Mobile Device Management (MDM)

Still need help?

The Atlassian Community is here for you.

Ask the community

You can distribute the Confluence Data Center and Server app to people in your organisation using your MDM solution. This allows you to:

  • Deploy the Confluence Data Center and Server app to company-approved iOS and Android devices.
  • Apply security policies to require Face ID, Touch ID, or passcode to unlock the app, or prevent users from copying, pasting or sharing text. Requires Confluence Data Center and Server iOS app version 1.25.0 or later.

  • Pre-populate your Confluence site URLs (just the URL, we don't pass login credentials). People will still be able to enter a URL, which is useful if you have some rarely used sites, and don't want to pre-populate them all.  Requires Confluence Data Center and Server iOS app version 1.8.0 / Android app version 0.4.3 or later. 

Summary of MDM functions...
MDM FunctionSupported for Confluence Data Center and Server app
App deploymentYes
App configurationYes - to pre-populate the site URL only
App tunnelYes 
Single sign-on (SSO)No
Security policies & access controlYes

Read more about AppConfig and what we currently support in our AppConfig Technical Capabilities white paper.

Using the Confluence Cloud app? Learn how to configure MDM for cloud apps

Distribute the app to managed devices

The way you do this will depend on your particular MDM provider. In most cases you will:

  • Add the app to your MDM app catalog. 
    • For iOS you will likely bulk purchase through the Apple VPP store, then link the app in your MDM solution (this might be by providing an sToken, or could happen automatically)
  • Choose which devices should be able to install the app (this might be called something like distributing or assigning the app).

Refer to the documentation for your MDM provider for more information. 

Apply security policies (iOS only)

The keys below are only applicable to iOS because Android supports security policies by MDM providers out of the box.

Use security policies to control things like copy / paste, sharing text, and unlocking the app. Requires Confluence Data Center and Server iOS app version 1.25.0 or later.

KeyDescription

Prevent cut, copy, and paste

atlassian.devicePolicyClipboardRestriction

Value type: Integer (1 or 0, any other value will result in an error)

Description: Set this value to 1 to restrict clipboard use. This prevents users from cutting, copying, and pasting data from the app to other apps. Set this value to 0 to allow clipboard use.

Note: Users will be able to copy and paste between Jira and Confluence Data Center or Cloud apps if those apps also set this value to 1.

Prevent sharing text to other devices

atlassian.devicePolicyDataExportRestricted

Value type: Boolean (true/false)

Description: Set this value to true to prevent text from being shared to other devices via the iOS share sheet.

Require Face ID, Touch ID, or password to unlock the app

atlassian.devicePolicyLocalAuthRequired

Value type: Boolean (true/false)

Description: Set this value to true to require users to unlock the app using Touch ID, Face ID, or a passcode.

atlassian.devicePolicyLocalAuthTimeout

Value type: Integer (number greater than zero)

Description: Enter a number in seconds (for example 100) to define the time that the app can be open but not in use (in the background), before a passcode is required again. If you don’t set a value, the default timeout is 120 seconds.

Pre-populate site URLs on the login screen

If your MDM solution supports the AppConfig standard, you can save your users time and prevent mistakes by pre-populating your site URL in the app.  

To pre-populate the mobile app login screen with one site URL:

  1. In your MDM, navigate to the App Config section. Check the documentation for your MDM for how to do this. 
  2. Add a new key called "sites"
  3. In the Value field for the key, enter your site title and URL in JSON format as shown in the examples below. Replace the title and base URL with your own site details. 

    For a single URL: 

    [
    { "title": "My Confluence Site", "baseURL": "https://conf.example.com"}
    ]

    For multiple URLs: 

    [ 
     {"title": "My Docs Site", "baseURL": "https://docs.example.com"} ,  
     {"title": "Intranet", "baseURL": "https://team.example.com/confluence", "skipInfo": false} 
    ]

    Copy the JSON carefully, including the [ and ].

  4. Save your changes. We recommend you access the Confluence Data Center and Server app on a device to check you have passed the URLs correctly, before distributing the app config changes to your users. You'll see an error if the app can't display your list of sites. 

Parameters

The following parameters are accepted for the sites key in app config. 

ParameterRequiredDescription
titleYesDescriptive name of your Confluence instance. This will appear above the URL on the app login screen.
baseURLYes

The base URL of your Confluence site. To check it, go to Administration  > General Configuration.

skipInfoNo

Use this parameter if you have log in problems in because your proxy server blocks any unauthenticated requests. When set to true, the mobile app won’t make login/server-info calls that require authorization and instead will redirect your users to your single sign-on page.

Make sure the Confluence Mobile plugin is enabled...

In general, the Confluence Mobile plugin is a prerequisite for using the mobile app. However, if the skipInfo parameter is set to true, and the plugin is disabled, your users will see a desktop version of Confluence and be able to log into it, which is not the correct behavior, but might not look like an obvious error.

(Requires iOS app 1.14.0 / Android app 0.6.2)


Here's an example of how the AppConfig looks in AirWatch and MobileIron, two popular MDMs. These screenshots are for the Jira Data Center and Server app, but the process is the same for Confluence. 

  

Last modified on Feb 21, 2023

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.