Support managed configurations

Some apps designed for enterprises include built-in settings called managed configurations that IT admins can configure remotely. For example, an app may have the option to only sync data when a device is connected to Wi-Fi. Providing IT admins the ability to specify managed configurations and apply them to devices is a requirement for all solution sets. There are two ways you can support managed configurations in your EMM console:

  • Create your own UI and apply the settings via managedConfiguration in ApplicationPolicy.
  • Add the managed configurations iframe to your console (instructions detailed below) and apply settings via managedConfigurationTemplate in ApplicationPolicy

The managed configurations iframe is an embeddable UI that lets IT admins save, edit, and delete an app’s managed configuration settings. You can, for example, display a button (or similar UI element) in an app's details or settings page that opens the iframe.

Actions available to IT admins from the iframe

mcm iframe
Figure 1. Example managed configurations iframe for Gmail.

Set and save configuration profiles

The iframe retrieves and displays the managed configurations schema for a specified app. Within the iframe, an IT admin can set configurations and save them as a configuration profile. Each time an IT admin saves a new configuration profile, the iframe returns a unique identifier called mcmId. This makes it possible for IT admins to create multiple profiles for the same app.

Edit configuration profiles

The iframe is capable of displaying saved configuration profiles. IT admins can update the settings within a profile and save their changes.

Delete configuration profiles

IT admins can delete configuration profiles from the iframe. This feature is disabled by default.

Add the iframe to your console

Generate a web token

Use enterprises.webTokens.create to generate a web token that identifies the enterprise, and set iframeFeature to MANAGED_CONFIGURATIONS. You must include the returned token, along with other parameters, when rendering the iframe in your console.

Render the iframe

Here's an example of how to render the managed configurations iframe:

<script src=""></script>
<div id="container" style="width: 1000px; height: 1000px"></div>
  gapi.load('gapi.iframes', function() {
    var options = {
      'url': '',
      'where': document.getElementById('container'),
      'attributes': { style: 'height:1000px', scrolling: 'yes'}

    var iframe = gapi.iframes.getContext().openChild(options);

URL parameters

The table below lists all the available parameters for the iframe URL.

token Yes The token returned from Enterprises.createWebToken.
packageName Yes The product ID of the app. For example,
mcmId No The ID of a managed configurations profile.
canDelete No If TRUE, enables a button in the iframe that allows IT admins to delete the managed configurations profile. If FALSE (default value), the button is disabled.
locale No A well-formed BCP 47 language tag that is used to localize the content in the iframe. If not specified, the default value is en_US.

Iframe events

You should also handle the following events as part of your integration.

onconfigupdated The user updates an existing managed configurations profile or creates a new one. This returns an object containing:
  "mcmId": The ID of the managed configurations profile.
  "name": The name of the updated or newly created managed configurations profile.
onconfigdeleted The user deletes an existing managed configurations profile. This returns an object containing:
  "mcmId": The ID of the managed configurations profile.

The sample below shows how to listen for onconfigupdated, as an example:

iframe.register('onconfigupdated', function(event) {

Updates to an app's managed configurations schema

If the developer updates an app’s managed configuration schema, saved configuration profiles are automatically updated. For example, if the developer removes an option, the option will be removed from all existing configuration profiles for the app. If the developer adds an option, the default value for the option (defined by the developer) will be added to all existing configuration profiles for the app.

Apply configuration profiles to policy

Each configuration profile is saved as a unique mcmId. To apply a configuration profile to a policy, specify mcmId in managedConfigurationTemplate.