
Required User Seats and User PermissionsUsers will need an on-call seat to log in and access the app.
Download the mobile app
Rootly’s mobile app supports both iOS and Android devices.Download on iOS
Download from the App Store
Download on Android
Download from Google Play
- Open the Rootly app on your device
- Enter your Rootly credentials to log in
Log in to Rootly
Log in to your Rootly account using any of the following methods:- Email address and password
- Google SSO
- Slack SSO
- Third-party identity provider (SAML SSO)
- Android 11+ (SDK 30+)
- iOS 16+
Rootly AI
Rootly AI is built into the mobile app so on-call responders can get up to speed and ask questions from their phone — with an Incident Summary card on every incident’s Details tab and a conversational Rootly AI assistant behind the Ask Rootly launcher. For the full walkthrough — Incident Summary, Rootly AI chat, taking actions, and privacy — see Rootly AI on Mobile.Push Notification
Pages not coming through, or arriving silently? See Notification Troubleshooting for symptom-by-symptom fixes across iOS and Android: Do Not Disturb, battery optimization, calls that don’t ring, and device-specific (Samsung, Pixel, OnePlus) issues.
iOS
- iOS uses critical alerts for high urgency alerts.
Android
Battery-Saving Mode
Users may experience delayed notifications when using battery-saving mode. To resolve this for Rootly, navigate to Settings > Battery > Battery usage > Rootly, and choose Unrestricted. On some devices, this setting might appear as Don’t wake for notifications. Disabling this option can help ensure notifications are received promptly.Samsung
Battery Optimization and App Restrictions: Samsung devices are known to aggressively manage background processes to optimize battery life. When an app is in the background or killed, Samsung’s battery optimization settings can block notifications entirely, or modify their behavior (such as muting sound or vibration). You can check if battery optimization is affecting your app:Go to Settings > Apps > Your App > Battery > Optimize Battery Usage and turn off optimization for your app.
Device-Specific Notification Handling: Some Samsung devices (especially recent ones with One UI) impose additional restrictions on background notifications. You might need to guide users to allow the app to run in the background or turn off restrictions. For this:
Go to Settings > Device Care > Battery > App power management and disable "Put unused apps to sleep" for your app.
China Support
Rootly is available in China in the following stores.
Alternatively you can download the Chinese version here
Intune Support
Rootly’s mobile app supports Microsoft Intune Mobile Application Management (MAM), allowing your organization to enforce App Protection Policies on the Rootly app without requiring full device enrollment (MDM). This means you can protect corporate data on both company-owned and personal (BYOD) devices by controlling actions like copy/paste, screenshots, and selective wipe — all scoped to the Rootly app.How it works
When Intune MAM is enabled for your organization in Rootly:- Users log into Rootly normally (SSO, email, etc.)
- Rootly detects that the organization requires Intune and prompts the user to sign in with their Microsoft work account
- The Intune MAM SDK enrolls the app with your organization’s App Protection Policy
- The app restarts to apply the protection policies
Prerequisites
Microsoft Authenticator is required on user devices because it acts as the authentication broker for Intune MAM enrollment. Without it, the MAM token acquisition will fail.
Step 1: Enable Intune in Rootly
Contact Rootly support or your account manager to enable Intune MAM for your organization. Once enabled, Rootly will set themdm_provider configuration to intune for your team, which activates the Intune enrollment gate in the mobile app.
Step 2: Grant admin consent for the Rootly app registration
Rootly’s mobile app uses a Microsoft Entra ID (Azure AD) app registration to authenticate with MSAL and enroll with the Intune MAM service. Your tenant admin must grant consent for this app. Rootly App Registration:- Client ID:
8a50cf17-45cf-41d2-8e32-2fe6fa0c5baf - App Name: Rootly (may appear as “Rootly [Dev]” in sign-in logs)
1
Open Entra ID Enterprise Applications
In the Microsoft Entra admin center, go to Identity > Applications > Enterprise applications.
2
Search for the Rootly app
Search for the Rootly client ID:
8a50cf17-45cf-41d2-8e32-2fe6fa0c5baf.If the app does not appear, you will need to grant admin consent first (see next step).3
Grant tenant-wide admin consent
Open the following URL in your browser, replacing Sign in as a Global Administrator or Application Administrator and accept the requested permissions.
