Administration

Information

This chapter is in progress. Additional content will follow.

Mobile device management (MDM)

Configure profiles centrally

If you want to create a profile for another user as the administrator, you can use a mobile device management system.

Please note

You should never add passwords or other sensitive data. Other apps may be able to access the information.

The entries vary depending on the provider.

Taking Microsoft Intune as an example:

Create a plist XML file with the following structure and replace the values Server, Name, Username, and Password:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
   <key>DefaultProfileServer</key>
   <string>https://efmd11.elo.com/web-Demo11/</string>
   <key>DefaultProfileName</key>
   <string>Seida Sen</string>
   <key>DefaultProfileUsername</key>
   <string>Seida Sen</string>
   <key>DefaultProfilePassword</key>
   <string>e</string>
</dict>
</plist>

You can make the settings with the mobile device management:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
   <key>SETTINGS_DELETE_SORD</key>
   <true/>
</dict>
</plist>

The following table lists general settings that you can define:

Setting	Type	Default	Description
ProfileDefaultsServer	String		Prefilled server URL if a new profile is created
ProfileDefaultsName	String		Prefilled profile name if a new profile is created.
ProfileDefaultsUsername	String		Prefilled user name if a new profile is created
ProfileDefaultsPassword	String		Prefilled password if a new profile is created. We do not recommend setting this value as it is not secure. Use at your own risk.
DefaultProfileServer	String		Server URL for the demo profile. This profile is created if no other profile exists (e.g. if all the profiles were deleted by a user).
DefaultProfileName	String		Name of the demo profile
DefaultProfileUsername	String		User name of the demo profile
DefaultProfilePassword	String		Demo profile password
SettingBrowseDocumentsEnabled	Boolean	true	Prevents the browser from opening if a new profile is added.
SettingTaskListIncludeGroup	Boolean	true	The group tasks are shown in the task list
SettingTaskListIncludeSubstitution	Boolean	true	The substitution tasks are shown in the task list
SettingTaskListIncludeEscalated	Boolean	true	Escalated tasks are shown in the task list
SettingDeleteSord	Boolean	true	The Delete function is available in the menu (three dots).
SettingSearchOptionShortName	Boolean	false	The Short name field is searched.
SettingSearchOptionFullText	Boolean	true	The full text is searched.
SettingSearchOptionIndexFields	Boolean	true	The fields are searched
SettingSearchOptionExtraText	Boolean	true	The Extra text is searched
SettingSearchOptionVersionComment	Boolean	false	The version comments are searched
SettingOfflineWwanDownload	Boolean	false	ELO connects via the cellular network if no Wi-Fi connection is available
SettingSpotlightOfflineSearch	Boolean	true	Search of documents filed offline using the Apple Spotlight search
SettingMenuArchiveWeight	Integer	10	Sorting the work areas. The lower the default value, the higher the position on the work area toolbar. The value 0 hides the work area. webclient.efmd.disable.region.REGION_ARCHIVE == true sets this value to 0. 0 means that it is hidden.
SettingMenuSearchWeight	Integer	20	Sorting the work areas. The lower the default value, the higher the position on the work area toolbar. The value 0 hides the work area webclient.efmd.disable.region.REGION_SEARCH == true sets this value to 0.
SettingMenuTaskWeight	Integer	25	Sorting the work areas. The lower the default value, the higher the position on the work area toolbar. The value 0 hides the work area. webclient.efmd.disable.region.REGION_TASK == true sets this value to 0.
