Product Documentation

Managing SharePoint Configurations

Apr 09, 2015

Citrix data loss prevention (DLP) solution enables access from your mobile workforce to your SharePoint content. You can apply access control rules to content to prevent unauthorized usage depending on document classification. In XenMobile, you can use the DLP-SharePoint/Encrypted Email Attachment Viewing feature to manage Sharepoint configurations. If the SharePoint configuration item is unavailable, your license does not include the SharePoint feature. To check your license features, view the About tab in the web console.

If you are planning to use the Device Manager SharePoint access management feature, make sure your deployment meets the following Windows requirements:

  • SharePoint 2010 or Office 365.
  • Windows 2008 R2 - SharePoint 2010 SP1 is required or KB976127.
  • Windows 2008 – Rest API calls will fail unless KB976217 is also installed.
Note: Make sure that your SharePoint folders on the SharePoint server do not use special characters such as commas (,), semicolons (;), or periods (.), or those folders will not appear on your users' devices.

To configure a SharePoint resource configuration site in Device Manager

When you configure a SharePoint resource configuration site, you define the SharePoint server settings and specific directories (folders) that you want to expose to the device user.
Note: Make sure that your SharePoint folders on the SharePoint server do not use special characters such as a comma(,), semicolon(;), or period(.), or they will not appear on your users' devices.
  1. In Device Manager, click the Policies tab.
  2. Under App Policies, under SharePoint, click Resource Configurations.
  3. Click New Configuration.
  4. In the Create a resource configuration dialog box, on the Site/Folder Config tab, enter a name for the SharePoint site and then configure the following:
    • Name. The name of the resource definition.
    • Description. A free text description describing the resource.
    • Site. Enter the SharePoint site Web address.
    • Doc Library/Folder. Enter the list of path relative to the base site that you want to publish.
    • Include Sub-folders. Enables the access to sub folders of the above defined path.
    • Document Control. Check all the document controls that are applied to the doc libraries.
  5. In the Options dialog box, configure extra options you would like to apply to the SharePoint document folder on your users' iOS devices, such as if the documents should be wiped from the device if the device is jailbroken, encryption and annotation of documents, and so on and then click Create.

To configure a SharePoint document control policy

You can enable your users to securely access corporate SharePoint content. You apply access control rules, on the content in order to prevent unauthorized usage or actions, depending on your company policy and document sensitivity. You can view this content on the Connect agent on a device in the Documents -> Shared Docs folder. You create a SharePoint control policy to define explicitly what a device user can and cannot do with documents in their secure document container on their devices, such as whether or not documents can be printed, if a user can copy and paste to and from documents, if document check in/check out is allowed, and so on.
  1. Under XenMobile Policies, under SharePoint, click Control Policy.
  2. Click New Control Policy.
  3. In the New Control Policy dialog box , on the General tab, enter a name for the policy.
  4. On the Document Control tab, you can set the control policies for all the documents in the folders specified in your SharePoint resource configuration.
  5. You can define the following controls that will be applied to the documents by selecting them. Any options left unselected will not be allowed by document users.
    • Allowed features
      • Document synchronization. Allow the document to be synchronized to the device. If not checked, the document is only accessible online.
        Note: If you want to be able to annotate PDF files on your device, you need to make sure this option is selected, since the PDF annotation tools only work with locally synced documents.
      • Copy/Paste of content. Allow copy/paste of document content .
      • Email link to document. Enable users to send a link to this document via email.
      • Email document. Allow users to send this document via email.
      • Print document. Allow users to print this document.
      • Document check in. Allow users to check in this document from SharePoint .
      • Document check out. Allow users to check out this document from SharePoint.
      • Open document in another application. Allow users to open this document in a third-party application on the device. If not checked, only the internal viewer can be used.
    • Time expiration
      • Expires on a date. Specify a date after which the document is not be accessible. If on the device, it will be deleted.
      • Expires after x Days. Specify the duration of validity of the document. After the specified period, the document is not accessible.
    • Authentication expiration
      • Specify an authentication timeout. If the user does not authenticate regularly to SharePoint, the documents become inaccessible.
  6. Click Create.

Configuring SharePoint on Android Devices

To configure a SharePoint data loss prevention (DLP) connection for Android, you need to do the following:
  • Create an application tunnel that the SharePoint server will use to communicate securely with the device; use a client port.
  • Create a SharePoint resource configuration that configures the SharePoint site server address; be sure to use the client port configured in the application tunnel.
  • Create a SharePoint policy to configure the security and access parameters for the SharePoint site.
  • Deploy the policy to the device.

