Mobile configuration properties for HCL Connections 6.5

Configuration properties in the mobile-config.xml file control how users can interact with the Connections mobile app.

Modifying configuration properties

For information about how to modify a configuration property in the mobile-config.xml file, see the Changing Mobile configuration property values topic.
When you modify a property, ensure that you apply the following guidelines:
  • Enabled properties must have a value of either true or false.
  • Number values must be integers.

You can modify the following configuration properties:

General properties

AllowCopyandPaste
Allows the copying and pasting of text throughout the application. The default value is true. To prevent copying and pasting, set this value to false.
AllowEditor
Allows a mobile user to edit Connections files using the HCL Connections Editor mobile app for iOS and Android devices. The default value is true.
AllowEmailing
Enables mailto tags within Connections content. If this option is disabled, mailto tags will still be visible, but clicking the link will result in a message indicating that email from the Connections Mobile app has been disabled.
AllowiTunesSharing (iOS only)
Allows documents to be shared when you sync your device with iTunes. The default value is true. Note that this setting does not apply to the application log files.
AllowPrint (iOS only)
Allows user to print content from the HCL Connections app wherever the print option is available. Valid values are true and false. The default value is true.
AllowRemoveAccount
Enables users to delete accounts on a device without having to first login, which includes deleting accounts that are no longer used or for which the password has been forgotten. Valid values are true and false. The default value is false.

When you set this option to true, accounts can be removed from a mobile device without requiring the user to login and without any authorization check. The user is asked to confirm the deletion of an account before it is removed. 

If there are multiple accounts on a mobile device, only the accounts for which AllowRemoveAccount is set to true can be deleted without having to login.

On iOS, When AllowRemoveAccount is set to true, users can swipe to delete the account from the accounts list. If AllowRemoveAccount is set to false for an account in the account list, a swipe to delete the account does nothing.

Note: If a user has existing accounts that they cannot access and that were created before this feature was available, those accounts cannot be deleted using the AllowRemoveAccount property. You can set an option in your Mobile Device Management (MDM) to allow the deletion of these accounts. Refer to Mobile Device Management (MDM) for more information.
DefaultApplication
Specifies the application that is displayed when a user logs in. The default value is Updates.

Other possible values are Activities, Blogs, Bookmarks, Communities, Files, Forums, Profiles, and Wikis. You can also specify an extension application name; for more information, see the Applying extensibility properties topic.

DefaultNavigationOrder
This key controls the initial order of the Connections apps in the main app navigation. The value is a list of Connection app identifiers. Valid values for the Connections apps are updates, communities, files, profiles, favorites, blogs, forums, wikis, offlinefiles, activities, and bookmarks. Also, if you add in application extensions you can specify the application extension unique name in the list. Review Applying extensibility properties for more information.
ExposeEmailAddress
Displays email addresses in Profiles. The default value is true. To prevent email addresses from being displayed in Profiles, set the value to false.
ExposeGeoLocation
Displays the geographic location of the user in the activity stream. The default value is true. To hide the geographic location, set the value to false.
InactivityTimeout
A timeout value, in minutes, that logs the user out of the client if no activity has taken place for the time period that is defined in this property. The default value is 0 minutes, which means that the user is never logged out because of inactivity.
MinAndroidAppLevel
Specifies the minimum level of the Connections Android mobile app that is allowed to connect to the server. The default value is empty, which allows any version of the app to connect to the server.
MiniOSAppLevel
Specifies the minimum level of the Connections iOS mobile app that is allowed to connect to the server. The default value is empty, which allows any version of the app to connect to the server.
ProblemReportEmail
Specify the email address to use for reporting problems and feedback from the Connections Mobile app. The default email address is heyhcl@pnp-hcl.com. This option is available starting with HCL Connections 6.0 CR3.
RememberPassword

Allows users to save their login password on the mobile device. The default value is true. To prevent passwords from being saved, set the value to false; this setting forces users to enter a password each time the Connections app is started.

Note: This option is ignored when AuthType is set to OAuth.
RequireDevicePasscode

This key is only supported on iOS. This key requires that a device passcode is set before a user can log in to a Connections server. Device passcodes are required in order to enable the data protection encryption feature used by the Connections app.

When this key is set to true:
  1. A device passcode must be set before the user can log in to an account.
  2. If the passcode is removed from the device, data associated with accounts that have been previously used to log in will be wiped.
If your MDM deployment pushes out device configuration profiles to devices, it is suggested you setup a passcode profile to enforce setting of the passcode on the device. This configuration setting can be used if you only push out app configurations settings.
Updates
Specifies where updates are displayed. Setting DisplayInLauncher to false hides updates from the Home page. Setting Updates enabled to false hides updates from the other applications in Connections.
The following list shows an example of Updates properties:
<!--  START UPDATES SECTION   --> 
    <Updates enabled="true" displayInLauncher="true">
    </Updates>
WebViewMixedContentMode
Specifies whether mixed content, for example, SSL and non-SSL content, are allowed in a web view. The following modes can be entered for this option:
AlwaysAllow
Mixed content is always allowed.
NeverAllow
Mixed content is never allowed.
BrowserCompatibility
This is the default mode. When specified, the web view attempts to be compatible with the approach of a modern web browser with regard to mixed content. The types of content that are allowed or blocked might change from release to release and are not explicitly defined.
Note: This option is only supported on Android devices.

