How To: Configure the Jive Daily Hosted iOS App for Enterprise Distribution

Version 8

    Overview

    Jive Daily distribution is supported in several configurations:

    • App Store w/ Jive Standard Push
    • Enterprise Distribution
      • Enterprise Mobility Management (EMM) server w/ Standard Push
      • Enterprise Mobility Management (EMM) server w/ Custom Push

     

    Important Notes:

    • For more detail on the difference between Jive Standard and Custom Push, please reference the Push Notification section in the this document.
    • Jive Daily Hosted is supported by Jive 9.0.0+.  If you are using Jive 8 or lower versions, please reference the Jive Mobile documentation.
    • Jive Daily Hosted DOES NOT support mobile wrapping of any kind.

     

    Supported EMM Providers

     

    App Updates

    • For App Store distribution - automatically handled by the device
    • For Enterprise distribution w/ Standard Push: Import from App Store to EMM sever
    • For Enterprise distribution w/ Custom Push:  Updated binaries for Jive Daily Hosted will be published in Jive Works.  Please refer to steps that must be repeated on the new IPA files anytime you want to publish an updated app to your users.

     

    MDM Enterprise Security

     

    App Store Distribution

     

    When Enterprise distribution, management and control is not needed, the easiest way to distribute Jive Daily Hosted in your organization is to leverage the general availability of Jive Daily Hosted in the Apple AppStore.  Users can freely download the application and install from their mobile device.

    pastedImage_1.png

     

     

     

    After installing, the end-user will be required to enter the community URL and complete the authentication process the first time launching the app.

    pastedImage_5 (1).png

     

    Please Note:

    This distribution method is not recommended for customers requiring:

    • Enterprise Distribution through an EMM server
    • Enterprise Security Features and Management (e.g. MDM)
    • Customers using "Custom Push" configuration ( Typically this is required when the Jive-N server cannot connect to Jive Mobile Push Service (Gateway) directly )

     

    Enterprise Distribution w/ Standard Push

     

    The process for enterprise distribution is similar across various EMM providers (e.g. MobileIron, AirWatch, etc).  This is a general description of the process that should be managed by the responsible party for the EMM server (typically IT administrator).

     

    1. Login to EMM server
    2. Import Jive Daily Hosted from the Apple AppStore into the EMM Enterprise App Store
    3. Configure Application Settings (optional step)
      • VPN
      • App Config based configuration of Jive Daily Hosted
    4. Distribute Application to end-user devices

     

    When importing the application directly from the AppStore, Jive Daily Hosted is already signed by Jive to be used with Jive's Mobile Push Service (Gateway), also known as "Standard Push" configuration.  No additional setup is required, but there must be connectivity from the Jive-N server to the Jive's Mobile Push Service (Gateway).

     

    Please note: Jive does not provide direct technical support for the EMM installation, setup and configuration process to manage devices unrelated to the Jive Daily app.  Your EMM provider can assist with the initial setup of their ecosystem and application deployment.

     

     

    Enterprise Distribution w/ Custom Push

     

    The process for enterprise distribution is similar across various EMM providers (e.g. Mobile Iron, Airwatch, etc).  This is a general description of the process that should be managed by the responsible party for the EMM server (typically IT administrator).

     

    Prerequisites

    • You must have a current iOS Developer Enterprise Program membership in order to get the necessary enterprise distribution certificates from Apple.
    • The person performing the re-signing must have a Mac running the necessary version of Xcode -- currently Xcode 8

     

    1. Acquire the latest Jive Daily Hosted iOS binaries from Jive Mobile Release Binaries
    2. Creating New App IDs in Apple Developer Portal
    3. Resign the IPA
    4. Login to EMM server
    5. Import the IPA into the EMM Enterprise App Store
    6. Configure Application Settings (optional step)
      • VPN
      • App Config based configuration of Jive Daily Hosted
    7. Distribute Application to end-user devices

     

    Creating New App IDs in Apple Developer Portal

     

    In order to resign the Jive Daily Hosted IPA, you must generate provisioning profiles for both Jive Daily Hosted app and shared extension as per the following steps.

