Release 2021-08-17 of the Blue Cedar Platform adds Microsoft integration services for Intune and Microsoft Endpoint Manager, as well as a Notice and Consent feature required for governmental compliance standards such as FedRAMP and other similar programs . See the referenced online documentation pages for more information, or click Help when you’re logged into the Blue Cedar platform.
Microsoft Intune no-code integration
Blue Cedar's No-Code Integration Service for Microsoft Intune allows you to integrate the Microsoft Intune policies and the Microsoft Authentication Library (MSAL) into your mobile apps, with user authentication through Microsoft's Azure Active Directory. Additional options allow authentication using the Microsoft Authenticator app, and/or a secure microtunnel gateway connection (also called in-app VPN) to connect to resources behind a firewall.
- The Microsoft Authenticator app helps with Single Sign-On (SSO) for third-party apps, as well as Multi-Factor Authentication (MFA) flows.
- The secure microtunnel option lets you designate any standards-based IKEv2 gateway, including using the Blue Cedar Connect Gateway.
What do I need to do?
To use the Microsoft no-code integration, first enable the corresponding extensions and then add the steps to your workflows.
To add Intune to a mobile app:
- Enable the Intune extension listed under No-Code integration, as described in Extension - Microsoft Intune. You don't need to add any extension configurations for Intune.
- Add the Intune workflow step to an App container under the App Enhancement stage in the Workflow Builder. Configure the step as described in No-Code Integration - Microsoft Intune.
To use the secure microtunnel option, follow the instructions in Blue Cedar Connect sub-step for Microsoft Intune. You only need a microtunnel if you're connecting to firewalled resources.
Additional notes on the Microsoft integrations:
- While you can add Intune without having to include the Endpoint Manager in your Blue Cedar integration, you cannot add the Endpoint Manager step unless you've first added the Intune step.
- The Microsoft and BlackBerry no-code integrations are mutually exclusive. Adding either of these steps to a workflow disables the other options. You can see options in new workflows for any extensions that have been enabled.
- See Open issues/limitations with this MSAL release below for notes about MSAL feature support and migrating from the Active Directory Authentication Library (ADAL) to MSAL.
Microsoft Endpoint Manager distribution
You can push Intune-enabled mobile apps to the Microsoft Endpoint Manager either manually or automatically, using Blue Cedar's distribution service for Microsoft. Use the manual download option if you want to prepare the app for Endpoint Manager distribution without automatically pushing it.
What do I need to do?
To enable distribution through the Microsoft Endpoint Manager:
- Enable the Microsoft Endpoint Manager extension listed under Distribution, as described in Extension - Microsoft Endpoint Manager.
- Add the corresponding workflow step under the Testing or Production stage in the Workflow Builder as described in Distribution - Microsoft Endpoint Manager.
To use the automatic deployment option, see Automatically deploying Intune-enabled apps for additional details.
Notice and Consent
This release includes Notice and Consent as required for government standards such as FedRAMP, which is the U.S. government standard that all cloud providers serving U.S. government agencies must meet. Users of the Blue Cedar Platform who are working for organizations that are subject to a compliance notification requirement will be required to acknowledge a standard "Notice and Consent" form, every time they log into the Platform. A non-government example could be a bank who wants to show customers a disclaimer each time the user uses the Blue Cedar Platform. The actual text of that consent form can be customized by organization, with assistance from Blue Cedar Customer Support.
What do I need to do?
Blue Cedar Platform users won't need to do much, other than review the information and click OK whenever they see the Notice and Consent pop-up.
What is the process to set it up?
If your organization needs to show the FedRAMP or other similar Notice and Consent, contact Blue Cedar Customer Support to add that capability.
The Notice & Consent text can be viewed under Admin > Organization > Notice & Consent, for organization administrators. Customer-side organizational admins can see the settings for their own organization, but can't change them.
Only Blue Cedar Customer Support can make changes, including setting a default that applies to all organizations on the Blue Cedar Platform. Even with this default, there's also an Override for an individual organization, if you need to substitute a different boilerplate text that you want only your own users to see.