Activities properties

displayInLauncher
Allows the application to be displayed in the Home page by default. To hide it, set the value to false. When this property is set to false, the application is not visible from the navigation view; however, it is still visible within communities.
enabled
Enables the application by default. To disable the application, set the value to false.
PublicActivities
Allows public activities to be shown. To hide public activities, set the value to false.

Blogs properties

displayInLauncher
Allows the application to be displayed in the Home page by default. To hide it, set the value to false. When this property is set to false, the application is not visible from the navigation view; however, it is still visible within communities.
enabled
Enables the application by default. To disable, set the value to false.
PublicBlogs
Allows public blogs to be shown. To hide public blogs, set the value to false.

Bookmarks properties

displayInLauncher
Allows the application to be displayed in the Home page by default. To hide it, set the value to false. When this property is set to false, the application is not visible from the navigation view; however, it is still visible within communities.
enabled
Enables the application by default. To disable the application, set the value to false.
PublicBookmarks
Allows public bookmarks to be shown. To hide public bookmarks, set the value to false.

Communities properties

AllowAddMembers
Allows people to be added to a community. The default value is true. Only community owners can add members.
AllowCommunityForumCreation
Allows owners of a community to create forums within that community. Default value is false.
AllowCommunityOwnedFolders
Allows folders that are owned by a community to be displayed. The default value is true.
displayInLauncher
Allows the application to be displayed in the Home page by default. To hide it, set the value to false. When this property is set to false, the application is not visible from the navigation view.
enabled
Enables the application by default. To disable the application, set the value to false.
PublicCommunities
Allows public communities to be shown. To hide public communities, set the value to false.

Files properties

AllowDownloads
Allows files to be downloaded to a mobile device. The default value is true. To prevent downloads, set the value to false.
AllowExport
Allows files to be exported to specific folders on the device. The default value is true. To prevent the exporting of files, set the value to false.

This property allows a file to be exported outside of the app's secure container. If this property is disabled, the file cannot be shared with other applications on the mobile device. On iOS, a setting of false would restrict files to being viewed by the built-in viewers. On Android, files would not be downloaded because there is no built-in viewer, meaning that files must be opened outside the app's secure container.

When the value is false:
  • A user cannot open a file from the HCL Connections app from other apps using the iOS Document Provider extension.
AllowExportToDeviceGallery
Allows files to be exported to the device gallery on the device. The default value is true. To prevent the exporting of files to the device gallery, set the value to false.
AllowImport
Allows files to be imported from a third party app and uploaded using the HCL Connections app. The default value is true.

When the value is true and no whitelist is specified by ImportWhitelist, then any third party app can import files into the HCL Connections app.

When the value is false:
  • Third party apps cannot import files into the HCL Connections app.
  • Importing photos or videos from the device gallery is not allowed. However, photos can be taken with the camera and imported into the HCL Connections app.
  • A user cannot save files from other apps using the iOS Document Provider extension.
AllowUploads
Allows files to be uploaded from a mobile device. The default value is true. To prevent uploads, set the value to false. Files that are downloaded to a device from within Connections are encrypted using your device's operating system.
displayInLauncher
Allows the application to be displayed in the Home page by default. To hide it, set the value to false. When this property is set to false, the application is not visible from the navigation view; however, it is still visible within communities.
enabled
Enables the application by default. To disable the application, set the value to false.
ImportWhitelist
Specifies a whitelist, or list of apps, that are allowed to import files into the HCL Connections app. This value is only used if AllowImport is set to true. The default value is no whitelist.

This list is a comma-separated list of app IDs that can import and upload files using the HCL Connections app.

Note: Only supported on iOS. If AllowImport=true and a whitelist is specified, then only the 3rd party apps that are listed in ImportWhitelist are allowed to import files into the HCL Connections app.

Taking a photo or video inside the HCL Connections app and uploading it is also allowed. To allow importing of photos and videos from the Camera roll, you must specify the Camera app, com.apple.camera, in the whitelist.  To allow importing of photos and videos from the Photos app, you must specify the Photos app, com.apple.mobileslideshow, in the whitelist.

Note: The iOS Document Provider extension cannot honor the list of apps in the whitelist. iOS does not allow extensions to determine which app is launching the extension. Therefore, to protect the security of customers currently relying on the whitelist, our Document Provider extension does not allow any app to save files into HCL Connections. Users can continue to save files into HCL Connections from the whitelist of apps via methods other than the iOS Document Provider extension.
PublicFiles
Allows public files to be shown. To hide public files, set the value of this property to false.
ShareWithPublic
Allows files to be shared with everyone. The default value is true. To hide files from public view, set the value to false.