SettingMenuOfflineWeight	Integer	30	Sorting the work areas. The lower the default value, the higher the position on the work area toolbar. The value 0 hides the work area. webclient.efmd.disable.region.REGION_OFFLINE == true sets the value to 0.
SettingMenuClipboardWeight	Integer	70	Sorting the work areas. The lower the default value, the higher the position on the work area toolbar. The value 0 hides the work area. webclient.efmd.disable.region.REGION_CLIPBOARD == true sets this value to 0.
SettingMenuPostboxWeight	Integer	60	Sorting the work areas. The lower the default value, the higher the position on the work area toolbar. The value 0 hides the work area. webclient.efmd.disable.region.REGION_INTRAY == true sets this value to 0.
SettingMenuSettingsWeight	Integer	0	Sorting the work areas. The lower the default value, the higher the position on the work area toolbar. The value 0 hides the work area.
SettingMenuDatasetsWeight	Integer	80	Sorting the work areas. The lower the default value, the higher the position on the work area toolbar. The value 0 hides the work area. webclient.efmd.disable.region.REGION_ACTION == true sets this value to 0.
SettingMenuDashboardWeight	Integer	1	Sorting the work areas. The lower the default value, the higher the position on the work area toolbar. The value 0 hides the work area. webclient.efmd.disable.region.REGION_MYELO == true sets this value to 0.
SettingMenuInUseWeight	Integer	90	Sorting the work areas. The lower the default value, the higher the position on the work area toolbar. The value 0 hides the work area.
SettingMenuQrcodeWeight	Integer	0	Sorting the work areas. The lower the default value, the higher the position on the work area toolbar. The value 0 hides the work area. webclient.efmd.disable.region.REGION_QR_CODE == true sets this value to 0.
SettingTileArchiveWeight	Integer	10	Sorting the tiles. The lower the default value, the higher the position in the tile area. The value 0 hides the tile. webclient.efmd.disable.region.REGION_ARCHIVE == true sets this value to 0.
SettingTileSearchWeight	Integer	20	Sorting the tiles. The lower the default value, the higher the position in the tile area. The value 0 hides the tile. webclient.efmd.disable.region.REGION_SEARCH == true sets this value to 0.
SettingTileTaskWeight	Integer	25	Sorting the tiles. The lower the default value, the higher the position in the tile area. The value 0 hides the tile. webclient.efmd.disable.region.REGION_TASK == true sets this value to 0.
SettingTileOfflineWeight	Integer	30	Sorting the tiles. The lower the default value, the higher the position in the tile area. The value 0 hides the tile. webclient.efmd.disable.region.REGION_OFFLINE == true sets this value to 0.
SettingTileClipboardWeight	Integer	65	Sorting the tiles. The lower the default value, the higher the position in the tile area. The value 0 hides the tile. webclient.efmd.disable.region.REGION_CLIPBOARD == true sets this value to 0.
SettingTilePostboxWeight	Integer	60	Sorting the tiles. The lower the default value, the higher the position in the tile area. The value 0 hides the tile. webclient.efmd.disable.region.REGION_INTRAY == true sets this value to 0.
SettingTileSettingsWeight	Integer	80	Sorting the tiles. The lower the default value, the higher the position in the tile area. The value 0 hides the tile.
SettingTileDatasetsWeight	Integer	70	Sorting the tiles. The lower the default value, the higher the position in the tile area. The value 0 hides the tile. webclient.efmd.disable.region.REGION_ACTION == true sets this value to 0.
