Add and deploy mobile applications

CyberArk Identity supports the following device operating systems:

  • Android
  • iOS
  • OS X

The mobile applications you add are displayed on the Identity Administration portal Apps page. You deploy native device mobile applications to sets of users based on their roles. In addition, the mobile applications that users have installed on their devices are listed in the “Installed Applications” list when you open the device details page.

For Android devices, you can deploy any free application from Google play or an Android application for which you have the binary (.APK) file.

For iOS devices, you can deploy any free application from the Apple App Store or an iOS application for which you have the binary—the .IPA—file.

If you have the binary file, you can use the Custom option in the Identity Administration portal to add the mobile application.

Automatic versus optional installation

When you select permissions for application deployment, you can select Automatically Deploy. Automatic deployment is handled differently on Android, iOS, and OS X devices.

On Android devices, only custom applications that you set for automatic deployment are installed automatically on the devices. Play Store applications that you set for automatic deployment are listed on the CyberArk Identity mobile app Apps screen under the Recommended banner. Other applications are listed under Optional. Users must manually install all the deployed Play Store applications. Newly deployed applications have a “New” button indication.

On Android for Work devices, Play Store applications that you set for automatic deployment are automatically installed on to the device. In-house Android applications are not supported with Android for Work.

On all devices, applications not set for automatic deployment are displayed with a “New” button and are not installed until the user taps New.

After the application is installed, its icon is also displayed in the device’s App application.

On iOS devices, mobile applications configured for automatic deployment are not installed automatically. Instead, the user is prompted to install each application you deploy.

The prompt is displayed right after the user enrolls the device or within ten minutes after you deploy the application from the Identity Administration portal. The dialog box indicates the server and the application name.

The user taps Install to proceed with the installation. The application is displayed on the home screen after installation.

Users can select Cancel to prevent installation. When users select Cancel, they are prompted the next time they open the device to install the application. If they select cancel again, they are not prompted anymore. They can, however, still install the application by opening the Company Apps web clip.

Company Apps is a web clip that is installed automatically when the device is enrolled.

When the user opens the web clip, the screen lists all mobile applications deployed to this user. The user can then click the application icon for a short description and choose which applications to install.

Mobile applications are deployed through the Munki Managed Software Center, which is installed on a user’s device during enrollment through the Agent for Mac.

Mobile applications configured for automatic installation are installed when users click Update in the Munki Managed Software Center. The Managed Software Center checks for updates every hour.

Mobile applications configured for optional installation appear in the Managed Software Center’s Software page. They can be installed or removed at the user’s convenience.

Mobile applications can also be deployed through the Company Apps store; however, this method of deploying mobile applications is deprecated in favor of the Managed Software Center.

Mobile applications configured for automatic installation are installed the first time a user signs in to the Company Apps store, which is available in the Launchpad after enrolling with the Agent for Mac. These applications appear in the Company Apps store as Required applications.

Mobile applications configured for optional installation appear in the Company Apps as Optional, and can be installed at the user’s convenience by clicking Install.

Remove a mobile application

If you don’t want to deploy a mobile application any more, you have two options:

  • You can reset the permissions in the application’s Permissions settings.

    This leaves the application listing on the Apps page. The status is changed to “Ready to Deploy” when it is not assigned to any roles.

  • You can delete the application from the Apps page.

    This removes the application from all roles.

After you stop deploying a mobile application, it is no longer listed in the CyberArk Identity mobile app on Android devices and Company Apps webclip on iOS devices. However, if the user has already installed the application, it remains installed on the device. For example, the user can still open the application from the device’s Apps catalog. Removing the application from the device can only be done by the user.

The same is true when a device is unenrolled from CyberArk Identity. That is, any application installed from the Mobile Apps screen remain installed after the device is unenrolled.