Forums properties

AllowForumCreation
Allows forums to be created. To allow users to create forums, set the value to true.
displayInLauncher
Allows the application to be displayed in the Home page by default. To hide it, set the value to false. When this property is set to false, the application is not visible from the navigation view; however, it is still visible within communities.
enabled
Enables the application by default. To disable the application, set the value to false.
PublicForums
Allows public forums to be shown. To hide public forums, set the value to false.

Profiles properties

AllowEditProfile
By default, users can edit their profiles. To prevent the editing of profiles, set the value to false.
displayInLauncher
Allows the application to be displayed in the Home page. To hide it, set the value to false. When this property is set to false, the application is not visible from the navigation view.
Upload
By default, users can upload Profiles picture. To prevent the uploading of Profiles pictures, set the value to false.

Search properties

GlobalSearch
Enables global searching by default. To disable searching across all of HCL® Connections, set the value to false. If the property is disabled, users can still search within individual Connections applications.

Surveys properties

SurveysUrl
Allows administrators to specify the context for the survey service if it is not the default of /forms. For example:
<SurveysUrl>/surveys</SurveysUrl>

Wikis properties

displayInLauncher
Allows the application to be displayed in the Home page by default. To hide it, set the value to false. When this property is set to false, the application is not visible from the navigation view; however, it is still visible within communities.
enabled
Enables the application by default. To disable the application, set the value to false.
PublicWikis
Public Wikis are shown. To hide public wikis, set the value to false.

Application customization properties

You can specify customized application labels in a properties file. Give it a name such as the mobile.properties file, or similar. The file must be stored under the shared_data_directory_root/customization/strings directory.

The following list shows examples of properties that can be specified in the file:
activities.singulartitle=Activity
activities.pluraltitle=Activities
blogs.singulartitle=Blog
blogs.pluraltitle=Blogs
bookmarks.singulartitle=Bookmark
bookmarks.pluraltitle=Bookmarks
communities.singulartitle=Community
communities.pluraltitle=Communities
files.singulartitle=File
files.pluraltitle=Files
forums.singulartitle=Forum
forums.pluraltitle=Forums
profiles.singulartitle=Profile
profiles.pluraltitle=Profiles
wikis.singulartitle=Wiki
wikis.pluraltitle=Wikis
Note: The pluraltitle extension is used in the Home page, where the applications are listed.

For multiple locale support, create a properties file for each locale and store it in the same folder as the English-language properties file. For example, add a mobile_fr.properties file for the french locale.

CustomizationLocation
Specifies the name of the customization properties file.
Note: Specify the file name without the .properties extension. For example, enter mobile, not mobile.properties.
enabled
App customizations are disabled by default. To enable them, set the value to true in the Customizations element.
ForegroundColor
If you customize the HCL Connections app theme color using ThemeColor property, ForegroundColor allows you to customize the color of the text and icons that are displayed in areas where the theme color is shown. The value is a 6 character string that represents a hexadecimal color code. The default value is blank.
Note: If an MDM is used to set this value, it overrides this ForegroundColor setting.
Note: If a value is not specified for the ForegroundColor or ThemeColor property, the default app color is used.
Note: ForegroundColor is only supported on iOS and Android.
 
ThemeColor
Allows you to customize the main app theme color of the HCL Connections app. The value is a 6 character string that represents a hexadecimal color code. The default value is blank.

HCL Connections app colors are tied to the account. When a user logs out, the theme colors revert to the colors that are shipped with the HCL Connections app. When a theme color is not specified using ThemeColor, the theme colors shipped with the HCL Connections app are used.

Note:
  • If an MDM is used to set this value, it overrides this ThemeColor setting.
  • If a value is not specified for the ForegroundColor or ThemeColor property, the default app color is used.
  • ThemeColor is only supported on iOS and Android.
 
The following list shows an example of customized properties:
activities.singulartitle=Task
activities.pluraltitle=Tasks
blogs.singulartitle=ContentShare
blogs.pluraltitle=ContentShare
bookmarks.singulartitle=URL
bookmarks.pluraltitle=URLs
communities.singulartitle=Teamroom
communities.pluraltitle=Teamrooms
files.singulartitle=Document
files.pluraltitle=Documents
forums.singulartitle=GroupShare
forums.pluraltitle=GroupShares
homepage.singulartitle=Updates
homepage.pluraltitle= Updates
profiles.singulartitle=Blue Page
profiles.pluraltitle=Blue Pages
wikis.singulartitle=Wiki
wikis.pluraltitle=Wikis

