Enterprise or Business to Employee (B2E) mobile apps can be quite different from their B2C counterparts. B2C apps, tend to focus on a small number of screens or feed for their main usage, and additional screens are not as frequently used, but there to serve ancillary functionality as needed.

B2E apps, are focused on function, normally recording or accessing data for their day to day job. Many of them are replacing hand written recordings, for digital records, that are automatically synchronized to the main database. The fact that these users are employees to a larger company, and are using it as required by their job, results in a number of differences you have to handle, not just in the code, but the processes surrounding it.

Application Architecture

I assume that most of you will have heard of MVVM and Dependency Injection. I would recommend these for any Xamarin Forms development, not just enterprise. Using MVVM with Dependency Injection, will set you up towards a quality Xamarin Forms app. How to architect your app if it's going to have a very large code base, is another story, but it will not be covered in this post.

But, when we are dealing with the enterprise, there are additional considerations, you need to make.

API

If you use one API, that you control, lucky you. Unfortunately that isn't always the case in enterprise apps. You may have a smattering of API's that you don't control, and they can change, during your apps lifetime, especially when you are dealing with a poorly implemented API.

To counter this, I always create an aggregate service layer, for my repositories. A repository class, is just the code that connects to the API and send / retrieves data between them.

This shields your application from API changes, and removes it as a dependency when unit testing.

Complex Navigation

Due to many more pages, multi-step forms and possibly multi-role capabilities, navigation can become increasingly difficult. Navigation flows you may encounter are:

1. Don't allow the back button to go back to the login page.
2. Start a multi-page form fill in, with the ability to leave, then come back, and expect to resume in the same state.
3. Warn or stop navigation, if a user has failed to complete the required steps.
4. View a page, but don't keep it in the navigation stack, once they have moved on.
5. Avoid duplication of pages in the navigation stack, and load the existing one if present.

These navigational flows are quite complex, and they are not built into any MVVM framework, except for Exrin. It's one of the main reasons, Exrin was created.

Security

Enterprise grade security systems, aren't really any more secure than any standard security system, they tend to be just more complex, and hence ripe for incorrect implementation. You may come up across Citrix, Microsoft Online or Azure Active Directory. If you are lucky, you will have nice OAuth API flow to work with.

Security becomes more important, when sensitive records are kept, such as patient records. Rules, I use, when dealing with sensitive information:

1. Use expiring tokens for authentication. Don't store any username or password.
2. Don't put any decryption key or sensitive information in your code. It's all reverse engineerable, and essentially public.
3. Don't store sensitive information, if you don't have to.
4. If you must store sensitive information, ensure it is encrypted.

The encryption key must be generated by the mobile app, at runtime, then stored securely, such as in the KeyChain or KeyStore, only accessible to the app at runtime.

Offline Usage

B2C apps mostly have the luxury of saying, you must be connected to the Internet, while using the app. B2E apps don't always have that luxury, such as mine sites or Wi-Fi black spots in large buildings, like Hospitals. This means you will need some kind of offline storage. In this scenario, to avoid complications, it is best to always have your app run off the database, with a Synchronization Service, running to provide connection to the API's.

DevOps

DevOps is establishing the set of processes and collaboration between development, management and the businesses IT operations. It is similar to agile, and Continuous Delivery, but adds additional coverage to management and IT operations, that are normally left out of the development loop. DevOps isn't something you will normally find at a small company, but may find at the Enterprise level.

How is DevOps related to Xamarin Forms development? Its not inherently tied to it, but they are some things that you can do to make your life easier.

1. Establish JSON based configuration files, not hard coded configuration. This helps when deploying to different environments, e.g. Testing or UAT.
2. Setup VSTS (or similar) and connect to AppCenter as one of the first things you do.
3. Setup Analytics in your app to record relevant metrics compared to expected outcomes.

Analytics

To delve deeper into analytics, I wanted to mention the absolute importance of them. While I recommend them in all apps, with Enterprise apps, the business has already approved the project based on expected outcomes. Ensure you can tie these expected outcomes to a specific metric.

For example, if the goal was a simple, save employee time. First, establish the baseline, the business is currently experiencing. If filling out a paper based form used to take approximately 2 minutes, then it took another 2 minutes for someone else to copy it into the system, and maybe another 2 minutes to correct any mistakes in recording, on average it takes 6 minutes per form. Ensure you measure the time taken to fill out the form, in the mobile app, and how often it is done. Then you have an exact metric of employee time saved. The business will then tie this to their internal estimates of what an employee's time costs.

Mobile Device Management

When you are at a large company, it's common for the business to have an MDM suite, to manage all their employee's mobile devices. Unfortunately these systems, sometimes don't have any API that can connect up to your automated build process. I still recommend using AppCenter, to provide testing and UAT capabilities, then deploying manually to the MDM, when ready to go to production.