Configure Authentication Providers for Mobile Devices with a QR Code

This topic shows how to configure the authentication providers for mobile devices with a QR code.

Background and Setup

Video: Configure the Out-of-the-Box Mobile App

Prerequisites

How to Start

  1. Click Settings.

    Settings
  2. Click Mobile > QR Code Configuration.

    QR Code Configuration screen
  3. On the Edit Mobile QR Code Configuration screen, in the Select Authentication Providers For Your Mobile App, select the authentication provider for the AgilePoint NX mobile app.

    Select Authentication Provider

AgilePoint ID

Configures AgilePoint NX account authentication for your mobile app.

Figure: AgilePoint ID Configuration screen

AgilePoint ID Configuration screen

Fields

Field NameDefinition

Use JWT Authentication

Function:
Specifies whether to use JSON Web Token (JWT) for AgilePoint NX account authentication as an alternative to the basic authentication.
To Open this Field:
  1. Click AgilePoint ID.
Accepted Values:
  • On - Specifies JWT authentication for AgilePoint ID authentication.
  • Off - Specifies basic authentication for AgilePoint ID authentication.
Default Value:
Off
Limitations:
This field is available in these releases:

Audience URL

Function:
Specifies the AgilePoint Portal Instance URL.

This field completes by default.

To Open this Field:
  1. Click AgilePoint ID.
  2. Turn on Use JWT Authentication.
Accepted Values:
AgilePoint NX Portal Instance URL.

For more information, refer to Find your Portal Instance URL.

Default Value:
None
Limitations:
This field is available in these releases:

Active Directory

Configures Active Directory authentication for your mobile app.

Figure: Active Directory Configuration screen

Active Directory Configuration screen

Fields

Field NameDefinition

Domain

Function:
Specifies the name of your Active Directory domain.
To Open this Field:
  1. Click Active Directory.
Accepted Values:
A valid Active Directory domain name.
Default Value:
None
Limitations:
This field is available in these releases:

Use JWT Authentication

Function:
Specifies whether to use JSON Web Token (JWT) for Active Directory authentication as an alternative to the basic authentication.
To Open this Field:
  1. Click Active Directory.
Accepted Values:
  • On - Specifies JWT authentication for Active Directory.
  • Off - Specifies basic authentication for Active Directory.
Default Value:
Off
Limitations:
This field is available in these releases:

Audience URL

Function:
Specifies the AgilePoint Portal Instance URL.

This field completes by default.

To Open this Field:
  1. Click Active Directory.
  2. Turn on Use JWT Authentication.
Accepted Values:
AgilePoint NX Portal Instance URL.

For more information, refer to Find your Portal Instance URL.

Default Value:
None
Limitations:
This field is available in these releases:

Amazon Cognito

Configures Amazon Cognito authentication for your mobile app.

Figure: Amazon Cognito Configuration screen

Amazon Cognito Configuration screen

Fields

Field NameDefinition

Client ID

Function:
Specifies the client ID for your Amazon Cognito service.
To Open this Field:
  1. Click Amazon Cognito.
Accepted Values:
One line of text (a string).

Accepted:

  • Letters
  • Numbers
Default Value:
None
Limitations:
This field is available in these releases:

Authority

Function:
Specifies the Amazon Cognito service URL.
To Open this Field:
  1. Click Amazon Cognito.
Accepted Values:
One line of text (a string).

Format:

  • URL
Default Value:
None
Limitations:
This field is available in these releases:

User Impersonation Scope URL

Function:
Specifies the URL for the user impersonation scope you added in Amazon Cognito.

This URL is used to validate whether the access token is issued from Amazon Cognito to grant access to AgilePoint Server.

To Open this Field:
  1. Click Amazon Cognito.
Accepted Values:
One line of text (a string) in URL format.

The URL must be in the following format:

[AgilePoint Server REST URL]/user_impersonation

user_impersonation is the suggested value from AgilePoint for the Allowed Custom Scopes configuration in Amazon Cognito. This value may be different in your enviornment.