SettingTileDashboardWeight	Integer	0	Sorting the tiles. The lower the default value, the higher the position in the tile area. The value 0 hides the tile. webclient.efmd.disable.region.REGION_MYELO == true sets this value to 0.
SettingTileQrcodeWeight	Integer	75	Sorting the tiles. The lower the default value, the higher the position in the tile area. The value 0 hides the tile. webclient.efmd.disable.region.REGION_QR_CODE == true sets this value to 0.
SettingTileInUseWeight	Integer	72	Sorting the tiles. The lower the default value, the higher the position in the tile area. The value 0 hides the tile.
SettingFunctionVisibleAcceptWorkflow	Boolean	true	Display of the function in the menu (3 dots). webclient.efmd.disable.fct.FCT_ACCEPT_WORKFLOW == true sets the value to 0.
SettingFunctionVisibleAddStructure	Boolean	true	Display of the function in the menu (3 dots). webclient.efmd.disable.fct.FCT_ADD_STRUCTURE == true sets the value to 0.
SettingFunctionVisibleAddFavorite	Boolean	true	Display of the function in the menu (3 dots). webclient.efmd.disable.fct.FCT_ADD_FAVORITE == true sets the value to 0.
SettingFunctionVisibleAddToClipboard	Boolean	true	Display of the function in the menu (3 dots). webclient.efmd.disable.fct.FCT_ADD_TO_CLIPBOARD == true sets the value to 0.
SettingFunctionVisibleCheckin	Boolean	true	Display the function in the menu (3 dots).
SettingFunctionVisibleCreateNote	Boolean	true	Display of the function in the menu (3 dots). webclient.efmd.disable.fct.FCT_CREATE_NOTE == true sets the value to 0.
SettingFunctionVisibleDelegateWorkflow	Boolean	true	Display of the function in the menu (3 dots). webclient.efmd.disable.fct.FCT_DELEGATE_WORKFLOW == true sets the value to 0.
SettingFunctionVisibleDeleteReminder	Boolean	true	Display the function in the menu (3 dots).
SettingFunctionVisibleDataSetDownloadForms	Boolean	true	Display the function in the menu (3 dots).
SettingFunctionVisibleDataUpload	Boolean	true	Display the function in the menu (3 dots).
SettingFunctionVisibleDataSetAdd	Boolean	true	Display the function in the menu (3 dots).
SettingFunctionVisibleEditAction	Boolean	true	Display of the function in the menu (3 dots). webclient.efmd.disable.fct.FCT_EDIT_ACTION
SettingFunctionVisibleEditNote	Boolean	true	Display of the function in the menu (3 dots). webclient.efmd.disable.fct.FCT_EDIT_NOTE
SettingFunctionVisibleEditWorkflow	Boolean	true	Display the function in the menu (3 dots).
SettingFunctionVisibleExecuteAction	Boolean	true	Display of the function in the menu (3 dots). webclient.efmd.disable.fct.FCT_EXECUTE_ACTION
SettingFunctionVisibleForwardTask	Boolean	true	Display of the function in the menu (3 dots). webclient.efmd.disable.fct.FCT_CONFIRM_WORKFLOW
SettingFunctionVisibleFileDocument	Boolean	true	Display the function in the menu (3 dots).
SettingFunctionVisibleGoto	Boolean	true	Display of the function in the menu (3 dots). webclient.efmd.disable.fct.FCT_GOTO
SettingFunctionVisibleGotoTask	Boolean	true	Display the function in the menu (3 dots).
SettingFunctionVisibleHandoffTask	Boolean	true	Display the function in the menu (3 dots).
SettingFunctionVisibleInsertDocument	Boolean	true	Display the function in the menu (3 dots).
SettingFunctionMarkAsUnseen	Boolean	true	Display the function in the menu (3 dots). The task is marked as unread.
SettingFunctionVisibleNewDocument	Boolean	true	Display of the function in the menu (3 dots). webclient.efmd.disable.fct.NEW_DOCUMENT
SettingFunctionVisibleNewSearch	Boolean	true	Display of the function in the menu (3 dots). webclient.efmd.disable.fct.NEW_SEARCH
SettingFunctionVisibleNewVersion	Boolean	true	Display of the function in the menu (3 dots). webclient.efmd.disable.fct.NEW_VERSION
