Mobile security FAQs
The ThoughtFarmer mobile app is a hybrid application; it consists of some native mobile application code, but also relies on responsive mobile web technology to present the content. This allows ThoughtFarmer to provide a consistent core functionality across desktop web, mobile web, and mobile app, while leveraging the unique strengths that each platform provides.
1. How does authentication work with the mobile app?
The native mobile app uses the same authentication methods as the web application. The login providers that are supported for native mobile app include ThoughtFarmer internal, Windows AD (form-based), Azure, Google, and Okta. Windows Integrated Authentication (also known as Windows SSO) is not supported on the native app. We recommend setting up a Forms-based authentication method. For customers using Google and Microsoft Office365 cloud drive integrations, authentications and access to the files are handled by native authentication dialogues which are provided by the vendors.
2. Does the app support biometrics security? (FaceID, TouchID)
The mobile app does not currently support biometrics security. Support for FaceID and TouchID is on our roadmap.
3. What data is stored locally on the device?
Other than your intranet URL, the app does not store or cache any content pages locally on-device. Some static assets like js/css files and images, and the HTTP authentication cookie, are stored locally by the OS' webview, as is the case for mobile web browser. The ThoughtFarmer app does not store this information explicitly. All intranet content is securely encrypted and stored on the server database.
4. Does the app store any access tokens on-device to access the backend?
No.
5. What security is used for communications between app and server?
The native app uses HTTPS connections to ThoughtFarmer Cloud. All communication is encrypted. For self-hosted customers, please ensure HTTPS is enabled on your ThoughtFarmer instance with an approved third party SSL certificate (not self-signed certificate).
6. What OS permissions are required by the app?
The app requires the minimum level of permissions to work properly. On iOS, the app needs permissions to send you notifications, and to access the device camera to take photos and videos. On Android, the app needs permissions to send you notifications, access the device camera, and write to device file storage when downloading images and documents. The user can grant or revoke these permissions at any time per device.
7. How can I prevent users from logging into the app from public locations? (eg. outside corporate firewall)
If you are a self-hosted customer, you can deploy ThoughtFarmer behind the DMZ and prevent external access. Alternatively, you can specify an allowed-list of originating request IP's.
8. How can I allow a group of users to log in to the app while preventing others? (segmented access)
If you are using a third-party authentication provider such as Windows AD, Azure, or Google, you can create different groups of users in the third-party provider. You can then map the groups to different instances of login providers in ThoughtFarmer. For each login provider instance, you can decide which "platform" it will be used for: web browser, mobile app, or both. To learn more, see How to set up login providers.
Example:
Windows AD groups |
TF login provider instance |
Platform(s) |
Office workers |
Windows AD - Office workers |
Web browser |
Mobile workers |
Windows AD - Mobile workers |
Web browser, native app |
Comments
0 comments
Please sign in to leave a comment.