Geolocation reporting

When geolocation reporting is configured, everyone in the organization, regardless of their roles, has their location reported by the HCL Connections app.
<ReportLocation enable="true|false">
<URL></URL>
<Type>Time|Distance</Type>
<Value>n</Value>
</ReportLocation>
ReportLocation enable
Enables and disables geolocation reporting. The default value is false, which disables reporting.
URL
The URL used by the HCL Connections app to post the GPS coordinates. If a URL is not specified, geolocation reporting is disabled. The URL must point to a servlet that accepts a POST request. The POST request contains the following parameters that are formatted as json:
userName
The display name for the user.
userId
The user ID that is used to log in to the HCL Connections server.
userLat
The latitude of the user's location.
userLong
The longitude of the user's location.
An example of body data is shown in the following code:
{"userName":"Amy Jones","userId":"ajones@mycompany.com","userLat":22.5780445,"userLong":88.48662609999997}
Type
If you specify Time, GPS coordinate updates are based on changes in time.
If you specify Distance, GPS coordinate updates are based on changes in location.
Value
If Type=Time, specify how often, in minutes, the current GPS location is to be reported. The minimum time is 7 minutes. Any setting shorter than 7 minutes is automatically set to 7 minutes.
If Type=Distance, specify how much the location needs to change, in meters, before a GPS location update is reported. The minimum distance is 500 meters. Any setting shorting than 500 meters is automatically set to 500 meters.
Note:
  1. The HCL Connections app must be running and logged in to the account where GPS reporting is enabled. When the user switches to another account or logs out of the account, the GPS reporting is stopped. On Android, if a user backs out of the HCL Connections app, GPS reporting stops.
  2. On iOS, for the GPS location information to be reported successfully, the end user must allow the HCL Connections app to access location information and allow the HCL Connections app to access location information when running in the background. The HCL Connections app cannot control the specific time that iOS schedules the update when running in the background. Therefore, when using Type=Distance, the reporting time might not be exact on iOS.
     

File Sync properties

The following text shows an example of properties for configuring File Sync:
<!--  START FILE SYNC SECTION   --> 
  <FileSync enabled="true">
  <InactiveDevicesPurgeThreshold>30</InactiveDevicesPurgeThreshold> 
  <AutoSync>true</AutoSync> 
  </FileSync>
<!--  START FILE DIFF SECTION   --> 
  <FileDiff enabled="true">
  <StoragePath>${MOBILE_CONTENT_DIR}</StoragePath> 
  <MaximumFileSize>512000</MaximumFileSize> 
  <MinimumFileSize>100</MinimumFileSize> 
  <MaximumDiffPercent>95</MaximumDiffPercent> 
  <MemCacheSize>20</MemCacheSize>  
  <ChecksumCacheSize>100</ChecksumCacheSize> 
  <ChecksumCachePruningInterval>30</ChecksumCachePruningInterval>  
  <DiffCacheSize>200</DiffCacheSize> 
  <DiffCachePruningInterval>10</DiffCachePruningInterval> 
  </FileDiff>
FileSync enabled
Enable or disable the File Sync extension by specifying a value of true or false.
InactiveDevicesPurgeThreshold
Defines a period during which a device did not trigger a file synchronization. When the limit is reached, the device is removed from the File Sync registry and the File Sync list on the device is purged. Specify a value in days.
AutoSync
Defines whether File Sync automatically synchronizes files. Specify a value of true or false. Specifies whether a user can designate a file to be synchronized automatically. If the value of this property is false, users must sync files manually. If the value is true, users can decide to specify manual or automatic synchronization. In this case, the default is automatic synchronization.
ChecksumCachePruningInterval
Defines the interval in days after which the checksum cache is purged. Specify an integer value.
ChecksumCacheSize
Defines the amount of disk space that is reserved for storing the checksum cache. Checksums are used by the File Diff function. Specify a value in MB.
DiffCacheSize
Defines the size of the cache that is used for storing the file differentials that are computed by the File Diff algorithm. Specify a value in MB.
DiffCachePruningInterval
Defines the interval in days after which the File Diff cache is purged. Specify an integer value.
FileDiff enabled
Defines whether the File Diff function is enabled. File Diff computes the difference between any two versions of a file by using the rsync algorithm. The default value is true.
StoragePath
Defines the path to the directory where synchronized files are stored. Specify this value by creating a WebSphere® variable that points to the directory. For example: MOBILE_CONTENT_DIR.
Important: Ensure that this directory is a child of the Files content store directory.
MaximumFileSize
Defines the maximum size of files that are updated differentially. Files that are bigger than this value are downloaded in full instead of being updated differentially. Specify a value in KB.
MaximumDiffPercent
Defines the size of the differential that determines whether a file is updated differentially or downloaded in its entirety. For example, if you specify a value of 95% and a file changes by more than 95%, the entire file is downloaded. If the file changes by less than 95%, only the differential is downloaded. Specify an integer value.
MinimumFileSize
Defines the minimum size of files that are updated differentially. Files that are smaller than this value are downloaded in full instead of being updated differentially. Specify a value in KB.