SettingFunctionVisibleOffline	Boolean	true	Display of the function in the menu (3 dots). webclient.efmd.disable.fct.TO_OFFLINE
SettingFunctionVisibleOpenDocument	Boolean	true	Display of the function in the menu (3 dots). webclient.efmd.disable.fct.FCT_OPEN_DOCUMENT
SettingFunctionVisibleOpenImagePreview	Boolean	true	Display of the function in the menu (3 dots). webclient.efmd.disable.fct.FCT_OPEN_IMGPREVIEW
SettingFunctionVisibleOpenIn	Boolean	true	Display the function in the menu (3 dots).
SettingFunctionVisibleRefresh	Boolean	true	Display of the function in the menu (3 dots). webclient.efmd.disable.fct.FCT_REFRESH_CMP
SettingFunctionVisibleRefreshOffline	Boolean	true	Display of the function in the menu (3 dots). webclient.efmd.disable.fct.fct_REFRESH_OFFLINE
SettingFunctionVisibleRefreshSearch	Boolean	true	Display of the function in the menu (3 dots). webclient.efmd.disable.fct.FCT_REFRESH_SEARCH
SettingFunctionVisibleRemove	Boolean	true	Display of the function in the menu (3 dots). webclient.efmd.disable.fct.FCT_REMOVE
SettingFunctionVisibleRemoveAction	Boolean	true	Display of the function in the menu (3 dots). webclient.efmd.disable.fct.FCT_ACTION
SettingFunctionVisibleRemoveFavorite	Boolean	true	Display of the function in the menu (3 dots). webclient.efmd.disable.fct.FCT_REMOVE_FAVORITE
SettingFunctionVisibleRemoveFromClipboard	Boolean	true	Display of the function in the menu (3 dots). webclient.efmd.disable.fct.FCT_REMOVE_FROM_CLIPBOARD
SettingFunctionVisibleRemoveFromOffline	Boolean	true	Display of the function in the menu (3 dots). webclient.efmd.disable.fct.FCT_REMOVE_FROM_OFFLINE
SettingFunctionVisibleRemoveSearch	Boolean	true	Display of the function in the menu (3 dots). webclient.efmd.disable.fct.FCT_REMOVE_SEARCH
SettingFunctionVisibleQrcode	Boolean	true	Display the function in the menu (3 dots).
SettingFunctionVisibleSendAsEcd	Boolean	true	Display of the function in the menu (3 dots). webclient.efmd.disable.fct.FCT_SEND_AS_ECD
SettingFunctionVisibleSendDocument	Boolean	true	Display of the function in the menu (3 dots). webclient.efmd.disable.fct.FCT_SEND_DOCUMENT
SettingFunctionVisibleShare	Boolean	true	Display of the function in the menu (3 dots). webclient.efmd.disable.fct.FCT_SHARE
SettingFunctionVisibleShowForm	Boolean	true	Display of the function in the menu (3 dots). webclient.efmd.disable.fct.FCT_SHOW_FORMULAR
SettingFunctionVisibleShowIndexForm	Boolean	true	Display of the function in the menu (3 dots). webclient.efmd.disable.fct.FCT_SHOW_INDEX_FORMULAR
SettingFunctionVisibleShowMetadata	Boolean	true	Display of the function in the menu (3 dots). webclient.efmd.disable.fct.FCT_SHOW_METADATA
SettingFunctionVisibleStartWorkflow	Boolean	true	Display of the function in the menu (3 dots). webclient.efmd.disable.fct.FCT_START_WORKFLOW
SettingFunctionVisibleStartAdHocWorkflow	Boolean	true	Display the function in the menu (3 dots).
SettingFunctionVisibleTransferDocument	Boolean	true	Display the function in the menu (3 dots).
SettingKeywordOnFiling	String	"configure"	Enter metadata on filing: The values "configured" (Only for metadata forms with form), "none" (Do not enter metadata), "always" (Always use the form) allow you to configure the options for entering the metadata when filing an entry.
SettingSordFetchLimit	Integer	100	Configuration of the number of SORDs that the server has reported.
SettingDisplayMode	String	"default"	Configures the display of the app. Possible values are "default", "large", and "full". Only for ELO 20 or higher.
SettingUploadUsingMasksWithRequiredFieldAllowed	Boolean	false	If it was set to true, the metadata forms with forms that contain the mandatory fields can be used to upload documents.

