What are in-house apps?
In-house apps are private apps custom-built for an organization, to be used by employees within the same organization. These applications can be developed in-house, or sourced from third-party developers. In-house apps are not meant to be pushed to public users and cannot be deployed on public app stores. These applications are exclusively used to fulfill specific business needs and help employees to increase their productivity.
What is a manifest URL?
A manifest URL is a link to an XML file that describes the package contents of an application and specifies where the app is located. In addition, this file defines essential information about the app, including its name, version and identifier, along with details on how to find, download and install the app from your secure web server.
How do manifest URLs work?
A manifest URL is essentially a link to your app’s manifest file. The manifest file in turn, provides instructions on how to install your in-house app on the end user’s device. By uploading this manifest file to a secure web server (preferably one that’s only accessible to your authorized end-users), and providing the fully qualified https link to the manifest file, IT can seamlessly distribute apps via manifest URL to all their end-users.
Currently, there exist two ways to push your in-house apps to the authorized end-users:
Utilizing a UEM solution enables IT to easily distribute apps via manifest URL to the end-users. All they have to do is provide the download link to their UEM app inventory, and voila! You can now efficiently push your in-house apps with one touch, directly from the UEM portal itself. We’ve set up a detailed guide on how to achieve this down below.
How to distribute iOS, tvOS, macOS in-house apps via manifest URL
To push in-house apps privately to your iOS, tvOS, macOS endpoints, you will first need to generate a developer certificate, a unique app ID, and a provisioning profile for your application. All of these can be obtained from the Apple Enterprise Developer portal.
- Login to your Apple Enterprise Developer account
- Click on the option ‘Certificates, Identifiers and Profiles’
- Select the option to add a new certificate
- Follow the given instructions to create a certificate
- Navigate to ‘Identifiers’ and click on the option to generate a new identifier
- Select the ‘App ID option’.
- Create a Bundle ID and provide a description for your App ID.
- Preferable Bundle ID format: com.yourcompanyname.yourappname – eg: com.hexnode.hexnodemdm
- Follow the given instructions to generate an App ID
- Navigate to ‘Profiles’ and click on the option to generate a new profile.
- Depending on your requirements, fill out the given instructions and choose the App ID that was created earlier.
- After following the required steps, go ahead and download the provisioning profile.
Once you’ve obtained the provisioning profile, open Xcode and select your created provisioning profile from, App Target > Build Setting > Signing > Provisioning Profile. Set the build destination, depending on your end-users’ device platforms. Then, validate your app by navigating to Product Menu > Archive > Validate. On successful validation, push the app by selecting Distribute > Save for Enterprise Deployment.
You must check the ‘Include manifest for over-the-air installation’ checkbox.
Once you save the app package, Xcode will generate a manifest (.plist) file for your application.
Once you’ve created your in-house app and generated a manifest file, you must upload the app package and the (.plist) manifest file to a secure (https) server. However, in the case of Apple in-house apps, a few additional requirements must be met to upload and push your application successfully.
Now, when generating a link to download your application, do not provide the URL link to the app package location. Instead, provide the URL link to the location of the manifest (.plist) file.
Once the end-user clicks on this link, the manifest file is downloaded, which in turn triggers the download of your in-house app.
Now, after the end-user installs the application and launches it for the first time, a pop-up will appear, which will prevent the app launch until they confirm the developer’s trust on their device. This must be done by navigating to Settings > General > Profiles and Device Management, and enabling the option to trust the developer.
If you’re using a UEM solution to push your in-house app, all you have to do is enter the URL of the .plist file in the UEM portal. The UEM portal will add your in-house app to the app inventory, following which IT can easily deploy the application to the end-users’ devices.
How to distribute Android in-house apps
Unlike Apple, Android in-house apps do not require a separate manifest URL when distributing these applications outside the app store. Instead, the manifest file is bundled with the Android .apk itself. Once it is ready for deployment, all that your IT requires to push these apps, is the URL link to the .apk file.
Before providing the URL link to your app, make sure that it is uploaded on a secure (https) server. Now, when generating the link to download your application, provide the full URL link to the location of the .apk file.
Once an end-user clicks on this link, the download of your in-house app is initiated.
If you’re uploading your in-house app to your UEM app inventory, provide the app URL, along with its bundle identifier, version name and version code.
The version code represents the nth version of your app. In case of app updates, the version code will be incremented in single-digit numericals. However, the version name is incremented entirely based on developer preference.
How to distribute Windows in-house apps
Similar to Android apps, Windows in-house apps do not require a separate manifest URL when distributing them outside the app store. Instead, the manifest file is bundled with the .msi itself. Once the application is ready for deployment, IT just needs the URL link to this .msi file to begin distribution.
Here too, you must make sure that the application is uploaded on a secure server, before providing the URL link to the location of the .msi file.
Once an end-user clicks on this link, the download of your in-house app is initiated. Even when uploading your in-house app to your UEM app inventory, you can use this same URL link to initiate the download.