To create the application tunnel

  1. On the Policies tab, click Android, click Tunnels and then click New Tunnel.
  2. In the Create a Tunnel dialog box, enter the follow app tunnel parameters:
    • Name. Give the app tunnel a name that indicates it is going to be for a SharePoint connection.
    • Application Device Parameters Client Port. The port number that will be used by the XenMobile client application on the device.
      Note: You will need to use this same port when you configure the SharePoint resource.
    • Application Server Parameters
    • IP address or server name. Address of the SharePoint server.
    • Server Port. SharePoint server port.
  3. Click Create.

To create a new SharePoint control policy

A SharePoint control policy defines a set of actions that the user will be able to execute on documents. Document Control allows you to define all the features that will be applied to the documents:

  1. On the lower-left, click Control Policies and then click New Control Policy.
  2. In the Create new control policy dialog box, on the General tab, enter a name such as "Android Employee SharePoint Documents."
  3. On the Document Control tab, configure the following settings:
    • Allowed features
      • Document synchronization. Allow the document to be synchronized to the device. If cleared, the document is only accessible online.
        Note: If you want to be able to annotate PDF files on your device, you need to make sure this option is selected, since the PDF annotation tools only work with locally synced documents.
      • Copy/Paste of content. Allow copy/paste of document content.
      • Email link to document. Enable the user to send a link to this document via email.
      • Email document. Allow the user to send this document via email.
      • Print document. Allow the user to print this document.
      • Document check in. Allow the user to check in this document from SharePoint.
      • Document check out. Allow the user to check out this document from SharePoint.
      • Open document in another application. Allow the user to open this document in a third-party application on the device. If not selected, only the internal viewer can be used.
    • Time expiration
      • Expires on a date. Specify a date after which the document is not be accessible. If on the device, it will be deleted.
      • Expires after x Days. Specify the duration of validity of the document. After the specified period, the document is not accessible.
    • Authentication expiration
      • Specify an authentication timeout. If the user does not authenticate regularly to SharePoint, the documents become inaccessible.
  4. Click the Tag Mapping tab to enable deeper integration to your SharePoint libraries by applying document controls based on already defined tags on your SharePoint documents.
  5. Click Create.

To create a SharePoint resource configuration

A SharePoint resource configuration defines a SharePoint document library access and the control policies that are tied to its documents.

  1. Click the Policies tab and then from the left side, click SharePoint Resource Configuration.
  2. Click New Configuration.
  3. In the Create a Resource Configuration dialog box, enter a name and description of the SharePoint server connection.
  4. Enter the SharePoint server name plus the port number you configured in your application tunnel for the Client Port (2500, for example).
  5. Under Document Control, select the Control Policy you created. Other options:
    • Include Sub-folders. Enables the access to sub-folders of the above defined path.
    • Document Control. Check all the document controls that are applied to the doc libraries.
  6. Click Create. The new SharePoint server appears as a resource in Device Manager. Now the SharePoint server and resource you configured is ready to be accessed by users.

To deploy the SharePoint resource to your device

To enable your client users to access the content in this SharePoint site, you need to create a deployment package that contains the SharePoint resource and then push that deployment to your device. Once on your device, you can launch the client application and access the documents folder to view the documents contained on the SharePoint server. Now, you will create a deployment package and push the new Android SharePoint resource to your Android device.

  1. Click the Deployment tab, click New Package and then click New Android Package.
  2. In the Create New Package wizard, in the Package Name window, enter a name for the SharePoint package (such as Android SharePoint Package) and then click Next.
  3. In the Groups of users window, select a group to which you want to deploy the SharePoint package to and then click Next.
  4. In the Resources to be deployed window, under Available Resources, scroll to the SharePoint folder, select the SharePoint Configuration you created in the last step and then click the right arrow to add the resource to the deployment package.
  5. Scroll in the Available Resources list and then on the Tunnels folder, click the application tunnel you created for your Android SharePoint configuration.
  6. Click the right arrow to add the resource to the deployment package and then click Next.
  7. In the Deployment schedule window, select the If not deployed Start Now option and then click Next.
  8. On the Deployment rules page, click Next.
  9. On the Package summary page, click Finish.
  10. From the Packages list, click Deploy.

When the deployment has finished, select the deployment package, and then click Details to see information about the success of the package deployment. When the package shows as deployed, you can check the success of your deployment. Select the deployment package, open the Connect client on the Android device and then tap the Documents folder. From here, users can open documents from the SharePoint site.