1. Under the Apps section, expand Settings And Policies.
2. Click Security Policies.

The Authentication payload enables the sample app to populate a prompt to authenticate upon launch. The sample app is already equipped with the all the code required to render the authentication box and this payload is used to specify related attributes e.g. type, timeout, allowed attempts etc. The use case here is to require the end user to authenticate in order to use app functionality and data. This restricts the exposure of sensitive resources to unmanaged/ unauthorized users.

While there are multiple combinations possible to fulfill the corporate security requirements, we are going to use the following configuration for Authentication.

1. Change the Current Settings to Override.
2. Select the Authentication Type as Passcode.
   NOTE - We are only enabling Authentication Type as Passcode, however, Single Sign on will be disabled.
3. Select the Authentication Timeout to 1 minute(s).
4. Select Minimum Passcode Length to 6.

Keep all the other options to default.

AirWatch App Tunnel will allow the application to access backend resources to gather the required data and certain functionality. The advantage of using this payload is that so we do not need to enable device level VPN which could potentially expose the internal resources to any unintended third party apps. On top of that, we can also restrict the domains for which the traffic will be tunneled to give more granular network access control.

Now, we will configure the payload to use AirWatch Tunnel already setup at a higher Organization group. We will restrict the traffic to *.airwlab.com to tunnel only.

1. Scroll down until you see the option for AirWatch App Tunnel.
2. Click on Enabled for AirWatch App Tunnel if it is not selected already.
3. Ensure that Host Name is holtunnel.airwlab.com.
4. In the section for App Tunnel URLs enter "*.airwlab.com".

NOTE - Using a Per App VPN Profile is another way of leveraging the AirWatch App Tunnel for proxying.

1. Scroll down to the bottom.
2. Click Save. You should see Saved Successfully at the top which confirms that configuration is saved.

1. Click Settings under Settings And Policies.
2. Click Override for Current Setting.
3. Select Enabled for Custom Settings.
4. Click Custom Settings to expand the section.

Custom settings allows the AirWatch admin to push down values which are variable across the organization group structure. e.g. the values such as username are not available before the device is enrolled. Another example would be to send down an authentication URL such as SAML auth. endpoint which may be different for different organization groups depending on the physical location.

By using Custom Settings, an AirWatch admin can send down either hardcoded values (such as a URL) or they can leverage the look up values available within AirWatch console. e.g. when we push down the look up value {EnrollmentUser}, that value will get replaced by the actual enrollment user when the app is installed on a managed device.

In this section, we are going to send one hardcoded value (URL) and one lookup value ({EnrollmentUser})

1. Scroll down to so you can view the Custom Settings input field.
2. Type in the following in Custom Settings input field: "URL: http://internal.airwlab.com" and "username:{EnrollmentUser}"
3. Click Save. You should see Saved Successfully at the top which confirms that configuration is saved.
4. Click on X at the top right to close the window.

NOTE - An app developer can define variables for the values pushed down via Custom Settings and then those variable would be replaced by actual values in runtime.

1. Click on Add in top right.
2. Click on Internal Application.

Click Upload.

Click Choose File.

1. From the left pane, select the folder Documents.
2. Select the app that we signed and exported from Android studio: AirWatch SDKTest-release.apk.
3. Click on Open.
4. Click on Save.
5. Click on Continue at the bottom of the Add Application window.

Click Save.

Click Continue.

1. Click the More dropdown tab.Now to select the SDK profile, click on the dropdown More.
2. Select the option enhancement mode as SDK.

1. Since we did not create a custom profile but rather changed the default profile, from the dropdown we are going to select Android Default Settings @Global. We are not concerned with Application Profile for this lab.
2. Click on Save & Assign.

Click on + Add Assignment.

1. Select All Devices ([email protected]) for the Assignment Group.
2. Select Auto for App Delivery Method.
3. Click Add.

1. Validate that now you the assignment contains the All Devices group.
2. Click Save & Publish.

Click Publish.