iOS and Android

The Glean mobile apps give your teammates access to Glean Search and Glean Assistant from their iOS and Android devices. You can deploy the apps to managed devices and configure app protection policies to meet your organization's security requirements.

• iOS App Store
• Google Play Store

Prerequisites

Before deploying the Glean mobile apps, make sure you have:

• An active Glean tenant with SSO configured through your identity provider (for example, Okta or Microsoft Entra ID)
• For Intune App Protection: a Microsoft Intune environment with app protection policies configured
• The Glean app bundle ID: com.glean.app

Configure Microsoft Intune App Protection

The Glean mobile apps for iOS and Android support Microsoft Intune App Protection (MAM). This lets you apply app protection policies to the Glean app without requiring full device enrollment.

1

Contact Glean support

Reach out to Glean support to enable the Intune enrollment feature flag for your tenant. Until this flag is turned on, Intune enrollment prompts won't appear in the Glean app.

2

Target the Glean app in Intune

In your Microsoft Intune admin center, add the Glean app using the bundle ID com.glean.app to your app protection policy.

3

Allowlist the callback URL scheme

Add com.glean.app:/auth-callback to the allowed URL schemes in your Intune App Protection configuration. This allows the browser to redirect back to the Glean app after authentication.

Important

If the callback URL scheme com.glean.app:/auth-callback isn't allowlisted, teammates may complete sign-in successfully but the session won't transfer back to the Glean app.

Configure Conditional Access for mobile sign-in

If your organization uses Conditional Access policies that require Microsoft Edge as the managed browser on mobile, the Glean iOS app opens the SSO flow directly in Microsoft Edge instead of the system browser.

To ensure the sign-in flow completes successfully, allowlist the callback URL scheme com.glean.app:/auth-callback in your MAM or Intune App Protection policy. This allows Edge to redirect back to the Glean app after authentication.

Control mobile access

Glean doesn't currently offer an org-level toggle in the admin console to turn off mobile app access. To manage mobile access:

• Block mobile sign-in: Configure your identity provider (for example, Okta or Microsoft Entra ID) or MDM solution to restrict access from mobile devices.
• Enforce data protection controls: Use Microsoft Intune App Protection Policies to manage restrictions such as copy and paste prevention or screenshot prevention on mobile devices.

Access Glean Search and Glean on the go from anywhere!

Verify that your Conditional Access and Intune App Protection policies allow the Glean app callback URL scheme com.glean.app:/auth-callback. This error typically occurs when the authentication redirect is blocked.

Allowlist com.glean.app:/auth-callback in your Intune App Protection configuration. This message appears when Edge completes authentication but is not permitted to hand the session back to the Glean app.

Check whether your Conditional Access policies require a specific managed browser on mobile devices. If so, make sure the Glean app's callback URL scheme com.glean.app:/auth-callback is allowed in your app protection policy so the redirect from the browser back to the Glean app can succeed.