Posted: 13 Feb 2017 17:54 EST Last activity: 2 Mar 2017 5:41 EST
Authentication in Pega Mobile
Can you point me to resources to handle possible options for Authentication on a Custom Mobile App (Hybrid). Can we keep the User Logged on like its usually done for other hybrid apps like Facebook Mobile app
My Customer is using Federated Authentication using F5 and SAML 2. When the end users tries to logon to Pega, it is directed to F5 Login screens. Do you see any issues with a Custom Mobile Application
Here's the summary of this discussion which continued on the Ask the Expert session.
Question: My Customer uses SAML 2. Login screen is provided by F5. There is a offline mobile requirement - user should be capable of updating a assignment or create a case. I wanted to know what options do we have for the offline mobile app in the context of SAML 2 Authentication.
If the User Logs-in while the User is online and downloads the worklist, Can we still use the offline capability without requiring to re-login. Can the user remain logged in to the mobile app thereby avoiding the re-login
Answer: Currently we don't have the ability to opt for online log in only. It is possible to use SAML, but you would need to have the log in page served from Pega and just integrate with your SAML via services. We have had a customer successfully do this for their offline app.
Question: In the context of the above question around SAML 2 and Offline Capability, I want to ask the following scenario :-- the user downloads the Worklist while being on Online and then goes offline. While the user is offline, Can he create cases or work on worklist assuming that the required Offline configuration in Access Group and Cases has been done. If the authentication is through SAML 2, will it pose a challenge. While I expect the offline features to work similar to the scenario where Pega handles the authentication. Please note that I am not able to try out this option as a POC at the moment at the customer site and I am required to forecast the possible issues
Answer: Assuming that their access group is offline enabled and the case is offline enabled, they will be able to create and process work offline. Offline work is stored in a secure database on the device. When they reconnect to the server, if their saml token has expired, they will be required to login before their work is sent to the server.