We are in the process of updating our Active Directory SSO to include Microsoft Azure and we'd like to know if the LF Mobile app can be configured to look at Azure for SSO?
Yes, the LFMobile apps can work with Azure SAML for SSO on all three mobile platforms.
Is there an article you can reference that would provide information on how to set it up?
Thanks for the white paper; I'm sure it will come in handy for my VAR and my network administrator.
It's a bit over my head and doesn't really explain the impact on the mobile application login. Is it relatively transparent?
@Francis Gu
Does it provide any additional functionality for mobile authentication, such as biometrics/FaceID, or the ability to keep the user logged in?
@████████
Does it provide any additional functionality for mobile authentication, such as biometrics/FaceID, or the ability to keep the user logged in?
Yes, LF Mobile app supports biometrics/FaceID, or the ability to keep the user logged in.
None of those features work in our environment, and I was under the impression that it's because we use SSO and those features are for non-SSO. So, my question is if we switch from Active Directory to Azure, will any of those features be supported? Or are those features strictly for native LF user credentials? If those features are not supported except with native LF accounts, when can we expect to see these features added for SSO environments?
@████████. Hi, can you please review/answer my last post? Thank you!
Hi Mike, sorry for the late response. Yes, those features are only for non-sso. If you switch to Azure, they still won't be supported for sso. And like you said, they are only supported for native LF accounts at the moment.
It's in our backlog. Although there is no timeline planned out for this, I'll see if we could prioritize the request.
@████████. Thank you for your response. I (and many others!) would be very happy if these features could be a higher priority. This is probably the number one question I get from my users when it comes to the mobile app; "can I stay logged in?", and the second most popular question is "Can I use FaceID or thumb print?". My company would be extremely thrilled if these features worked with SSO.
@████████ I want to give you an update and some additional info on this. We definitely haven't forgotten about this request.
To support this feature, Mobile currently depends on LFDS to allow apps to generate private credentials("user-key") authentication first. But unfortunately it had to be deprioritized a lot on the LFDS side.
@████████ - Why was it deprioritized? Can you explain a little further how LFDS allows apps to generate user-key authentication and why that presents a challenge for adding the ability to keep the user logged in and the ability to use FaceID/biometric authentication? I would really appreciate a more detailed explanation please.
Thank you.
@████████
As we no longer use a native API (like LMO for LFDS) to login, instead we use the LFDS login page, so we cannot cache user credentials. Even if we did screen scraping and got the credentials from your login pages, that would be less than ideal. In banking apps if I change my account password, my biometric credentials still work.
Therefore, what we suggested is LFDS to allow applications to generate private credentials, which are basically random strings with a key. These could be cached securely (in secure vaults like the iOS keychain) and never shared with other applications.
As for the prioritization, according to LFDS, they cannot prioritize it until they get more people on their team. But they have been aware of this request and it's also on their roadmap.
Nevertheless, both teams completely understand why customers want this. It would be great and truly improve user experience. I will follow up on this and keep you posted once any timeline is available.
Let me know if you have any other questions.
@████████ - Thank you for the additional details. I would really appreciate it if you continue to keep me in the loop. I have high level VPs and company owners who are asking me about this on a regular basis. It would be really helpful if even the most basic functionality to help them log in faster could be added to the mobile app. For example, if the app could cache their SSO credentials and keep the login form populated with those credentials, then it would make signing in to the app a lot more user friendly.
@████████ No problem at all. I'll keep you in the loop for any updates. In fact, we've also received the same request from other customers at Empower. Hopefully we'll see this happen soon.
At the meantime, Mobile will explore if there is other possibility to make the login faster. Thanks for the valuable feedback. It's much appreciated.