     

    1) Login to Apple Developer Portal

    pastedImage_3 (1).pngpastedImage_2.png

     

    2) Create new App Group in the Apple Developer Portal

    • Navigate to "Certificates, Identifiers & Profiles"

    • On the menu, select Identifiers > App Groups

    • Create new App Group with:

      • App Group Description (for example: Jive Daily App Group)

      • Identifier (for example: group.com.mycompany.jivedaily)

    pastedImage_3.png

    pastedImage_5.png

     

    3) Create new App ID in the Apple Developer Portal

    • Navigate to "Certificates, Identifiers & Profiles"

    • On the menu, select Identifiers > App IDs

    • Create new App ID with:

      • App ID Description (for example: Jive Daily Hosted)

    • Under "App ID Suffix", select Explicit App ID, and enter a bundle ID, for example: com.mycompany.jivedaily

    • Under "App Services", ensure that the following options are checked:

      • App Groups

      • Data Protection > Complete Protection

      • Push Notifications


    pastedImage_9.png

    pastedImage_7.png

    Screen+Shot+2016-11-27+at+4.12.54+PM.png

     

     

    • To configure the App Group, select the new App ID under Identifiers -> App IDs

    Screen+Shot+2016-11-27+at+4.58.22+PM.png

    • Scroll down and press the Edit button

    Screen+Shot+2016-11-27+at+4.59.02+PM.png

    • Under App Groups, press the Edit button

     

    Screen+Shot+2016-11-27+at+5.09.00+PM.png

    • Check the previously created App Group and press the Continue button

    Screen+Shot+2016-11-27+at+5.11.09+PM.png

    • Press the Assign button

    Screen+Shot+2016-11-27+at+8.13.29+PM.png

    • To configure the Push Notifications Certificates, select the new App ID under Identifiers -> App IDs
    • Under Push Notifications -> Production SSL Certificates, press the Create Certificate button

    Screen+Shot+2016-11-27+at+5.22.04+PM.png

    • Follow the instructions to create Push Notification Certificate

    Screen+Shot+2016-11-27+at+5.25.57+PM.png

    • Lunch the Keychain Access app on the Mac
    • In the top menu, select Keychain Access -> Certificate Assistant -> Request a Certificate From a Certificate Authority

    Screen+Shot+2016-11-27+at+5.36.17+PM.png

    • Fill the email with a company email address
    • Fill the Common Name with your company name \ personal name
    • Check the Save to disk option
    • Verify that the Let me specify key pair information is unchecked
    • Press the Continue button and save the request

    Screen+Shot+2016-11-27+at+5.58.12+PM.png

    • Go back to the Developer Portal, press Choose, and select the certificate request
    • Press the Continue button

    Screen+Shot+2016-11-27+at+6.01.56+PM.png

    • Download the Push Certificate, double click it should import it to Keychain Access

     

    Screen+Shot+2016-11-27+at+6.04.56+PM.png

    Screen+Shot+2016-11-27+at+6.06.48+PM.png

     

    4) Create new App ID the Apple Developer Portal for the share extension

    Since Jive Daily makes use of Apple's share extension capabilities, before resigning Jive Daily Hosted, you must create a second App ID in the Apple Developer Portal.

     

    • Navigate to "Certificates, Identifiers & Profiles"

    • On the menu, select Identifiers > App IDs

    • Create new App ID with:

      • App ID Description (for example: Jive Daily Hosted Share)

    • Under "App ID Suffix", select Explicit App ID, and enter a bundle ID, for example: com.mycompany.jivedaily.share

    • Under "App Services", ensure that the following options are checked:

      • App Groups

    • Data Protection > Complete Protection

     

    Screen+Shot+2016-11-27+at+4.19.19+PM.png

    Screen+Shot+2016-11-27+at+4.19.34+PM.png

    • To configure the App Group, select the new App ID under Identifiers -> App IDs

    Screen+Shot+2016-11-27+at+8.09.00+PM.png

    • Scroll down and press the Edit button

    Screen+Shot+2016-11-27+at+8.09.40+PM.png

    • Under App Groups, press the Edit button

    Screen+Shot+2016-11-27+at+5.09.00+PM.png

    • Check the previously created App Group and press the Continue button

    Screen+Shot+2016-11-27+at+5.11.09+PM.png

     

    • Press the Assign button

    Screen+Shot+2016-11-27+at+8.13.29+PM.png

     

    Signing

     

    In order to leverage "Custom Push", the binary must be signed with the appropriate certificate for your organization's Apple iOS Enterprise program and the matching provisioning profile.  Jive cannot sign customized binaries on your behalf, as this would require access to your organization's private keys, and would violate Apple's developer agreements.