Push Notifications properties

The following text shows an example of properties for configuring Push Notifications:
<!--  START PUSH NOTIFICATIONS SECTION   --> 

<Push enabled="false">
		 <!--  RetryAttempts : Max number of attempts for GCM/APNS to deliver a message. --> 
      <RetryAttempts>3</RetryAttempts>
    <!--  RetryInterval : Initial retry interval in mins for Exponential Backoff -->  
      <RetryInterval>5</RetryInterval>
    <!-- ExponentialBackOffLimit  : Maximum limit in mins  for  Exponential Backoff after which retries only happen at the limit interval-->
      <ExponentialBackOffLimit>60</ExponentialBackOffLimit>
    <!-- PushNotificationReapInterval : Delete Notification from the persistent store beyond the reap interval in days.-->  
      <PushNotificationReapInterval>3</PushNotificationReapInterval>
    <!-- Proxy Server Host and Port for Push Notifications -->
      <ProxyHost></ProxyHost>
      <ProxyPort>80</ProxyPort>
      <!-- Android Specific Push Config -->
      <GCM>
         <!-- Number of persistent connections to the GCM service -->
         <MaxPooledConnections>10</MaxPooledConnections>
         <!-- The interval in seconds before pending messages are flushed -->
         <MessageFlushInterval>15</MessageFlushInterval>
         <!-- API Key needed by the server to send the Push Message to GCM -->
         <GCMAPIKey></GCMAPIKey>
         <!-- Sender Id needed by the Client to register itself with GCM -->
         <GCMSenderId></GCMSenderId>
         <!-- Proxy Http Client: The timeout in seconds used when requesting a connection from the connection manager/pool. -->
         <ConnectionRequestTimeout>300</ConnectionRequestTimeout>
         <!-- Proxy Http Client: The timeout in seconds to establish a connection with the Proxy Server. -->
         <ConnectTimeout>100</ConnectTimeout>
         <!-- Proxy Http Client: Defines the socket timeout in seconds, which is the timeout for waiting for data or, put differently, a maximum period inactivity between two consecutive data packets). -->
         <SocketTimeout>300</SocketTimeout>
      </GCM>
      <!-- iOS Specific Push Config -->
      <APNS>
         <!--  Number of persistent connections to the APNS gateway -->
         <MaxPooledConnections>10</MaxPooledConnections>
         <!--   FeedbackServicesInterval - Interval in hours to retrieve the list of devices that reported failed-delivery -->
         <FeedBackServicesInterval>24</FeedBackServicesInterval>
         <!--  Play Sound on Message Arrival on the Device -->
         <SoundAlert>true</SoundAlert>
      </APNS>  
		 </Push>
Push enabled
Enable or disable the Push Notifications service by specifying a value of true or false.
RetryAttempts
Defines the maximum number of times that the Apple Push Notification Service (APNS) or Google Cloud Messaging (GCM) tries to deliver a message.
RetryInterval
Defines the initial retry interval for Exponential Backoff. For example, if this property is set to 10, the server tries every 10 minutes to deliver a push notification until it succeeds. Specify a value in minutes. The default value is 5.
ExponentialBackOffLimit
Defines the limit in minutes for Exponential Backoff after which requests to the server are attempted at the intervals that are defined by this property. For example, if this property is set to 30, the server tries every 30 minutes to deliver a push notification until it succeeds. Specify a value in minutes. The default value is 60.
PushNotificationReapInterval
Defines the number of days after which an existing push notification is removed from the database. Specify a value in days. The default value is 3.
ProxyHost
Defines the hostname of the server where the proxy server resides.
ProxyPort
Defines the port number that the proxy server is using to listen for requests.
APNS
Defines extra Push Notifications properties for iOS devices.
MaxPooledConnections
Defines the number of persistent connections to the APNS gateway. Specify an integer value. The default value is 10.
FeedBackServicesInterval
Defines how often the server retrieves a list of devices that reported a failure to deliver a notification. Specify a value in hours.
SoundAlert
Defines whether a sound is played when a notification is received by the device. Specify a value of true or false.
GCM
Defines extra Push Notification properties that are used for Google Cloud Messaging (GCM) on Android devices.
MaxPooledConnections
Defines the number of persistent connections to the GCM service. Specify an integer value. The default value is 10.
MessageFlushInterval
Defines the interval after which pending messages are flushed. Specify a value in seconds.
GCMAPIKey
Defines the API Key that is used by the server to send a Push Notification to GCM. If no value is entered, the server uses a default account.
GCMSenderId
Defines the sender ID that is used by the mobile device to register itself with GCM. If no value is entered, the server uses a default account.
ConnectionRequestTimeout
Defines the timeout period in seconds for the proxy HTTP client when requesting a connection from the connection manager/pool.
ConnectTimeout
Defines the timeout period in seconds for the proxy HTTP client to establish a connection with the proxy server.
SocketTimeout
Defines the socket timeout period in seconds for the proxy HTTP client, which is the timeout period waiting for data, also known as the maximum allowed time of inactivity between two consecutive data packets.

Security management properties

To enable security management of the HCL® Connections native apps, change the default value of the MobileAdmin property. For more information about administering security for the Mobile Server application, see the Configuring security for mobile topic.

