How to enable conditional access for Zoho Mail?  

Description

Organizations that have adopted a BYOD environment must ensure that their corporate data is secure on the users devices. One situation that commonly occurs in organizations, is employees accessing their corporate e-mail accounts from unauthrorised devices once they know their credentials. To prevent this, MDM supports conditional access policy. Using this, admins can revoke access from unauthorised devices.

In case of Exchange, this policy can directly be configured from the MDM server by following the steps given here. If your organization uses Zoho Mail, as their corporate mail service, you would have to configure the Zoho Mail app using Managed App Configurations.

Pre-requisites

  • Zoho Mail app must be present in the App Repository.
  • The App Configurations XML file for Zoho Mail provided by the app developer.

Steps

  • Under Device Mgmt, click on the Zoho Mail iOS app in the App Repository.
  • Navigate to Configurations tab and upload the following XML file. If you are looking to configure other settings in Zoho Mail, include the following key and string combination in the XML file available here.


  •   <?xml version="1.0" encoding="UTF-8"?>
      <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
      <plist version="1.0">
      <dict>
      <key>mdm_restrict_login</key>
      <string>%conditional_access_token%</string>
      </dict>
      </plist>
       
  • In case of Zoho Mail app for Android devices, under the Configuration tab, enter %conditional_access_token% for the key Conditional Access Token.
  • Once done, select Groups & Devices from the left pane.
  • Select the group(s)/device(s) to which the apps must be associated and click on Distribute Apps.

The app is distributed to the App Catalog present in the ME MDM app on the device, from where the user can install the app. To install the apps without user intervention, click here.

 You can test how this works by downloading any Zoho app and signing in before and after enrolling a device with MDM.

Before enrollment:

  1. Download a Zoho app on the Android device from playstore.
  2. Login using your Zoho account
  3. Access will be restricted saying that you are unauthorised.

Distribute the app

  1. On the MDM console, go to Device Management tab-> App Repository.
  2. Configure Android for Work as explained here.
  3. Approve the Zoho app as explained here.
  4. On the MDM server, navigate to Device Mgmt -> App Repository -> Sync Apps -> Sync Play Store Apps.
  5. Select the Zoho app that you approved and select App configurations. Specify the value %conditional_access_token% for the key Conditional Access Token.

After enrollment:

  1. Enroll the device with MDM and distribute the app to the device.
  2. Try signing into the app.
  3. Now the login will be successful since the app is distributed using MDM.