Deployment on managed devices (MDM)
Threema Work supports Android Enterprise (Android 5.0 or higher) and Managed App Configuration (iOS 8.0 or higher). These standards are used by all popular MDM systems (cf. Supported MDM Systems).
A wide range of configuration settings allow you to preconfigure the app tailored to your company’s requirements.
Rollout and configuration using a regular MDM system
Add a license for MDM systems for an easy automatic rollout. Use the list of configuration settings to define specific config policies.
Instructions for configuring the Threema Work app using MS Intune can be found here.
App configuration via the management cockpit in addition to an MDM system
The app configuration can be used in addition to a regular MDM system, e.g. to push last-minute changes.
Good to know: Configuration settings defined in the management cockpit overwrite the settings defined by the MDM system. This applies also to individual configuration settings. For example, if only one setting is defined in the management cockpit, only this setting will be overwritten, while the rest of the configuration defined in the MDM system remains unchanged.
Related articles
You can deploy the Threema Work app manually or by using an MDM or EMM system:
-
Manual deployment: unmanaged devices (without MDM)
Manual deployment is straightforward. After the users have downloaded the free Threema Work app from the appropriate app store, they enter the credentials you have provided, and the app is ready for use. Learn more… -
Deployment via MDM system
If you deploy the Threema Work app via MDM system, the credentials for the app’s activation are provided by the MDM system. The setup process can also be completed automatically using configuration parameters. Learn more…
Watch our product demo to learn how to deploy the Threema Work app to your users and to get an overview of the management cockpit.
You can preconfigure the Threema Work app for your users and set it up as desired so that the app is ready for use when first launched. The preconfiguration can be carried out using either a regular MDM system or the app configuration in the management cockpit. The app configuration is typically used for personal or unmanaged devices.
With global settings, you can preconfigure the app for all users in the same way.
Individual settings allow you to define exceptions from the global settings for each user.
Try it with this instruction, or get an overview of the available configuration settings in our product demo.
Threema Work is compatible with any MDM system that supports Android Enterprise (Android) and Managed App Configuration (iOS). Many developers of such MDM systems are part of the AppConfig Community. Threema Work is compatible with MobileIron, Sophos Mobile, Citrix XenMobile, SAP Afaria, VMware AirWatch, and others.
The following step-by-step instructions for deploying Threema Work are available:
Other MDM systems: Please make sure that your MDM system supports Android Enterprise (Android) and Managed App Configuration (iOS).
When configuring the Threema Work app with MS Intune, certain token types from Intune are available. According to Microsoft, the following token types can currently be used to configure the Threema Work app:
- {{userprincipalname}}, e.g., john@contoso.com
- {{mail}}, e.g., john@contoso.com
- {{partialupn}}, e.g., John
- {{accountid}}, e.g., fc0dc142-71d8-4b12-bbea-bae2a8514c81
- {{userid}}, e.g., 3ec2c00f-b125-4519-acf0-302ac3761822
- {{username}}, e.g., John Doe
- {{PrimarySMTPAddress}}, e.g., testuser@ad.domain.com
Other custom key/value pairs are not supported.
With Android Enterprise, it is generally possible to distribute the app in a container. iOS does not have a standardized type of container supported by the operating system.
However, Threema Work is not available as a wrapped container solution (e.g., for MobileIron AppConnect or Citrix MDX Toolkit). Wrapping would require substantial adjustments to the Threema Work app that would lead to considerable limitations and incompatibilities. Since our requirements in regard to ease of use and reliability could not be met, wrapping is not supported.
If your company uses MobileIron AppConnect, please refer to this article.
Threema Work supports Android Enterprise (formerly known as Android for Work). For technical reasons, MobileIron AppConnect and Android Enterprise can’t be used at the same time.
However, the app configuration in the management cockpit can be used to manage the Threema Work app separately in case you use MobileIron AppConnect.
After installation, users must activate the Threema Work app once by entering their credentials (username and password).
Save users from having to type in their credentials by sending them an activation link. You can copy this link by clicking on the three dots at the end of a line in the user management overview or by clicking “Copy activation link” in a user’s detail view.
Please note:
- The Threema Work app must be installed on the device in order for the activation link to work.
- On Android, the Threema Work app must have been opened at least once in order for the activation link to work.
The activation link is structured like this:
https://work.threema.ch/license?username=somecompany&password=xxxxxxxxx
If the number of active users or devices exceeds the number of purchased licenses, users are highlighted in red in the overview. To delete unneeded users or devices, carry out the following steps:
- Log in to the management cockpit and open the user management.
- Select the “Issues” dropdown list. If you see the message “Licenses contain too many devices,” continue with step 3. If not, continue with step 4.
-
Click on the issue “Licenses contain too many devices” and then on a user. The section “Devices” lists the user’s devices.
- Assess which devices are no longer needed based on the time of the last activity and the Threema ID.
- Delete the unneeded device by clicking on the three dots at the end of a line. Caution: do not use the “Delete” button at the top right to avoid deleting the entire user.
- Return to step 2.
-
Click on the issue “Licenses missing for active users”
- Check the box next to the users you want to delete.
- Click on the “Delete” button at the bottom of the page and follow the on-screen instructions.