MobileAdmin
Mobile security administration is disabled by default. To enable it, set the value of the MobileAdmin property to true.
ServiceLocation
Specifies the location of the security management service for Mobile. By default, the ServiceLocation property is empty. An empty value indicates that the security management service is collocated with the HCL® Connections server.
Provide the location of the mobile security management service (Mobile Security Management EAR ) in the format: https://hostname:<port number> if the mobile security management service is hosted on a separate domain. To verify that the service location has been specified correctly, check the device log file to verify that it contains the following line:
Received normal status code for access denial check with url <serviceLocation>/mobileAdmin/security?deviceId=<deviceId>&userId=<userId>
In case of failure, the following line is logged in the device log file:
Service Location is incorrectly defined.Please make sure that the location starts with the https protocol when defined in the mobile config file. --> <ServiceLocation></ServiceLocation> </MobileAdmin>

Change the value of this property only if the security management service is deployed on a domain different from HCL® Connections. For example, if HCL® Connections is hosted at https://example.com and the security management service is hosted at https://example.org, change the value of the ServiceLocation property to https://example.org.

If you specify a domain for the security management service in this property, you must enable single sign-on between this domain and the HCL® Connections domain.

Note: Disable the Mobile security administration by setting MobileAdmin to false if you are using an MDM such as MaaS360 or MobileIron.

Security properties

AccountServerURL

Optional. A fully qualified Connections Mobile Server domain name and URL path that must be used by all Connections Mobile Server applications connecting to this server. If this value is set and a Mobile Server application connects to this server without using the same hostname and URL path, then the Mobile Server application will automatically migrate its account to use the Server URL provided here. Do not provide this value unless you require account migration from one URL to another.

For example: https://connections.example.com/mobile

In the preceding example, if a user has configured their Connections Mobile account to use anything other than https://connections.example.com/mobile, then when they connect to this server they will be prompted to automatically migrate the mobile configuration to use https://connections.example.com/mobile as the Connections server.

AuthType
Specifies the authentication type. Allowed values are SiteMinder, Form, Basic, SPNEGO, and OAuth. There is no default value. When using SPNEGO, the iOS app supports SPNEGO with NTLM and SPNEGO with Kerberos. The Android app only supports SPNEGO with NTLM. 
enabled
The security settings are disabled by default. To enable them, set the value to true.
InfoPageNegativePathPattern

Contains a regular expression that can be used to match the URL of a negative response page. The detection of the negative page indicates that the user did not accept the information page. When this URL pattern is matched, the user cannot open the app.

Note: This option is ignored when AuthType is set to OAuth.
InfoPagePathPattern

Contains a regular expression that can be used to match the URL of the information page. The information page usually states the terms of using the website. Users must agree to the terms before they can proceed. When this URL pattern is matched, the user can open the app.

Note: This option is ignored when AuthType is set to OAuth. Because the login form will be shown in a webview for OAuth, the information displayed by this page should be shown as part of the authorization flow from the server.
InfoPagePositivePathPattern
Contains a regular expression that can be used to match the URL of a positive response page. The detection of the positive page indicates that the user accepted the information page.
LoginFormName
Defines the login form name in the custom authentication form.
Note: This option is ignored when AuthType is set to OAuth.
LoginUrlContext
Defines the login URL context for the custom authentication form.
Note: This option is ignored when AuthType is set to OAuth.
LoginErrorUrlContext
Defines the error URL login context.
Note: This option is ignored when AuthType is set to OAuth.
OAuthAuthorizationURL

Fully qualified URL of the OAuth Authorization server authorize endpoint. For example:

https://oauthserver.example.com/op/authorize

This field must be specified when using an AuthType of OAuth.

OAuthClientId

OAuth Client ID used by the Connections Mobile Server application. You must ensure that this client ID is registered with your OAuth Authorization Server. Some Authorization Servers may generate a new client ID for each new application type, and if so, replace the default value with the one registered at the authorization server.

Default value = connections_social_mobile

OAuthScopes

If your OAuth Authorization server requires clients to use a custom scope, then provide the scope or scopes here that should be used by the Connections Mobile app. Separate multiple scopes using a space character. Note that OpenID scope offline_access is not required and not supported at this time.

Default value = <empty>

OAuthTokenURL

Fully qualified URL of the OAuth Authorization server token endpoint. For example:

https://oauthserver.example.com/op/token

This field MUST be specified when using an AuthType of OAuth.

PasswordFieldName
Defines the password field name in the custom authentication form.
Note: This option is ignored when AuthType is set to OAuth.
RejectUntrustedCertificates
When set to true, the app rejects any untrusted certificates that are presented to it and denies app access. The default value is false.
UseridFieldName
Defines the user field name in the custom authentication form.
Note: This option is ignored when AuthType is set to OAuth.
TermsOfUsageURL
Specifies the address of a webpage that contains a Terms of Usage statement for the Connections mobile app. The Connections app displays the webpage during login and provides OK and Cancel links. The user must confirm acceptance of the terms by tapping OK before the login continues. If the user taps Cancel, the login process is stopped and the app closes.

