Table of Contents
- Base Installation
- Prerequisites
- Installation of Keycloak
- Configuration of Keycloak
- Configuration of the Olvid Plugin
- Upgrading
- Additional Configuration
- Configuration of an External IdP
- Using LDAP User Federation
- x509 Client Certificates Authentication
- Configure Olvid via an MDM
- Microsoft Intune
- Workspace ONE
- Using the management console
- How to use the Console
- Misc.
- Changelog
Configure Olvid in Microsoft Intune
In this section, we assume that your user devices are enrolled and managed in Intune. For Android, this corresponds to personal devices with a Work Profile or Fully Managed corporate-owned devices. For iOS/iPadOS devices, this corresponds to personal- or company-owned (enrolled through Apple School Manager/Apple Business Manager or manually) devices.
1. Install Olvid on the devices
Before being able to configure Olvid with Intune :
- for Android the Olvid app must be added to the list of approved “Managed Google Play app”
- for iOS, the Olvid app must be “bought” to be added to the list of allowed applications. Two methods are available:
- Using the device’s owner Apple ID account
- Using the corporate’s iOS volume purchase program / VPP, (an Apple School Manager/Apple Business Manager account is needed)
Android
- open Microsoft Endpoint Manager admin center
https://endpoint.microsoft.com/ - open Apps > All apps and click “Add”
- select “Managed Google Play app” from the drop down menu and click “Select” at the bottom
- search for “olvid” on the store
- click on Olvid, then click the Approve button and confirm approval in the dialogs that open
If you return to the “All apps” tab, Olvid should now appear in your list of apps
Now that the app is listed, you must allow it on your user devices, or you may even force its installation.
- from your list of apps, click on Olvid and open the “Properties” tab
- Scroll down to the “Assignments” part and click “Edit”
- choose either “Required” for some devices
- or “Available” for some users
- “Review + save” your changes
That’s it, Olvid should now be available in Google Play for the selected users. Of course, synchronization with the Intune server may take some time!
Apple (Apple ID account)
- open Microsoft Endpoint Manager admin center
- open Apps > All apps and click “Add”
- Select “iOS Store app” from the drop-down menu and click “Select” at the bottom.
- Search “Olvid” for your region and select it.
- The app information form is automatically filled, you can click “Next”.
- You can then assign the app to specific devices or users, to allow them to install it, or you may even force its installation using “Add group”, “Add all users” and “Add all devices” buttons accordingly. To validate, click “Next”.
- You can review settings before clicking “Create”.
That’s it, Olvid should now be available for installation. Of course, synchronization with the Intune server may take some time!
Apple (volume purchase program)
This method may be preferred with corporate-owned devices, as licensing can be managed directly by the company, through an existing Apple Business Manager/Apple School Manager account.
This guide assumes that you already have a working ABM/ASM account, an active Volume Purchase Program and a VPP token set in your Intune tenant.
- Open Apple Business Manager or Apple School Manager website
- Purchase Olvid licenses in “Apps and Books”. You will need to search for the app using the search bar, select it, then assign licenses to a site and a quantity (steps 4 and 5) before clicking “Get”.
- Licenses synchronization may take a few hours before being available in Intune. Olvid application will then appear in Microsoft Endpoint Manager admin center.
- Open Apps > All apps and click on “Olvid – iOS volume purchase program app” in the list.
- Then open “Properties” > “Assignments” edit button.
- You can then assign the app to specific devices or users, to allow them to install it, or you may even force its installation using “Add group”, “Add all users” and “Add all devices” buttons accordingly. To validate, click “Review + save”.
That’s it, Olvid should now be available for installation. Of course, synchronization with the Intune server may take some time!
2. Push the Keycloak configuration to Olvid
Android
For this part, you may refer to the official Microsoft documentation at:
- go back to the Apps section and this time, choose “App configuration policies”.
- click “Add” at the top, and select “Managed devices”
- choose a name for your configuration: something like “Olvid keycloak (Android)”
- select “Android Enterprise” for the Platform
- choose which Profile Type to apply this configuration to
- click “select app” and choose Olvid in the right panel
- click “Next” to reach the Settings tab:
- click “+Add” at the top to automatically grant specific Permissions to Olvid. We recommend selecting Camera, Record audio, Phone state (read), and Notifications (for Android 13 devices).
- select “Auto grant” for each of these permissions
- choose “Use configuration designer” for the configuration settings format, click the “+Add” button below, and check “Keycloak configuration” in the right panel
- in the “Configuration value” field, enter the keycloak configuration link you can retrieve from the Olvid Management Console (in the user realm dashboard page)
- click “Next” to reach the Assignments tab and choose who to assign this configuration to.
- click “Next” once again and “Create”
That’s it, Olvid should now be configured for your users once they install Olvid. Again, synchronization with the Intune server may take some time!
The first time your users launch Olvid, they should see the following screen, directly prompting them to authenticate, instead of the usual blue startup screen:
Apple
For this part, you may refer to the official Microsoft documentation at:
- Open Microsoft Endpoint Manager admin center.
-
Open Apps > All configuration policies, click “Add”, and then “Managed devices”.
- Choose a name for your configuration: something like “Olvid (iOS)”
- Select “iOS/iPadOS” as platform
- Select app, and then select “Olvid” in the right panel, click “OK”
- Click “Next”
- Select “Use configuration design” as Configuration settings format.
- Enter
keycloak_configuration_uriin configuration key field - Set “String” as value type
- Enter in configuration value field the keycloak configuration link you can retrieve from the Olvid administration console (in the user realm dashboard page)
- Click “Next”
- Enter
- On the “Assignments” tab, you can choose to assign this configuration to “All devices”, “All users” or specific groups. Then click “Next”.
- On the “Review + create” tab, you can review your configuration before applying it using “Create” button.
That’s it, Olvid should now be configured for your users once they install Olvid. Again, synchronization with the Intune server may take some time!
The first time your users launch Olvid, they should see the following screen, directly prompting them to authenticate, instead of the usual blue startup screen:
