To ensure reliable check out, your devices must check in reliably. This page is intended to document Imprivata’s recommendations for a reliable check in experience.
Your Check In workflow must contain the following actions, at a minimum:
- Perform MDM Command: Clear Passcode
- Check In Device
- Launch App for com.apple.webapp
- On Failure: Retry 3x
Every Apple DEP workflow will additionally include the following actions, which should be left untouched for Check In workflows:
- Device Enrollment Program
- Add WiFi
Optionally, you may add the following actions:
- Check In options to log out of 3rd party apps
- Set Wallpaper to clear out personalized wallpaper
- Perform MDM Command to assign a staging user or remove tags
- Set Attributes to clear any additional data set during Check Out
Notes
- This article assumes you are running Locker for iOS 3.6.1 or later.
- The Launch App action is required to work around a bug introduced in iOS 15. This bug remains in iOS 16, unfortunately. Imprivata has reported this issue to Apple.
- The app com.apple.webapp is a hidden app in iOS that is used for bookmarked web apps. It is usable even if your MDM policy blocks Safari. The app displays a simple blank screen.
- Imprivata no longer recommends launching com.apple.Preferences. This app triggers a bug in iOS 16.2 (apparently fixed in 16.3). Additionally, we want to discourage users from opening Settings, usually.
- Although the workflow editor shows the Check In before the Launch App action, GroundControl actually executes Launch App earlier.