Default Value:
None
Example:
https://myagilepointnxdomain.com/AgilePointServer/user_impersonation
Limitations:
This field is available in these releases:

MS Azure Active Directory

Configure Microsoft Azure Active Directory account authentication for your mobile app.

Figure: MS Azure Active Directory Configuration screen

Windows Azure Active Directory Configuration screen

Fields

Field NameDefinition

Client ID

Function:
Specifies the client ID of the app you added in Microsoft Azure Active Directory.
To Open this Field:
  1. Click MS Azure Active Directory.
Accepted Values:
One line of text (a string).

Accepted:

  • Letters
  • Numbers
Default Value:
None
Limitations:
This field is available in these releases:

Return URL

Function:
Specifies the callback URL from the connected AgilePoint NX mobile app.
To Open this Field:
  1. Click MS Azure Active Directory.
Accepted Values:
One line of text (a string) in URL format.
Default Value:
None
Limitations:
This field is available in these releases:

Resource

Function:
Specifies a unique universal resource identifier (URI) for your AgilePoint NX mobile app. The URI must be in a verified custom domain for an external user to grant your app access to their data in Microsoft Azure Active Directory account.
To Open this Field:
  1. Click MS Azure Active Directory.
Accepted Values:
The Microsoft Graph API URL for your language.
Default Value:
None
Limitations:
This field is available in these releases:

Use Microsoft Authenticator App Only for iOS

Function:
Specifies whether to sign in to Microsoft Azure Active Directory with the Microsoft authenticator app for the iOS mobile app for AgilePoint NX.
To Open this Field:
  1. Click MS Azure Active Directory.
Accepted Values:
  • Selected - Sign in to Microsoft Azure Active Directory with the Microsoft authenticator app for the iOS mobile app.
  • Deselected - Sign in to Microsoft Azure Active Directory with Microsoft Azure Active Directory account for the iOS mobile app.
Default Value:
Deselected
Limitations:
This field is available in these releases:

MS Azure AD China

Configure authentication for the China edition of Microsoft Azure Active Directory for your mobile app.

Figure: MS Azure Active Directory China Configuration screen

Windows Azure Active Directory China Configuration screen

Fields

Field NameDefinition

Client ID

Function:
Specifies the client ID of the app you added in the China edition of Microsoft Azure Active Directory.
To Open this Field:
  1. Click Azure AD China.
Accepted Values:
One line of text (a string).

Accepted:

  • Letters
  • Numbers
Default Value:
None
Limitations:
This field is available in these releases:

Return URL

Function:
Specifies the callback URL from the connected AgilePoint NX mobile app.
To Open this Field:
  1. Click Azure AD China.
Accepted Values:
One line of text (a string) in URL format.
Default Value:
None
Limitations:
This field is available in these releases:

Resource

Function:
Specifies a unique universal resource identifier (URI) for your AgilePoint NX mobile app. The URI must be in a verified custom domain for an external user to grant your app access to their data in Microsoft Azure Active Directory account.
To Open this Field:
  1. Click Azure AD China.
Accepted Values:
The Microsoft Graph API URL for your language.
Default Value:
None
Limitations:
This field is available in these releases:

Use Microsoft Authenticator App Only for iOS

Function:
Specifies whether to sign in to the China edition of Microsoft Azure Active Directory with the Microsoft authenticator app for the iOS mobile app for AgilePoint NX.
To Open this Field:
  1. Click MS Azure AD China.
Accepted Values:
  • Selected - Signs in to the China edition of Microsoft Azure Active Directory with the Microsoft authenticator app for the iOS mobile app.
  • Deselected - Signs in to the China edition of Microsoft Azure Active Directory with Microsoft Azure Active Directory account for the iOS mobile app.
Default Value:
Deselected
Limitations:
This field is available in these releases:

PingFederate

Configures PingFederate authentication for your mobile app.

Figure: PingFederate Configuration screen

PingFederate Configuration screen

Fields

Field NameDefinition

Client ID

Function:
Specifies the client ID of the app you added in PingFederate.
To Open this Field:
  1. Click PingFederate.
Accepted Values:
One line of text (a string).

