Extended authentication

 

Extended authentication allows users to enter the host system through the mobile app without logging in during a set period of time (the “extended authentication period”).

The feature uses the host system’s identify provider (IdP) to provide a token to an authenticated user upon login. The feature is available for organizations that use host authentication or their own IdP.

If an authenticated user’s session times out or if the user closes the app, the user can reenter the system without logging in. If the user actually Signs Out (as opposed to closing the app or the session timing out), the token expires and a login will be required on the next attempt into the system from the app.

Note: It is a best practice to always dismiss the app when you are finished using it. If an error message appears when the app is launched from the background, simply dismiss the app and reopen it.

Extended authentication saves the user from having to log in multiple times to access the host system from the mobile app on the device. The process, however, leaves open the possibility that anybody could use an “authenticated” device and could access the system by simply tapping the app icon. Local Authentication can be used to provide an added layer of security, protecting the user account on authenticated devices.

 

Extended Authentication is set up through the Logon Profile. If a user’s Login Profile enables Extended Authentication, the user can enter the server without logging in during the authentication period.

Login Profiles are located in Administration - Application Setup - Access Profiles - Logon Profiles

Select the Mobile App Settings tab and set the following fields:

  • Extended Authentication - Set to Enable / Disable
  • Extended Authentication Period - Set in Days or Hours - Maximum allowed period is 7 days (168 hours).

 

An Administrator has the ability to expire a token before its expiration period has elapsed. This need could arise, for example, if a user lost his mobile device. If a device is lost, it would be prudent to expire any tokens associated with that user.

To expire a token, the administrator can go to the People Information and disable the account of the user (by changing the Effective Date for example). This action will immediately invalidate all tokens associated with that user and the administrator can then re-enable the account.