{TENANT_ID} with your Entra tenant ID:4
Verify permissions
After granting consent, go back to Enterprise applications > Rootly > Permissions. Confirm that the following permissions are granted:
- Microsoft Graph:
User.Read(delegated) - Microsoft Mobile Application Management: device management permissions (delegated)
Step 3: Add Rootly to your App Protection Policy
1
Open Intune App Protection Policies
In the Microsoft Intune admin center, go to Apps > App protection policies.Select the iOS/iPadOS policy you want to apply to Rootly (or create a new one).
2
Add Rootly as a custom app
In the policy, go to Properties > Apps > Edit. Under Custom apps, click Select custom apps and add:
- Bundle ID:
com.rootly.app - Platform: iOS/iPadOS
com.rootly.app.3
Assign users or groups
Under Assignments > Included groups, ensure the users who need Rootly are included in this policy’s target groups.The policy must target both the app (bundle ID) and the user/group. Adding the app without assigning users will not activate the policy.
4
Wait for policy sync
Policy changes can take up to 8 hours to propagate to devices. Typically this takes 30 minutes to 2 hours.Users can force a sync from Company Portal > Settings > Sync on their device.
Step 4: User login flow
Once everything is configured, the end-user experience is:1
Log into Rootly
Open the Rootly app and sign in using your organization’s SSO (or email/password).
2
Microsoft sign-in prompt
After Rootly authentication, the app detects that your organization requires Intune and displays the “Organization Sign-In Required” screen. Tap Sign in with Microsoft.
3
Authenticate via Microsoft Authenticator
The Microsoft Authenticator app opens. Select your work account and complete MFA if prompted.
4
App restart
After successful enrollment, the app restarts to apply the App Protection Policies. This restart is required by the Intune MAM SDK and only happens on first enrollment.
Supported platforms
Intune MAM works on both managed (MDM-enrolled) and unmanaged (BYOD) devices. Full device enrollment via Company Portal is not required for app-level protection.
Managed app configuration (Android)
Rootly’s Android app reads managed app configuration (AppConfig) pushed from Intune. AppConfig is how your tenant signals to Rootly that the app is operating in a managed context, and how you enable behaviors that require tenant intent — such as routing SSO through your APP policy’s managed browser.When to push AppConfig
- You are on a BYOD / MAM-only deployment (no Work Profile) and want Rootly’s SSO launch to honor your APP policy’s managed-browser redirect (e.g. to Microsoft Edge). Without AppConfig, Rootly cannot tell that Intune is governing the app and falls back to the system default browser, which the MAM policy cannot intercept.
- You use per-app VPN scoped to Rootly and need authentication traffic to stay inside the app process. See
use_in_app_browserbelow.
Supported keys
How to push AppConfig
In the Microsoft Intune admin center:1
Create an app configuration policy
Go to Apps > App configuration policies > Add > Managed apps. Choose Android, then add
com.rootly.app as the targeted app.2
Add the configuration keys
Under Configuration settings, add the keys you need from the table above. For example, to opt into the in-app browser:
- Configuration key:
use_in_app_browser - Value type:
Boolean - Configuration value:
true
3
Assign to users or groups
Under Assignments, target the same users or groups that have your APP policy assigned.
Intune troubleshooting
MSALErrorDomain error -50002 (iOS)
This error means the Intune MAM SDK could not acquire a token for the Microsoft Mobile Application Management service. Common causes:
To diagnose, ask your Entra ID admin to check Sign-in logs for the user and look for entries where the Resource is “Microsoft Mobile Application Management” with status “Interrupted”. The error code (e.g.,
AADSTS65001) will identify the exact cause.
App Protection Policy not applying
If the Rootly app is enrolled but policies don’t seem active (e.g., screenshots still work):- Verify the policy’s Data protection settings are configured as expected
- Check that the user appears in the Intune admin center under Apps > Monitor > App protection status with
com.rootly.appshowing “Checked in” - If
com.rootly.appdoes not appear in the check-in list, enrollment did not complete. Re-trigger by signing out of Rootly and signing back in
Enrollment works but app keeps asking to sign in
This can happen if the MSAL token cache was cleared (e.g., after an app update or device restart). The Rootly app automatically attempts to re-enroll silently on launch. If silent re-enrollment fails:- Ensure Microsoft Authenticator is still installed and signed in
- Tap Sign in with Microsoft to re-authenticate
- If the issue persists, sign out of Rootly completely and sign back in