This setting provides a simple way for administrators to show a single Terms of Usage page that the user either accepts or rejects. If your Connections deployment requires a more sophisticated process, such as recording that the user accepted the agreement, use the InfoPagePathPattern setting.

Note: The webpage that is specified by this property is displayed before the user logs in. Therefore, do not specify a secure (https) page.
TermsOfUsagePromptAlways
When set to true, the user is always shown terms of usage when they log in to the app. The default value is true.
Note: If RememberPassword is set to true, then terms of usage is shown when the user logs in for the first time, after the user logs out, or after the app is restarted. Terms of usage is not shown when the app automatically logs the user in due to the authentication token timing out.

If TermsOfUsagePromptAlways is set to false, the user only sees terms of usage the first time they log in to the app, or if the user logs in and the value of the TermsOfUsageURL has changed since the last time the user logged in. If you set TermsOfUsagePromptAlways to false, but you want to display terms of usage when its contents are updated, you must update a parameter on the URL each time you update the terms of usage contents. For example, set TermsOfUsageURL to http://mycompany.com/terms.html?v=1. If you update terms.html, you must change the value of TermsOfUsageURL to something else, such as http://mycompany.com/terms.html?v=2, so that the app displays terms of usage again.

App password policy properties

Use these properties to set an app password policy that is enforced by the mobile clients. If an app is managed by an MDM, then the AppPassword policy has no effect. MDM policies can be set up to require an app password.
<AppPassword enabled="true|false">
   <Type>Numeric|Alphabetic||Alphanumeric|Complex</Type>
   <MinLength>nn</MinLength>
  <MinLetters>nn</MinLetters>
   <MinNumeric>nn</MinNumeric>
   <MinNonLetters>nn</MinNonLetters> 
   <MinUpperCase>nn</MinUpperCase>
   <MinLowerCase>nn</MinLowerCase> 
   <MinSymbols>nn</MinSymbols>
   <Autolock>nn</Autolock> 
   <Expiration>nn</Expiration>
   <History>nn</History> 
   <WipeFailures>nn</WipeFailures>
   <AllowSequences>true|false</AllowSequences>
   <AllowFingerprintAuthentication>true|false<AllowFingerprintAuthentication>
</AppPassword
>
AppPassword enabled
Enable or disable the app password policy by specifying a value of true or false. false is the default value.
Type
Required. Valid values include:
Numeric
Password can only contain numeric characters.
Alphabetic
Password can contain alphabetic characters and symbols but no numeric characters.
Alphanumeric
Password must contain at least one alphabetic character and one numeric character.
Complex
Password must contain at least one alphabetic character, one numeric character, and one special character.
MinLength
Optional. The minimum length requirement for the password.
If Type is set to Numeric:
  • On iOS, MinLength is set to 4.
  • On Android, valid values for MinLength range from 4 to 8.
MinLetters
Optional. The minimum number of letters required for a complex password. This only applies to Complex password types. The default value is 1.
MinNumeric
Optional. The minimum number of numeric characters required for a complex password. This only applies to Complex password types. The default value is 1.
MinNonLetters
Optional. The minimum number of non-alphanumeric characters required for a complex password. This only applies to Complex password types. The default value is 1.
MinUpperCase
Optional. The minimum number of uppercase letters required for a complex password. This only applies to Complex password types. The default value is 0.
MinLowerCase
Optional. The minimum number of lowercase letters required for a complex password. This only applies to Complex password types. The default value is 0.
MinSymbols
Optional. The minimum number of symbols required for a complex password. This only applies to Complex password types. The default value is 1. A symbol is one of the following characters: ! ” # $ % & ’ ( ) * + , - . / : ; < = > ? @
Autolock
Optional. A timeout value, in minutes, that requires the user to re-enter their password if no activity has taken place for the time period that is defined in this property. The default value is 0 (no autolock).
Expiration
Optional. The number of days that a password can be used before the user is required to change it. The default value is 0 (no password expiration).
History
Optional. The number of unique passwords required before reuse of a password is allowed. The default value is 0 (no history maintained).
WipeFailures
Optional. The number of times a user can enter an incorrect password before all data for the app is removed from the device. The default value is 0 (no wipe).
AllowSequences
Optional. Indicates if the password can contain ascending, descending, or repeating characters. Valid values include true and false. If set to false, the password cannot contain any repeating characters or 3 or more ascending or descending characters. The default value is true.
AllowFingerprintAuthentication
Optional. When enabled, and if the device supports fingerprint recognition, users can unlock the HCL Connections app using their fingerprint without having to enter their HCL Connections app password. Valid values include true and false. The default value is false, which disables using fingerprint authentication.
 
