Client Extension installation on iOS and iPadOS devices
The deviceTRUST iOS Client Extension is available to download from the App Store. The iOS Client Extension is currently only compatible with Citrix Virtual Apps and Desktops and Citrix Cloud. For more information, see Platform Compatibility.
Before using the iOS Client Extension, the deviceTRUST Agent must be supplied with an API Key, and the deviceTRUST iOS Client Extension must be registered with either a QR Code, or with an MDM managed app configuration.
Registering with the deviceTRUST Portal
The deviceTRUST Portal must be registered to your organisation using a registration link available from your deviceTRUST representative. Registration can be performed against one of the following accounts:
- Microsoft Account - Great for Proof-of-Concepts or small business use with single user administration. No Microsoft Entra ID domain required.
- Work Account - Great for medium or larger corporate use with multi user administration. Requires a Microsoft Entra ID domain.
Assigning roles to Entra ID users
After a Work Account has been used to register an organization with the deviceTRUST Portal, other users within the organization must be assigned the correct role within Microsoft Entra ID for them to be able to sign-in to the deviceTRUST Portal.
When signed into the Azure portal:
- Navigate to the Microsoft Entra ID that belongs to the tenant of the user that registered with the deviceTRUST Portal.
- Navigate to Manage -> Enterprise applications.
- Click on the application named deviceTRUST Portal to view the Enterprise Application.
- Navigate to Manage -> Users and groups.
- To enable an existing user or members of a group to sign-in, click Edit assignment and change the role to Portal Administrator before clicking Save.
- To add a new user or members of a group, click Add user/group, select an appropriate identity and ensure the role is set to Portal Administrator before clicking Save.
Generating an API Key for use by the deviceTRUST Agent.
An API Key must be allocated within the Agent Registration section of the deviceTRUST Portal. Click Create, enter a name and click OK. Click View API Key to view the API Key and copy to the clipboard.
Once generated, the API Key can be entered within the Administrative Templates of the deviceTRUST Policy. Launch a suitable policy editor and navigate to Administrative Templates -> deviceTRUST and enter the API Key within the Mobile: Determine properties from remote devices by connecting to a server
. Paste the API Key into the relevant field.
- API Keys remain valid as long as they exist within the deviceTRUST Portal. If the API Key is deleted, any deviceTRUST Agent that uses the API Key will no longer be able to communicate with iOS devices.
Generating an App Registration code to register iOS and iPadOS devices.
An App Registration can be generated within the similarly named section of the deviceTRUST Portal. Click Create and populate the following fields:
- Friendly Name - A user friendly name of the registration.
- Quantity - The number of iOS devices that the QR code can register.
- Expiry - Enter a suitable time period of the iOS device enrollment. After the QR code has expired, new iOS devices will be unable to register, but devices already registered will continue to function.
- Personal Devices - Select Personal Devices to create a registration for a specific user. A personal device name must be unique for the specified user name and domain name.
- Corporate Devices - Select Corporate Devices to create a registration for your entire company. A corporate device name must be unique for all devices within the company.
- App Registrations allow an iOS Client Extension to register with the deviceTRUST Portal. Deleted or expired App Registration's will prevent new registrations, but will not impact iOS devices that are already registered.
Registering an iOS or iPadOS device using a QR code.
To register an iOS device using a QR code, navigate to the App Registration section of the deviceTRUST Portal and click View QR Code next to an App Registration. Within the iOS Client Extension, click Register and point the camera at the QR code. The iOS device will register with the deviceTRUST Portal.
Registering an iOS or iPad device using an MDM managed app configuration.
Registration of an iOS device using an MDM managed app configuration depends upon the MDM provider that is being used. However, a plist file containing the app configuration profile can be downloaded by navigating to the App Registration section of the deviceTRUST Portal and clicking Download MDM Template. The downloaded plist file can be uploaded to your MDM provider, for more information see the iOS Managed App Configuration.
Naming the iOS device for compatibility with iOS 16 and deviceTRUST Agent 23.1.120 or earlier.
In iOS 16.0, apps require a special entitlement to be able to query the user assigned device name of an iPhone or iPad. The iOS Client Extension does not yet have this entitlement, and therefore can only read the device name as either iPhone
or iPad
. A unique device name is required for each device to successfully establish a connection between the deviceTRUST Agent and the iOS Client Extension. This limitation can be worked around by renaming devices within the deviceTRUST Portal, or by using an MDM app configuration policy to inform the iOS Client Extension of the real device name.
Using passcodes with deviceTRUST Agent 23.1.200 or later.
Support for iOS 17 or later requires passcode authentication introduced in deviceTRUST Agent 23.1.200. During logon or reconnect, the user is shown a passcode. The user is responsible to switch to the deviceTRUST Client Extension and enter the passcode before switching back to the remoting client.
More information can be found within the iOS Passcodes reference.