This guide explains how IT administrators can deploy and configure the Weflow mobile app (iOS and Android) using a Mobile Device Management (MDM) solution. It covers a generic deployment flow that applies to any MDM, followed by step-by-step instructions for Microsoft Intune.
Key facts at a glance:
iOS bundle ID:
com.getweflow.mobileAndroid package name:
com.getweflow.mobileMinimum OS: see the current requirement on the App Store and Google Play listings
Sign-in: Salesforce SSO. No personal accounts.
Support contact:
support@getweflow.com
Overview
The Weflow app is distributed through the public Apple App Store and Google Play Store. MDM deployment lets you:
Push the app to managed devices without users searching the store
Enforce data protection policies
Keep the app updated automatically
Users sign in with Salesforce SSO, so there is no manual account setup to pre-configure. The same public app is used in all cases; you do not need a private or custom build.
Prerequisites
An active MDM tenant with devices already enrolled
Apple Business Manager (ABM) for silent iOS installs, optional but recommended
Managed Google Play connected to your MDM for Android
An existing Salesforce account plus a matching Weflow account for each user
Generic MDM deployment flow
These steps apply to most MDMs (Intune, Jamf, Workspace ONE, Kandji, Mosyle, and others). Naming differs per product, but the sequence is the same.
Add the app from the public store. Search for "Weflow" in your MDM's store-app catalog, or add it by identifier:
iOS: bundle ID
com.getweflow.mobileAndroid: package name
com.getweflow.mobile
Assign the app to user or device groups. Choose Required (auto-install) or Available (self-service) depending on your rollout.
Apply data protection policies to control copy/paste, backups, and managed-vs-personal data separation.
Verify sign-in on a test device before broad rollout.
There is nothing to pre-configure for sign-in. Users authenticate with Salesforce SSO on first launch.
Microsoft Intune
iOS deployment
In the Intune admin center, go to Apps > iOS/iPadOS > Add.
Select app type iOS store app, then search for Weflow or enter bundle ID
com.getweflow.mobile.For silent install, use a token-backed deployment via Apps > iOS/iPadOS > Add > iOS store app with your ABM/VPP token selected under licensing. Without a token, the user confirms the install.
On Assignments, add your target groups as Required or Available for enrolled devices.
Save and assign.
Android deployment
Go to Apps > Android > Add.
Select Managed Google Play app.
Search for Weflow (package
com.getweflow.mobile), approve it, then sync.On Assignments, add target groups as Required or Available.
Save.
The Weflow app does not read managed app configuration. There are no AppConfig keys to set. Sign-in is handled entirely by Salesforce SSO on first launch.
App protection policies (MAM)
Use App Protection Policies to protect Weflow data without managing the whole device, useful for BYOD.
Go to Apps > App protection policies > Create policy.
Target the Weflow app.
Configure data relocation (block backup, restrict copy/paste to managed apps), access requirements (PIN or biometrics), and conditional launch rules (block jailbroken/rooted devices).
Assign to your BYOD groups.
Conditional access
Because Weflow authenticates through Salesforce, device and compliance enforcement happens at the identity layer behind your Salesforce login, not at a Weflow app registration in Entra.
If your org logs in to Salesforce via your own IdP (Entra, Okta, etc.), apply your device-compliance conditional access policy there. It will then gate Weflow automatically.
In Salesforce, you can further restrict access with login IP ranges, login flows, and Connected App policies.
Single sign-on
Weflow authenticates users through Salesforce SSO. There is no Weflow-specific IdP setup for you to configure.
On first launch, the app sends users to the Salesforce login flow.
Only users with an existing Salesforce account and a matching Weflow account can sign in. There is no self-signup and no personal accounts.
If your org federates Salesforce login to your own IdP, that login experience (including MFA and device checks) carries through to Weflow automatically.
Verification
On a test device, confirm:
The app installs without manual store interaction (Required assignment)
Sign-in redirects to Salesforce and completes successfully
Data protection rules behave as expected (for example, copy/paste is restricted)
Updates arrive automatically when a new version ships
Troubleshooting
Symptom | Likely cause | Fix |
App does not auto-install | Missing ABM/VPP token (iOS) or app not approved in Managed Google Play (Android) | Add the token, or approve and sync the app |
User cannot sign in | No matching Salesforce or Weflow account | Confirm the user has both an active Salesforce account and a Weflow account |
Sign-in blocked | Conditional access at your IdP requiring compliance | Confirm the device is enrolled and compliant in your MDM |
Support
For help with deployment or sign-in, contact support@getweflow.com.