Accepted:

  • Letters
  • Numbers
Default Value:
None
Limitations:
This field is available in these releases:

Authority

Function:
Specifies the PingFederate service URL.
To Open this Field:
  1. Click PingFederate.
Accepted Values:
One line of text (a string).

Format:

  • URL
Default Value:
None
Limitations:
This field is available in these releases:

User Name Claim Type

Function:
Specifies the claim type to use to retrieve information about the authenticated user.
To Open this Field:
  1. Click PingFederate.
Accepted Values:
One line of text (a string) that represents the claim type.
Default Value:
None

Salesforce Production

Configure Salesforce production environment authentication for your mobile app.

Figure: Salesforce Configuration screen

Salesforce Configuration screen

Fields

Field NameDefinition

Consumer Key

Function:
Specifies the Consumer Key.

For more information, refer to (Example) How to Get the Access Token Credentials from Salesforce.

To Open this Field:
Click Salesforce Production.
Accepted Values:
A valid consumer key from Salesforce.
Default Value:
None
Limitations:
This field is available in these releases:

Callback URL

Function:
Specifies the callback URL from your connected mobile app.
To Open this Field:
Click Salesforce Sandbox.
Accepted Values:
One line of text (a string).

Format:

  • URL
Default Value:
None

Salesforce Sandbox

Configure Salesforce development environment authentication for your mobile app.

Figure: Salesforce Sandbox Configuration screen

Salesforce Sandbox Configuration screen

Fields

Field NameDefinition

Consumer Key

Function:
Specifies the Consumer Key.

For more information, refer to (Example) How to Get the Access Token Credentials from Salesforce.

To Open this Field:
Click Salesforce Sandbox.
Accepted Values:
A valid consumer key from Salesforce.
Default Value:
None
Limitations:
This field is available in these releases:

Callback URL

Function:
Specifies the callback URL from your connected mobile app.
To Open this Field:
Click Salesforce Sandbox.
Accepted Values:
One line of text (a string).

Format:

  • URL
Default Value:
None

IdentityServer

Configure IdentityServer account authentication for your mobile app.

Figure: IdentityServer Configuration screen

IdentityServer Configuration screen

Fields

Field NameDefinition

Client ID

Function:
Specifies the client ID of the app you added in IdentityServer.
To Open this Field:
  1. Click IdentityServer.
Accepted Values:
One line of text (a string).

Accepted:

  • Letters
  • Numbers
Default Value:
None
Limitations:
This field is available in these releases:

Authority

Function:
Specifies the IdentityServer server URL.
To Open this Field:
  1. Click IdentityServer.
Accepted Values:
One line of text (a string).

Format:

  • URL
Default Value:
None
Limitations:
This field is available in these releases:

Okta

Configure Okta account authentication for your mobile app.

Figure: Okta Configuration screen

Okta Configuration screen

Fields

Field NameDefinition

Client ID

Function:
Specifies the client ID of the app you added in Okta.
To Open this Field:
  1. Click Okta.
Accepted Values:
One line of text (a string).

Accepted:

  • Letters
  • Numbers
Default Value:
None
Limitations:
This field is available in these releases:

Issuer URI

Function:
Specifies the URI of the Okta server.
To Open this Field:
  1. Click Okta.
Accepted Values:
One line of text (a string).

Format:

  • URL
Default Value:
None
Limitations:
This field is available in these releases:

Google Workspace

Configure Google Workspace authentication for your mobile app.

Figure: Google Workspace Configuration screen

Google Plus Configuration screen

Fields

Field NameDefinition

Consumer Key

Function:
Specifies the Consumer Key for your connected mobile app.

You get the Consumer Key from Google Workspace.

To Open this Field:
Click Google Workspace.
Accepted Values:
A consumer key from Google Workspace.
Default Value:
None
Limitations:
This field is available in these releases:

Callback URL

Function:
Specifies the callback URL from your connected mobile app.
To Open this Field:
Click Google Workspace.
Accepted Values:
One line of text (a string).

Format:

  • URL
Default Value:
None