-
Endpoint Management integration with Microsoft Endpoint Manager
-
Certificates and authentication
-
Client certificate or certificate plus domain authentication
-
Authentication with Azure Active Directory through Citrix Cloud
-
Authentication with Azure Active Directory through Citrix Gateway for MAM enrollment
-
Authentication with Okta through Citrix Gateway for MAM enrollment
-
Authentication with an on-premises Citrix Gateway through Citrix Cloud
-
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Play Integrity API
The Play Integrity API helps protect your apps and games from potentially risky and fraudulent interactions, such as cheating and unauthorized access, allowing you to respond with appropriate actions to prevent attacks and reduce abuse. For more information, see Play Integrity API.
Enable the Play Integrity API
Follow these steps to switch to the Play Integrity API.
- Turn on the afw.safetynet.attestation.api. deprecation feature flag for the specified Citrix Endpoint Management server.
-
On the Citrix Endpoint Management console, select Android PlayIntegrity from the Settings page.
- Enter a value in the Attestation schedule in the hours field. It is the interval time at which the PlayIntegrity Attestation API assesses your device. The minimum value is 24 hours, and the maximum value is 1000 hours. The default value is 24 hours. Click Save.
- Upgrade to Citrix Secure Hub Android version 23.7.0. Sign off from your device, and sign into Citrix Secure Hub to trigger the Attest via Play Integrity API.
View and analyze Play Integrity API attestation results
- On the Citrix Endpoint Management console, go to Manage > Devices.
- Select the device for which you want to see the Play Integrity API Attestation results. Click Show More.
-
In the Devices tab, select Properties. The results appear in the Security information section.
- The Play Integrity API attestation returns the following statuses:
- If the PlayIntegrity Device Recognition Verdict field has “MEETS_BASIC_INTEGRITY”, it means that Citrix Secure Hub running on the device at least passes the basic system integrity.
- If the PlayIntegrity Device Recognition Verdict field doesn’t have “MEETS_BASIC_INTEGRITY”, it means that Citrix Secure Hub on the device might be running on an unrecognized version of Android, might have an unlocked bootloader, or might not have been certified by the manufacturer.
- If the PlayIntegrity last known status is Success, it means that the PlayIntegrity API attestation is successfully run.
- If the PlayIntegrity last known status is Failure, it means that the PlayIntegrity API attestation has failed to run.
Note:
Admin can clear the feature flag that allows you to use SafetyNet, before the final turndown of SafetyNet Attestation - the end of November 2023.
Limitations
-
Newly enrolled COSU devices and DO devices are marked incompliant, even if the devices are compliant.
Play Integrity API returns empty for the first attest during DO enrollment, which makes the device seem incompliant. This limitation is a known issue from Google. DPC Support Lib 20230418 is published to fix this issue.
The fix is available from the 23.9.0 version. Until then use these steps as a workaround:
- Clear the feature flag, and continue using the SafetyNet API to continue using the SafetyNet Attestation API.
- Sign off and re-sign in to trigger an attestation after enrollment. You can also wait for the next periodic attest, which is the default of 24 hours.
This issue only occurs during enrollment. The Play Integrity API works well after enrollment.
-
Newly enrolled WPCOD devices are marked incompliant even when the devices are compliant. Google is reviewing this issue.
Share
Share
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.