     

    The process has 2 steps:

    1. Update the app & the app share extension bundle ID using the bundler.sh script (attached to this doc)
    2. Resign the app with your organization certificates using the resign.sh script (attached to this doc)

     

    The bundler.sh script expects the following parameters:

    ParameterDescription
    --ipaThe Jive Daily Hosted IPA file, for example: "JiveDaily.ipa"
    --nameThe new name for the app, for example: "Daily"
    --app_bundleThe new bundle ID of the app, for example: "com.mycompany.daily"
    --share_bundleThe new bundle ID for the share extension, that bundle ID must have the same prefix as the app, for example: "com.mycompany.daily.share"
    --appgroupThe new appgroup for the app as created in this step, for example: "group.com.mycompany.daily"
    --outputThe output IPA file, after this process is finished the file needs to be resigned, for example "Daily-temp.ipa"

     

    Sample usage:

     

    ./bundler.sh --ipa "JiveDaily.ipa" \
                 --name "Daily" \
                 --app_bundle "com.jivesoftware.daily.hosted.resigned" \
                 --share_bundle "com.jivesoftware.daily.hosted.resigned.share" \
                 --appgroup "group.com.jivesoftware.daily.hosted.resigned" \
                 --output "JiveDaily-newbundle.ipa"
    

     

    The resign.sh script expects the following parameters:

     

    ./resign.sh input.ipa \
                "Certificate Name" \
                -p com.mycompany.daily=com.mycompany.daily.mobileprovision \
                -p com.mycompany.daily.share=com.mycompany.daily.share.mobileprovision output.ipa \
                --verbose
    

     

    Please note:

    • The input.ipa of the resign.sh script should match the output ipa file of the bundler.sh.
    • The "Certificate Name" needs to match an existing certificate in the local Keychain, for example: "iPhone Distribution: My Company Inc.", for example:

    Screen+Shot+2016-11-30+at+3.36.09+PM.png

    • The "-p com.mycompany.daily" should match the new bundle ID, as previously set in the bundler.sh script, --app_bundle parameter.
    • The "-p com.mycompany.daily.share" should match the new bundle ID for the share extension, as previously set in the bundler.sh script, --share_bundle parameter.
    • The "--verbose" parameter is optional

     

    Sample usage:

    ./resign.sh JiveDaily-newbundle.ipa \
                "iPhone Distribution: Jive Software Inc." \
                 -p com.jivesoftware.daily.hosted.resigned=com.jivesoftware.daily.hosted.resigned.mobileprovision \
                 -p com.jivesoftware.daily.hosted.resigned.share=com.jivesoftware.daily.hosted.resigned.share.mobileprovision JiveDaily-Resigned.ipa \
                 --verbose
    

     

    If you do not know the signing identity you can use the following command to list them from a terminal window:

    /usr/bin/security find-identity -v -p codesigning

     

    Once the binary has been signed with the appropriate certificate and provisioning profile, you can distribute the app to your users under the terms of Apple's Enteprise Program.

     

    Jive Community Configurations

    These configurations are performed on the Jive server side and do not need to be repeated when the Jive app binaries are updated, although new configuration options may become available in the future.

     

    Push Notifications

    With the App Store version of the Jive app, push notifications go from Jive installations to Jive's push gateway, and from there to Apple's push servers, using Jive's credentials.  However, for security, Apple requires that only the signer of an app can send push notifications to the app, which means Jive's push gateway cannot send push notification for a custom-signed app.

     

    In order to enable push notifications for your custom-signed Jive Daily Hosted app

    1. Make sure your app is provisioned with an push-enabled certificate and provisioning profile, as described in Apple's Push Notification Programming Guide.
    2. Log in to the Jive Admin Console.  From the Mobile tab, choose Native Apps.
    3. Under Push Notifications, choose Custom.  Under Apple Push Notification Service Certificate, upload your PKCS#12 (.p12) formatted keypair, and provide the corresponding password. (See Apple's provisioning procedure documentation for more information.)
    4. Click Save Changes at the bottom of the page.

     

    Screen Shot 2016-12-08 at 6.01.01 PM.png

     

    Once you have provided the correct credentials, then any Jive Inbox activity will generate push notifications to users who have installed your app and accepted push notifications.

     

    You are not required to enable push notifications for your app.  To disable push notifications for the entire community, log in to the Jive Admin Console. From the Mobile tab, choose Native Apps, and under Push Notifications, choose None.

     

    If push notification are enabled for the community, each app user can also choose to enable, disable, or customize the behavior of push notifications using standard iOS configuration options.  To do this, on the iOS device, launch Settings > Notification Center and then locate your customized Jive app (the name of the app may have been changed) in the list.