In April 2020, I announced the launch of the Archer Mobile app for the iOS and Android platforms. The app is used by our customers and end users today to view and complete Advanced Workflow tasks assigned to them by letting them easily edit a record and add additional information. While this has been helpful for our end users, an important feature which was missing in the app was to allow users to login via single Sign-on (SSO).
Today, I am pleased to announce the release of Archer Mobile version 1.3 which provides the capability to login via SSO using ADFS as the Service Provider. ADFS facilitates communication with the IDP (ID Provider) using SAML protocol for authentication. Customers who are using ‘Federation’ as the Single Sign-On mode in ACP (Archer Control Panel) will be able to benefit from this enhancement. Users need to be on Archer Release 6.9 SP1 Patch 2 or above to seamlessly login to the app using the existing federated SSO infrastructure.
No additional configuration on top of the existing ACP configuration (setting up Single Sign-On mode as Federation) is required to use SSO on the mobile app. The enhancement allows support of multiple IDPs so that users can login via the IDP of their choice. If manual bypass is enabled in the ACP, users can choose to login manually as well.
How to login via SSO
First time users will be asked to enter Instance details and Archer URL within the app. This can be done by either entering the details manually or by scanning the QR code available in ‘User Profile’ page of Archer.
Once the Instance information is validated, the system will identify if the user is an SSO user or a manual login user. Manual login users will be taken to the login page to enter their username and password.
SSO users will be taken to the IDP selection page where they can choose the IDP they want to use to login. In case there’s only one IDP, users will be directly taken to their organization’s authentication page.
Once successfully authenticated, users will be taken to the home page of the mobile app.
For any subsequent login, users will be directly taken to the home page as long as the IDP token is valid. Once the token has expired, the user will again be taken to the organization’s authentication page.
Below you will see some sample screenshots of this SSO login flow.
Figure 1 - Instance Information Figure 2 - IDP selection
Figure 3 - Organization's login Figure 4 - Archer Mobile home page
Please use the comments section to ask any queries you may have regarding the new Single Sign-On capabilities. I will also be highlighting this information in this Friday’s Free Friday Tech Huddle (February 5th). Please register and join us for a demo and discussion of this feature. If you missed any of the previous demos, you can find the replays atFFTH Replayspage.