Create profile automatically (identity provider)

The following table lists the settings that you can use to create a profile automatically:

Setting	Type	Default	Description
Profile ID	String		ID of the profile. It can be used to update an existing profile (required).
Profile type	String		Type of profile. Valid values: "eloAuth", "msal" (required).
ProfileName	String		Name of the profile (required).
ProfileServer	String		Server URL. It must be an HTTPS URL (required).
ProfileConfigId	String		ClientId that was specified for the ELO server in the ELOauth config (required for eloAuth and msal types).
ProfileClientId	String		"Application ID" that was entered for the enterprise application in the Azure Portal (required for the msal type).
ProfileTenantID	String		Must be set if users are in several organizations. The tenant ID ensures that the user is only logged on to the correct organization.

Enterprise SSO (Intune)

Configure Enterprise SSO in Microsoft Intune. If Enterprise SSO was configured in Microsoft Intune, authentication is carried out automatically for web views.

Configure Enterprise SSO in Microsoft Intune under Configuration settings > Single sign-on app extensions.

The following values must be entered:

Area	Value
App bundle IDs	com.elo.mobile.ELO
Additional configuration	You must add com.elo. in the Value column under AppPrefixAllowList.

For more information about configuration in Microsoft Intune, refer to the Deploy the Microsoft Enterprise SSO plug-in for Apple Devices (opens new window) documentation.

Azure Application Proxy

Information

We recommend that you do not use the Azure Application Proxy.

For more information about the app proxy, please refer to the Azure Application Proxy (opens new window) documentation.

You normally create the MSAL account via MDM. It is also possible manually in the app. This requires briefly shaking the device. You need to be in the New profile area in the configuration. After shaking, the hidden menu item for creating the MSAL account appears.

Requirements

• Configure Enterprise SSO with mobile device management
• Microsoft Authenticator app
• ELO Web Client: Latest version 23.0

Take the following into account when setting up the app proxy for the iOS app:

• You need a URL with a valid SSL certificate.

• The Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant) radio button must be enabled under Azure App Registration > Authentication.

• The area under Azure App Registration > Authentication > iOS/macOS is required for MSAL.

• You can create a group that includes all the users who can authenticate themselves with MSAL under Azure App Registration > Users and groups.

• Take the following into account under Properties:

  • The application ID is the client ID when creating a new profile (MSAL proxy).
  • The config ID (in the app) is the ID you configure in ELOauth under "azureadproxy".

  For more information on the config ID, refer to the Manual configuration chapter of the ELOauth plug-in (opens new window) documentation.

MSAL configuration

Requirements

• ELO server version 20 or higher
• ELOauth: The ELOauth plug-in must exist in prog/webapps/ix-plugins
• ELO server URL in this example: elo.example.com
• ELO repository path: ix-Repository

ELOauth with Entra ID (Azure Active Directory)

Register app in Azure

Method

1. Open https://portal.azure.com.

   

2. Enter a name for the app.

3. Navigate to the Manage > Authentication area.

4. Select Add a platform.

5. Enter the redirect URL. In this example: https://elo.example.com/ix-Repository/plugin/de.elo.ix.plugin.auth/logincb/

1. Navigate to the Certificates & secrets area.

2. Select Add new Client Secret.

   

3. Save the content of the value column. You will need this value later to configure ELOauth.

4. Open the API Permissions area.

5. Under Configured Permissions, configure Grand admin consent for as shown in the following screenshot.

   

6. Create the ELOauth configuration de.elo.ix.plugin.auth.json in Server\config\ix-Repository\ELO-EXAMPLE-1. The content should have the following structure:

      {
   "azuread":
       {
       "mapping":"mail",
       "api":"azure",
       "appKey": "51162350-...",
       "azureTenant": "0bbc3a84-...",
       "appSecret": "...",
       "fixedCallbackUrl": "https://elo.example.com"
       }
   }
   

