Product Documentation

Locking and Erasing Apps and Data

Apr 24, 2015
When users install Citrix Receiver on their device, when they log on for the first time, App Controller registers the device. Then, the device is included in the App Controller inventory and appears on the Devices tab in the App Controller management console. The inventory displays all devices that connect to App Controller from Receiver. For each device, the list provides the following information:
  • Type of device with which the user logs on
  • Operating system of the user device
  • Model of the user device
  • Name of the user device
  • User ID of the person who owns the device
  • Last time the user logged on with Receiver
  • Action you can take on the device

For each device in the list, you can perform the following actions for each device:

  • Erase application data and documents from the device. If users lose an iOS or Android device and do not locate the device in a specified period of time, or if the user leaves the organization, you can erase application data and ShareFile documents from the user device.
  • Stop erasing data and documents the device. If you determine that the device is safe, you can stop erasing the data and documents on the device. Users can access their apps and ShareFile documents when you stop erasing.
  • Lock and unlock the device. If users lose an iOS or Android device, you can lock applications on the device that App Controller delivers, which prevents unauthorized access to the applications. You can later unlock the same applications.
  • Delete the device. You can delete a device as a part of device inventory maintenance, if, for example, the device is lost or destroyed.

The lock and erase functions take effect after Receiver polls App Controller. The polls occur every 60 minutes by default.

An erased or locked device continues to appear in the inventory in the management console. If users do not need access to the device, you can remove the device from the inventory. When you erase application data from the device, the device listing appears in All Devices and Erased. If you lock a device, the listing appears in All Devices and Locked. These lists allow you to see at a glance the devices that are currently active and the devices that might be compromised.

The following table shows the icons that you can use to perform the preceding actions for all devices, including devices that are connected to App Controller:

Icon Icon name Definition
Delete app.

Delete

Used for deleting a user device from the inventory.

Lock a user device.

Lock

Used to lock a user device.

Unlock user device.

Unlock

Used to unlock a user device after you have locked it.

Wipe a user device.

Erase

Used to erase application data and documents from the user device.

Restore data and docs.

Stop erasing

Used to stop erasing application data, and documents on the user device.

Locking and Unlocking Applications on User Devices

You can lock and unlock user devices in the App Controller management console. This action prevents users from connecting to applications in Citrix Receiver.

To lock applications on a user device

  1. In the App Controller management console, click the Devices tab.
  2. In the center pane, hover over a user device and then under Actions, click the lock icon.
  3. Click Yes to confirm that you want to lock the device. The user device appears in the All devices and Locked lists.

To unlock applications on a user device

  1. In the App Controller management console, click the Devices tab.
  2. In the left pane, click Locked.
  3. Hover your mouse over the user device and then under Actions, click the unlock icon.
  4. Click Yes to confirm that you want to unlock the device. The user device is removed from the Locked list.

Erasing Application Data and Documents on the User Device

If a user device is compromised in any way, you can erase application data and ShareFile documents from the user device. When you erase the data from the user device, users can no longer access the applications or documents. You can also stop erasing data from the user device. If you stop erasing, you cannot restore the data and documents to the user device.

To erase application data and documents from a user device

  1. In the App Controller management console, click the Devices tab.
  2. In the details pane, hover over a user device and then under Actions, click the erase icon.
  3. Click Yes to confirm that you want to erase application data and documents from the device. The user device appears in the All devices and Erased lists.

To stop erasing application data and documents on the user device

  1. In the App Controller management console, click the Devices tab.
  2. In the navigation pane, click Erased.
  3. In the details pane, hover your mouse over the user device and then under Actions, click the stop erasing icon.
  4. Click Yes to confirm that you want to stop erasing application data and documents from the user device. The user device is removed from the Erased list.

To delete a user device from App Controller

You can delete a user device from App Controller to maintain your current inventory. You might need to delete a device for the following reasons:

  • The individual left the company and returned the device.
  • The device is lost or damaged.
  1. In the App Controller management console, click the Devices tab.
  2. In the details pane, hover over a device and then click the delete icon.
  3. Click Yes to confirm the deletion.

Configuring Connections to XenMobile MDM

You can configure settings in App Controller to communicate with XenMobile MDM. The settings specifically enable a connection between App Controller and the XenMobile MDM component, Device Manager. Device Manager enables you manage mobile devices, set mobile policies and compliance rules, gain visibility to the mobile network, provide control over mobile apps and data, and shield your network from mobile threats. App Controller works with Device Manager to help provide managed apps to your unified app store. To configure connections to Device Manager, you need to configure App Controller settings in Device Manager first.

Before you test the connection, you configure the following settings in App Controller:

  • Device Manager IP address or fully qualified domain name (FQDN)
  • Port on which App Controller and Device Manager communicate
  • Shared key that you configured on Device Manager
  • Instance path with is the path for service providers that use the Multi-Tenant Console or XenMobile MDM Cloud Edition. The default path is /zdm.

You can make the connections between App Controller and Device Manager secure. You can also require user device enrollment with Device Manager.

After you configure settings in App Controller, test the connection in App Controller and Device Manager.

To configure connections to Device Manager

  1. In the App Controller management console, click the Settings tab.
  2. In the navigation pane, click XenMobile MDM.
  3. In the details pane, next to XenMobile Device Manager Configuration, click Edit.
  4. In Host, enter the Device Manager IP address or FQDN.
  5. In Port, leave the default of 80 or enter your own.
  6. In Shared Key, enter the key you configured on Device Manager.
  7. Select Allow secure access to secure the connection between App Controller and Device Manager.
  8. Select Require Device Manager enrollment to require that all user devices are enrolled and managed by Device Manager.
  9. Click Test Connection to test the connection to Device Manager.

    If the test fails, make sure your settings in App Controller and Device Manager match.

  10. Click Save.