deviceTRUST for Windows and the deviceTRUST Client Extension for IGEL OS 12 and macOS are now available.
×
Search

Client Extension installation on iOS and iPadOS devices

The deviceTRUST iOS Client Extension is available to download from the App Store. The iOS Client Extension is currently only compatible with Citrix Virtual Apps and Desktops and Citrix Cloud. For more information, see Platform Compatibility.

Before using the iOS Client Extension, the deviceTRUST Agent must be supplied with an API Key, and the deviceTRUST iOS Client Extension must be registered with either a QR Code, or with an MDM managed app configuration.

Registering with the deviceTRUST Portal

The deviceTRUST Portal must be registered to your organisation using a registration link available from your deviceTRUST representative. Registration can be performed against one of the following accounts:

  • Microsoft Account - Great for Proof-of-Concepts or small business use with single user administration. No Microsoft Azure AD domain required.
  • Work Account - Great for medium or larger corporate use with multi user administration. Requires Microsoft Azure AD domain.

Generating an API Key for use by the deviceTRUST Agent.

An API Key must be allocated within the Agent Registration section of the deviceTRUST Portal. Click Create, enter a name and click OK. Click View API Key to view the API Key and copy to the clipboard.

Generating an API Key
Generating an API Key

Once generated, the API Key can be entered within the Administrative Templates of the deviceTRUST Policy. Launch a suitable policy editor and navigate to Administrative Templates -> deviceTRUST and enter the API Key within the Mobile: Determine properties from remote devices by connecting to a server. Paste the API Key into the relevant field.

Note:
  • API Keys remain valid as long as they exist within the deviceTRUST Portal. If the API Key is deleted, any deviceTRUST Agent that uses the API Key will no longer be able to communicate with iOS devices.

Generating an App Registration code to register iOS and iPadOS devices.

An App Registration can be generated within the similarly named section of the deviceTRUST Portal. Click Create and populate the following fields:

  • Friendly Name - A user friendly name of the registration.
  • Quantity - The number of iOS devices that the QR code can register.
  • Expiry - Enter a suitable time period of the iOS device enrollment. After the QR code has expired, new iOS devices will be unable to register, but devices already registered will continue to function.
  • Personal Devices - Select Personal Devices to create a registration for a specific user. A personal device name must be unique for the specified user name and domain name.
  • Corporate Devices - Select Corporate Devices to create a registration for your entire company. A corporate device name must be unique for all devices within the company.
Generating an API Key
Generating an API Key
Note:
  • App Registrations allow an iOS Client Extension to register with the deviceTRUST Portal. Deleted or expired App Registration's will prevent new registrations, but will not impact iOS devices that are already registered.

Registering an iOS or iPadOS device using a QR code.

To register an iOS device using a QR code, navigate to the App Registration section of the deviceTRUST Portal and click View QR Code next to an App Registration. Within the iOS Client Extension, click Register and point the camera at the QR code. The iOS device will register with the deviceTRUST Portal.

Registering an iOS or iPad device using an MDM managed app configuration.

Registration of an iOS device using an MDM managed app configuration depends upon the MDM provider that is being used. However, a plist file containing the app configuration profile can be downloaded by navigating to the App Registration section of the deviceTRUST Portal and clicking Download MDM Template. The downloaded plist file can be uploaded to your MDM provider, for more information see the iOS Managed App Configuration.

Naming the iOS device for compatibility with iOS 16 and deviceTRUST Agent 23.1.120 or earlier.

In iOS 16.0, apps require a special entitlement to be able to query the user assigned device name of an iPhone or iPad. The iOS Client Extension does not yet have this entitlement, and therefore can only read the device name as either iPhone or iPad. A unique device name is required for each device to successfully establish a connection between the deviceTRUST Agent and the iOS Client Extension. This limitation can be worked around by renaming devices within the deviceTRUST Portal, or by using an MDM app configuration policy to inform the iOS Client Extension of the real device name.

Using passcodes with deviceTRUST Agent 23.1.200 or later.

Support for iOS 17 or later requires passcode authentication introduced in deviceTRUST Agent 23.1.200. During logon or reconnect, the user is shown a passcode. The user is responsible to switch to the deviceTRUST Client Extension and enter the passcode before switching back to the remoting client.

Entering a passcode
Entering a passcode

More information can be found within the iOS Passcodes reference.