   The list shows what the individual values stand for:

   • appKey: Application (client) ID
   • azureTenant: Directory (tenant) ID
   • appsecret: The value of the column valuefrom step 8 (Certificates & secrets area)

7. Restart the ELO server to apply the configuration.

Test ELOauth in the browser

https://elo.example.com/ix-Repository/plugin/de.elo.ix.plugin.auth/login/?clientUrl=https://elo.example.com/ix-Repository&configId=azuread

Test in the ELO app

1. Open Configuration > Add profile > Identity provider (via ELOauth).

2. Complete the Name field. You can use any name.

3. In the Server URL field, enter the URL to the ELO server, e.g. https://elo.example.com/ix-Repository.

   The repository path is enough, you don't have to enter the complete web path.

4. Enter the config ID.

   You entered the config ID previously in the ELOauth configuration file de.elo.ix.plugin.auth.json, e.g. under azuread.

MSAL

Register app in Azure

1. Open https://portal.azure.com.

   

2. Enter a name for the app.

3. Navigate to the Manage > Authentication area.

4. Select Add a platform.

5. Enter the redirect URL. In this example: https://elo-example.msappproxy.net/ix-Repository/

6. Select Add a platform > iOS/macOS.

   

7. Complete the following fields:

   • BundleId: com.elo.mobile.ELO
   • RedirectURI: msauth:com.elo.mobile.ELO://auth

8. Navigate to the Certificates & secrets area.

9. Select Add new Client Secret.

   

10. Save the content of the value column. You will need this value later to configure ELOauth.

11. Open the API Permissions area.

12. Under Configured Permissions, configure Grand admin consent for as shown in the following screenshot.

    

Configure connectors in the Azure Portal

'Enterprise applications' > '+ New Application' > 'Add an on-premises application'

The internal URL is http://localhost:9090/ix-Repository/ if the connector is running on the same computer as the ELO server. Otherwise, it has to be adjusted accordingly.

'App Proxy' > 'Download connector service'

1. Download the connector.
2. Install the connector on the computer with the ELO server. During installation, you will be prompted to enter the Azure account.

After installation, the connector is shown in the App Proxy:

Configure ELOauth

1. Open the configuration file de.elo.ix.plugin.auth.json.

2. Enter the values from the area App registration > ELO App Proxy:

   • Application (client) ID in appKey
   • Directory (tenant) ID in azureTenant

3. Open the Azure Portal.

4. Navigate to the Certificates & secrets area.

5. Create a new secret.

6. Insert the content from the value column under appSecret in the configuration file.

{
"AppProxy":
    {
    "mapping":"mail",
    "api":"azure",
    "appKey": "533772b0-...",
    "azureTenant": "0bbc3a84-...",
    "appSecret": "3D...",
    "fixedCallbackUrl": "https://elo-example.msappproxy.net/ix-Repository"
    }
}

1. Restart the ELO server to apply the configuration.

Configure rights

1. In the Azure Portal, navigate to App registrations > ELO App Proxy.

2. Under API permissions, select + Add Permission > APIs my organization uses.

3. Enter the name of the registered app, e.g. ELO App Proxy and select it from the list.

4. Check the user_impersonation box.

5. Select Add Permission.

   

6. Select user_impersonation in the list.

7. Select Grant admin consent for ….

Configure API

1. In the Azure Portal, navigate to App registrations > ELO App Proxy.
2. Select Expose an API.
3. Under "Application ID URI:", select the Edit button.
4. For the URL, enter the repository path, e.g. https://elo-example.msappproxy.net/ix-Repository.

