Overview

Managing the access and use of sensitive data is a key pillar of enterprise security. Role-based access control (RBAC) enables complex network environments to meet privacy and confidentiality regulations while securing business processes. Role-Based Auto-Launch is a Launcher feature that grants access to settings and other applications using an 'Allow' list or a 'Block' list. It ensures that users only have access to information required to accomplish tasks. This also cuts onboarding time to a few minutes.

User Guide

Role-Based Auto-Launch allows IT administrators to determine how Android enterprise devices can be accessed based on the logged-in user's IdP groups. Restrictions can be applied to enable or disable certain functionalities, network connections, and app configurations.

1. To configure a role-based auto-launch, a login custom intent within the Launcher configuration file will be set up.

2. A filter object defining the user's IdP session group(s) should be included for this login custom intent to occur.

3. For instance, if the user is a stocktaker and has been assigned a stocktaker-specific IdP group, the inventory app will automatically open upon logging in to the Launcher.

Feature Configuration

To set up the Role-Based Auto-Launch feature for a particular device profile or device group, please follow the steps below:

Enabling Role-Based Auto-Launch

When a user logs in and the user group is Associate or Stocktaker, then the Inventory app (package:com.application.inventory) will open by default.

"intents" : {
    "login" : [
        {
            "package": "com.application.inventory",
            "flags": 1,
            "typeIntent": "a",
            "filter": {
                "session.groups": "Associate|Stocktaker"
            }
        }
}