When you set an app password policy, the policy is activated when a user creates an account and logs into that server. A user can create multiple accounts to different servers with different password policy settings. If there are different password policy settings, the most secure settings are in effect for the app.
  • Type values from most secure to least secure:
    1. Complex
    2. Alphanumeric
    3. Alphabetic
    4. Numeric
  • The largest MinLength setting takes effect.
  • The smallest Autolock setting takes effect.
  • The smallest Expiration setting takes effect.
  • The largest History setting takes effect.
  • The smallest WipeFailures setting takes effect.
  • AllowSequences=false overrides AllowSequences=true.
  • AllowFingerprintAuthentication=false overrides AllowFingerprintAuthentication=true.

MAMRequired properties

enabled
Enables the Mobile Server application Management requirement. To disable the requirement, set the value to false.
MAMSignature
The MAM Policy Signature which the app will validate against the MAM provider. For more information on using the MAM Required policy and how to generate the MAMSignature value see Configuring the Mobile Server application Management Required policy for Connecetions Mobile.

Extensibility properties

Use these properties to add new applications to the Home page. For information about how to apply these properties, see the Applying extensibility properties topic.

name
Specifies a unique name for the application.
enabled
Shows or hides the application in the Home page by specifying true or false. The default value is true.
ApplicationIcon
Specifies the icon images for each operating system and density. Images must be stored under the shared_data_directory_root/customization/mobile/images directory. If this directory structure does not already exist, you must create it.
Copy your icons to the directory that is appropriate for each mobile operating system:
  • android/hdpi

  • android/ldpi
  • android/mdpi
  • android/xhdpi

  • android/xxhdpi
  • android/xxxhdpi
  • ios/reg

  • ios/retina

HPDI, MPDI, and LPDI correspond to high, medium, and low densities on Android. XHDPI, XXHDPI, and XXXHDPI describe extra-high density resolutions. Reg and Retina are the screen densities on iOS.

(iOS only) You can find the default icons for Regular and Retina at the following location: node/installedApps/cell/Mobile.ear/mobile.web.war/extensibilityIcons. For information about the specifications for icons, see the Extensibility Icons for iOS topic.

Use the following standard image sizes for iOS icons:
  • Reg: 24 pixels x 24 pixels 72 pixels per inch
  • Retina: 48 pixels x 48 pixels 72 pixels per inch
DefaultLocation
Specifies the location of an image for the web client. This location is typically the shared_data_directory_root/customization/mobile/images directory. This image is used if you do not specify an image for any of the density fields.
ApplicationLabel
Specifies a label for the new application. The label is displayed on the Home page.
ApplicationURL
Specifies the web address of the application or the native app URI for the application. HCL Connections uses this URL to start the new application. You can use the token %userid% in the URL. The mobile app will substitute the current user's userid before opening the URL.
The following excerpt from a sample mobile-config.xml file demonstrates how to specify a new application:
<Applications>
<Application name="ApplicationName" enabled="true">
<ApplicationIcon>
<Android>
<Hdpi>/images/ibmhdpi.jpg</Hdpi>
<Mdpi>/images/ibmmdpi.jpg</Mdpi>
<Ldpi>/images/ibmldpi.jpg</Ldpi>
</Android>
<IOS>
<Reg>reg</Reg>
<Retina>retina</Retina>
</IOS>
<DefaultLocation>/images/ibm50.jpg</DefaultLocation>
</ApplicationIcon>
<ApplicationLabel>HCL</ApplicationLabel>
<ApplicationURL>http://www.ibm.com</ApplicationURL></>
</Application>
</Applications>
However, the extended application is not shown in the menu until the admin appends the ApplicationLabel to the DefaultNavigationOrder as shown using Instant Messaging in the following example:
<DefaultNavigationOrder>profiles,communities,files,filesync,wikis,activities,forums,blogs,bookmarks,Instant Messaging</DefaultNavigationOrder>
Note: The <DefaultNavigationOrder> item can include extensions as well as the default Connections applications.

Touchpoint properties

enabled
Enable to provide mobile support for Touchpoint.
positiveExitPattern
Provide a positive exit pattern to determine the exit navigation that should occur when a user completes Touchpoint. If no entries are provided, the Mobile service will provide a default pattern, which is based upon Homepage and Orient Me enablement.
negativeExitPattern
Provide a negative exit pattern to determine the exit navigation that should occur when a user cancels Touchpoint. If no entries are provided, the Mobile service will provide the following pattern: /logout
<Touchpoint enabled="true">
	<positiveExitPattern>/homepage|/social</positiveExitPattern>
	<negativeExitPattern>/logout</negativeExitPattern>
</Touchpoint>

Generic properties


<!-- Generic Property Support -->
    <properties>
        <genericProperty name="createCommunityEnabled">true</genericProperty>
        <genericProperty name="inviteGuestUIEnabled">true</genericProperty>
    </properties>
createCommunityEnabled
Enable to provide mobile support for Community creation. To disable the support, set the value to false. The default setting is true.
inviteGuestUIEnabled

Enable to provide mobile support for the Invite Guest UI. To disable the support, set the value to false. The default setting is true.