Test in the browser

For the URL, enter the repository path, e.g. https://elo-example.msappproxy.net/ix-Repository/ix?__cmd__=status

Test in the ELO app

1. Open Configuration > Add profile> (Carefully) shake your device > MSAL Identity Provider (per ELOauth).

2. Complete the Name field. You can use any name.

3. In the Server URL field, enter the URL to the ELO server that you configured in App registrations > ELO App Proxy, including the repository path. For example, https://elo-example.msappproxy.net/ix-Repository.

   The repository path is enough, you don't have to enter the complete web path.

4. Enter the config ID.

   You entered the config ID previously in the ELOauth configuration file de.elo.ix.plugin.auth.json, e.g. under AppProxy.

5. Enter the Client ID. This is the Application (client) ID from App registrations > ELO App Proxy.

6. Enter the Tenant ID. This is the Tenant (client) ID from App registrations > ELO App Proxy.

   You will need it if multiple tenants are configured. Set it to avoid errors.

MDM

Deploy ELO app in Intune

1. Open Microsoft Intune.
2. Navigate to Apps > iOS/iPadOS > + Add.
3. Select iOS store App > Select.
4. Open Search the App Store.
5. Enter ELO Digital Office.
6. Select the ELO app.
7. Select Next.
8. Under Assignments, assign the app to users/groups that the app will be rolled out for. You can change this later as well.
9. Select Next.
10. Select Create.

You have to do the same thing for the Microsoft Authenticator app as well. This app is required for Enterprise SSO among other things.

Automatic creation of MDM profile with Intune

1. In Microsoft Intune, navigate to App > App configuration policies > + Create > Device Managed.

2. Select Basics.

3. Enter a name, e.g. ELO with AppProxy.

4. Select Platform > iOS/iPadOS.

5. Select Target app > Select App > ELO.

   Here, you will find the ELO app, since you deployed it in Intune in the previous step.

   

6. Navigate to Settings > Use configuration designer.

   Configuration Key	Value Type	Configuration Value
   Profile ID	String	ID of the profile. You can use any name you want.
   Profile type	String	msal
   ProfileName	String	Profile name. You can use any name you want.
   ProfileServer	String	ServerURL. e.g. https://elo-example.msappproxy.net/ix-Repository
   ProfileConfigId	String	ClientId that was entered for the ELO server in the ELOauth config, e.g. AppProxy
   ProfileClientId	String	"Application ID" that was entered for the enterprise application in the Azure Portal: 533772b0-...
   ProfileTenantID	String	Optional. The tenant ID ensures that the user is only logged on to the correct organization, e.g. 0bbc3a84-...

7. Unter Assignments, select the users/groups you want to automatically assign this configuration on the device.

8. Select Next.

9. Select Create.

Enterprise SSO

We recommend using Enterprise SSO. Otherwise, a login is shown for all forms, such as the feed, My ELO etc. that would have to be completed to be able to use the form.

If you have configured Enterprise SSO, SSO ensures correct authentication.

Perform the following steps:

1. Navigate to Devices > Configuration > + Create > + New Policy.

2. Select Create a profile.

3. Select Platform > iOS/iPadOS > Profile type > Templates.

4. Select Device features > Create > Basics.

5. Enter a name, e.g. Enterprise SSO. You can use any name.

6. Select Next.

7. Navigate to Configuration settings.

8. Select Single sign-on app extension.

9. Select SSO app extension type > Microsoft Entry ID > App Bundle ID > com.elo.mobile.ELO.

10. Select Additional Configuration.

    Key	Type	Value
    browser_sso_interaction_enabled	Integer	1
    disable_explicit_app_prompt	Integer	1
    Enable_SSO_On_All_ManagedApps	Integer	1
    AppPrefixAllowList	String	com.elo.,com.apple.,com.microsoft.

11. Unter Assignments, select the users/groups you want to automatically assign this configuration on the device.

12. Select Next.

13. Select Create.

Test

If you now "roll out" devices with the Microsoft Intune Company Portal, the ELO app should automatically be installed and configured correctly.

When opening the ELO app, the user is prompted to authenticate via Entry ID.