Problem description: MDX app policies are configured but the app that is not managed does not launch automatically as expected.

Example use case: iOS has the Booking.com app installed from the Public App Store. The device also has Secure Web and Secure Mail installed. The Secure apps are managed by MDX. Booking.com is not a managed app.

Desired outcome: when a user clicks a link in Secure Mail and that link is for booking.com (such as 'http://www.booking.com/Shared-123abc' , then the Booking.com app should launch with the specific hotel from the link displayed.

Example problem outcome: instead of the Booking.com app launching with the hotel on display, Secure Web instead opens the booking.com website (with the hotel on display).
When the same link is clicked on from native mail, then the Booking.com app launches as expected.
Why does Secure Mail launch Secure Web to open the booking.com website, instead of Secure Mail launching the Booking.com app, like the native mail app uses?

Citrix is not responsible for and does not endorse or accept any responsibility for the contents or your use of these third party Web sites. Citrix is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement by Citrix of the linked Web site. It is your responsibility to take precautions to ensure that whatever Web site you use is free of viruses or other harmful items.

Solution: use MDX app policies to configure the desired outcome. The specific steps listed on this article achieve success.

App URL Schemes can be misunderstood or easily confused sometimes. These steps can help you with configuration problems….

 

The following details and points will help for you to configure 'any' such app appropriately on your server also:
 

 

-          Secure Web MDX Configuration:

No specific configuration is needed with Secure Web. The following default settings can be used with Secure Web MDX, for the purposes of this example:

App URL schemes:
 

ctxmobilebrowser:,ctxmobilebrowsers:,ctxmobilebrowserappstore:
 

(For reference, these are those App URL Schemes which Secure Web will register with iOS as being handled by the Secure Web app itself).

Allowed URLs:
 

^http:,^https:,^mailto:=ctxmail:,+^ctxmailex:,+^ctxmailex2:,+^citrixreceiver:,+^telprompt:,+^tel:,+^col-g2m-2:,+^col-g2w-2:,+^col-g2t-2:,+^maps:ios_addr,+^mapitem:,+^itms-services:,+^itms-apps:,+^itms-appss:,+^ctx-sf:,+^lmi-g2m:,+^lync:
 

(For reference, these are the App IDs and also the App URL Schemes which Secure Web will be allowed to process. One outcome of a process might be that it is simply 'allowed'. Clicking on a link and seeing it proceed to load is one example of this. For those entries where an '=' symbol is seen, then not only will this action be 'allowed to process' but it will also be an action which is 'passed over to' or 'converted in to' whatever is on the right side of the '=' symbol).

 

-          Secure Mail MDX Configuration:

This is where our solution is used. The following default settings are found:

App URL schemes:
 

ctxmail:,ctxinternalmail:,ctxmailex:,ctxmailex2:,ctxmailappstore:,ctxmailoauth:,ctxevent:

Allowed URLs

+maps.apple.com,+itunes.apple.com,+apps.apple.com,^http:=ctxmobilebrowser:,^https:=ctxmobilebrowsers:,^mailto:=ctxmail:,+^citrixreceiver:,+^telprompt:,+^tel:,+^lmi-g2m:,+^col-g2w-2:,+^maps:ios_addr,+^mapitem:,+^sms:,+^facetime:,+^ctxnotes:,+^ctxnotesex:,+^ctxmobilebrowser:,+^ctxmobilebrowserappstore:,+^ctxtasks:,+^facetime-audio:,+^itms-apps:,+^ctx-sf:,+^sharefile:,+^lync:,+^slack:,+^slackmdm:,+^msauth:

So that the desired outcome be achieved, change 'Allowed URLs' to the following:
 

+com.booking.BookingApp,+maps.apple.com,+itunes.apple.com,+apps.apple.com,^http://www.booking.com/,^http:=ctxmobilebrowser:,^https:=ctxmobilebrowsers:,^mailto:=ctxmail:,+^citrixreceiver:,+^telprompt:,+^tel:,+^lmi-g2m:,+^col-g2w-2:,+^maps:ios_addr,+^mapitem:,+^sms:,+^facetime:,+^ctxnotes:,+^ctxnotesex:,+^ctxmobilebrowser:,+^ctxmobilebrowserappstore:,+^ctxtasks:,+^facetime-audio:,+^itms-apps:,+^ctx-sf:,+^sharefile:,+^lync:,+^slack:,+^slackmdm:,+^msauth:

 

 

---

Problem Cause

The modified configuration impacts Secure Mail. The changes to 'Allowed URLs' do the following:

1) Added +com.booking.BookingApp,

- this is so that Secure Mail is 'allowed' to call the Booking.com app directly

 

2) Added ^http://www.booking.com/,

- note that this addition is found early on in the string, when compared to one of the default entries which is already there; "^http:=ctxmobilebrowser:,^https:=ctxmobilebrowsers:".
- this is an important part of the configuration because it means that when Secure Mail 'sees' a link in the style being tested with (that is those links which start with 'http://www.booking.com/'), then Secure Mail will dispatch this type of link directly to the Booking.com app.
- for 'other' types of http (and https) links, those will instead continue to be captured by the default ;later part of the rule', "^http:=ctxmobilebrowser:,^https:=ctxmobilebrowsers:".
 

For reference, "^http:=ctxmobilebrowser:,^https:=ctxmobilebrowsers:" will then in turn 'convert' http and https in to their Secure Web equivalents. Because Secure Web registers these App URL Schemes (ctxmobilebrowser and ctxmobilebrowsers) as those to be used by the app within iOS, then these kinds of links will continue to open up in Secure Web.