For more information, see Setting Notice and Consent messages for platform users.
Apps and workflows
|BCP-6160||Uploading an invalid binary as a signed binary during the signing step now fails with a relevant message displayed via a tooltip on the step. The step still allows you to upload another binary after failed attempts.|
|BCP-6505||Fixed a bug where uploading a version to an app immediately after creating the app caused the upload to fail.|
|BCP-6427||App name validations are now consistent when creating or updating the app name.|
|BCP-6321||Fixed a bug where the status tooltip on the App List showed incorrect timestamps.|
|BCP-6198||Fixed a bug where creating or updating an app with an unusually long name failed.|
|BCP-6367||Fixed an issue where importing a GitHub version to an app with an unusually long name failed.|
|BCP-6313||Fixed a bug where running a workflow on an app with an unusually long name failed.|
|BCP-6454||Fixed a bug where an app binary continued uploading after the app was deleted. Deleting an app now auto-cancels any ongoing uploads under that app.|
|BCP-6495, BCP-6471||Fixed an issue where deleting all versions from the App Versions screen didn't auto-refresh the list.|
|BCP-5679||Added support for including one or more Approval steps after an existing Approval step.|
|BCP-6046||Fixed an issue which limited the number of workflows that would run when choosing the "Run All Workflows" action on the App Versions screen. This option now triggers a workflow run for all the versions within the app without any limit.|
|BCP-6130||Fixed a bug where the "Revert Changes" button did not revert an uploaded but unsaved mobile provisioning profile.|
|BCP-5985||When pushing apps to the BlackBerry UEM as part of your workflow, the app created now contains the name of the binary that the workflow runs on.|
Added the ability to add and remove the No-Code Integration Extension for BlackBerry for a given organization. It could previously be added, but not removed.
Added the ability to add and remove the No-Code Integration extension for BlackBerry. Previously, the No-Code Integration extension for BlackBerry was always enabled.
|BCP-6183||Minor fixes to handle the scroll behavior on the dashboard widgets when resizing the window.|
|SPT-2577||Updated email address restrictions to follow standard formats. Most valid formats and characters are now allowed except for the disallowed characters per standard format: - <>()[\]\\.,;:\s@"|
|BCP-6221||Rebranded Blue Cedar login and reset password screens.|
|BCP-6220||Fixed a bug where search results weren't paginated properly.|
|BCP-6398||Minor updates to the time format across platform.|
|BCP-6345||Added a confirmation dialog when deleting any extension configurations.|
|BCP-5350||Added a confirmation dialog when cancelling an app version upload.|
|BCP-5830||Fixed an issue where exporting events to a PDF file created an empty PDF file.|
|BCP-6091||Added support for svg images for organization logos.|
|BCP-6026||Increased the file size limit for organization logos to 300 MB.|
|BCP-6112||Fixed an issue where the name of the zip file (bundle) generated during the Signing step was incorrectly set to undefined.|
|BCP-6453||Signed bundle name now contains the app's name at the point of bundle creation, taking into account any updates to the app name.|
|BCP-6646||A Signing step configured to run before the BlackBerry UEM distribution step now generates a signing bundle in which the signed binary now has the correct the GDApplicationID specified in the BlackBerry UEM step.|
Open issues/limitations with this MSAL release
Support for these MSAL features is not implemented in this release of the Blue Cedar mobile client:
- Sovereign Cloud Registration (MOB-1860)
- Multiple trusted authorities (MOB-2012)
- Scope specification (MOB-2283)
Some mobile apps that include ADAL or MSAL packages before any integration via the Blue Cedar Platform cannot be integrated with the No-Code Integration Service for Microsoft Intune. Apps with incompatibilities in this area may encounter issues during integration, or at run time. This is a limitation of the Microsoft packages and Objective-C namespaces that causes the MSAL package added by Blue Cedar's Intune extension to potentially collide with the pre-existing Microsoft authentication library.
Refer to this compatibility table for basic guidance:
|Mobile OS||Pre-existing authentication library||Successful integration|
For more information from Microsoft, see these pages: