application is published, click the icon for the private app and click Select to open the app information page.
-
-
Click Next. The app information page for the platform appears.
-
Configure the settings for the platform type, such as:
- File name: Optionally, type a new name for the app.
- App description: Optionally, type a new description for the app.
- App version: You can’t change this field.
- Package ID: Unique identifier of your app.
- Minimum OS version: Optionally, type the oldest operating system version that the device can run to use the app.
- Maximum OS version: Optionally, type the most recent operating system that the device must run to use the app.
- Excluded devices: Optionally, type the manufacturer or models of devices that can’t run the app.
-
Configure the deployment rules and store configuration.
-
In the Enterprise App page, click Next. The Approvals page appears.
To use workflows to require approval before allowing users to access the app, see Apply workflows. If you don’t need an approval workflow, you can skip to Step 13.
-
Click Next.
-
The Delivery Group Assignment page appears. No action is needed on this page. You configure the delivery groups and deployment schedule for this app when you add the .mdx file. Click Save.
Optional: Add or change the store URL
If you didn’t know the store URL when you wrapped the app, add the store URL now.
-
View the app in the managed Google Play Store. When you select the app, the store URL appears in the address bar of your browser. Copy the package name of the app from the URL form. For example:
https://play.google.com/store/apps/details?id=SampleAEappPackage
. The URL you copy might begin withhttps://play.google.com/work/
. Make sure that you changework
tostore
. -
Use the MDX Toolkit to add the store URL to the .mdx file:
java -jar /Applications/Citrix/MDXToolkit/ManagedAppUtility.jar \ setinfo \ -in ~/Desktop/SampleApps/Sample.mdx \ -out ~/Desktop/SampleApps/wrapped/Sample.mdx \ -storeURL "https://play.google.com/store/apps/details?id=SampleAEappPackage" <!--NeedCopy-->
Add the .mdx file
-
In the Citrix Endpoint Management console, click Configure > Apps. Click Add. The Add App dialog box appears.
-
Click MDX. The MDX App Information page appears. In the App Information pane, type the following information:
- Name: Type a descriptive name for the app. The name appears under App Name on the Apps table.
- Description: Type an optional description of the app.
-
Select Android Enterprise as the platform.
-
Click Upload and navigate to the MDX file. Android Enterprise only supports apps wrapped with the MDX Toolkit.
-
The UI notifies you if the attached application requires approval from the managed Google Play Store. To approve the application without leaving the Citrix Endpoint Management console, click Yes.
After the managed Google Play Store opens, follow the instructions to approve and save the app.
When you successfully add the app, the App details page appears.
-
-
Configure these settings:
- File name: Type the file name associated with the app.
- App Description: Type a description for the app.
- App version: Optionally, type the app version number.
- Package ID: Type the package ID for the app got from the managed Google Play Store.
- Minimum OS version: Optionally, type the oldest operating system version that the device can run to use the app.
- Maximum OS version: Optionally, type the most recent operating system that the device must run to use the app.
- Excluded devices: Optionally, type the manufacturer or models of devices that can’t run the app.
-
Configure the MDX Policies. MDX policies vary by platform and include options for policy areas, including Authentication, Device Security, and App Restrictions. In the console, each of the policies has a tooltip that describes the policy. For information about the app policies that are available for each device platform type, see:
-
Configure the deployment rules and store configuration.
The Deploy for always-on connection applies when you’ve configured the scheduling background deployment key in Settings > Server Properties.
The always-on option:
- Isn’t available for iOS devices
- Isn’t available for Android and Android Enterprise customers who began using Citrix Endpoint Management with version 10.18.19 or later
- Isn’t recommended for Android and Android Enterprise customers who began using Citrix Endpoint Management before version 10.18.19
The deployment schedule that you configure is the same for all platforms. Any changes you make apply to all platforms, except for Deploy for always-on connection.
-
Assign any delivery groups to the app and click Save. For information, see Deploy resources.
Update the app
To update the Android Enterprise app, wrap and upload an updated .apk file:
-
Wrap the .apk file for the updated app using the MAM SDK or MDX Toolkit.
-
In the Citrix Endpoint Management console, click Configure > Apps. The Apps page opens.
-
Click Add. The Add App dialog box appears.
-
Click Enterprise. In the App Information pane, type the following information:
- Name: Type a descriptive name for the app. This name is listed under App Name on the Apps table.
- Description: Type an optional description of the app.
-
Select Android Enterprise as the platform.
-
Click Next. The Enterprise App page appears.
-
Click Upload.
-
In the managed Google Play Store page, select the app you want to update.
-
In the app information page, click edit next to the .apk file name.
-
Navigate to the new .apk file and upload it.
-
In the managed Google Play Store page, click Save.