Skip to main content
Mitratech Success Center

Client Support Center

Need help? Click a product group below to select your application and get access to knowledge articles, webinars, training content, and release notes or to contact our support team.

Authorized users - log in to create a ticket, view tickets status and check your success plan details.

 

O-Auth Support to IDP Login

  1. Last updated
  2. Save as PDF

1. O-Auth Support to IDP Login 

The CMO application provides a secure login for its users by introducing an open standard authorization framework (O-Auth) to its clients. It helps the users by collecting limited user data without giving away the user’s password.

1.1 Definition 

O-Auth is an open standard authorization framework or protocol where unrelated servers can safely allow authenticated access to their assets without actually sharing the login credentials.

1.2 Why O-Auth? 

O-Auth allows single sign-on (SSO) instead of providing a username and password to the server for each request. In this scenario the end user talks to their Identity Provider (IDP) where the IDP generates access tokens and hands it to the application to authenticate the user. The application then allows the user to log in after the user is authenticated.

2. OpenID Connect

In CMO, the O-Auth is maintained by introducing the OpenID Connect infrastructure where it acts as a layer. With OpenID Connect, the clients can verify the end user based on the authentication performed by an authorization server.

3. Version Support for O-Authentication

The O-Authentication support for IDP login is being introduced by the CMO application from version R2106 provided the client-side server supports IDP login.

3.1 Bypassed O-Authentication for Existing Users 

For existing CMO application users upgraded to version R2106 and the user side server doesn’t support O-authentication, the CMO application bypasses support for O-authentication. These users will continue providing username and password for CMO application login which is based on the client URL.

3.2 O-Authentication Support for Existing Users 

For existing CMO application users upgraded to version R2106 and the user side server supports O-authentication, the CMO application redirects the user to the IDP page that supports single sign-on. Based on the client URL provided during the CMO application login, the system recognizes the client-server that supports O-authentication.

4. User Authentication

The CMO application verifies the user and authenticates for the first-time login. The user has to provide a username and password on the IDP page. The IDP settings are configured by the admin from the web end. The IDP login page may be the same or different from company to company.

Note:

  • When the user tries to log in to the CMO application, the login page redirects to the client's IDP for initial authentication.
  • When the user logs out of the application and re-login, the system prompts the user to enter credentials in the IDP page again for user authentication.
  • If the user closes the application (without logging out) and re-launches the application, the user can log in to the application just by using device security settings like Screen Lock (pin/password/pattern/swipe) and Fingerprint (biometric) in offline and online mode.
  • When the application is used in offline mode, all the data will be synced to the server and the user is authenticated when the device is connected to the internet.

 

4.1 Initial User Authentication in Mobile

  1. Go to the CMO mobile application.
  2. Enter the company web address for the CMO and click Submit.
  3. The user gets redirected to the Single Sign-On (SSO) login page. Click on the SSO Login button.

clipboard_eef8cb0f5e30e7886b39d24dc7ef55401.png

4. The application redirects the user to the IDP page to enter the username and password for authentication.

5. Enter the email id, and password and click Next.

Note: The email id used to create the user in the CMO application has to be provided in the username section.

  1. The user is prompted to check if the device is connected to the internet to authenticate. The user must be connected to the internet.

  2. Click Yes. The user is authenticated and the mobile app gets synchronized with the web app.
  3. For the second time login, the user doesn’t have to provide username and password. The user goes through SSO login and directly lands on the mobile application homepage.
  4. The CMO application asks the user to authenticate in the following scenarios after the initial authentication.
  • When the mobile token expires.
  • When mobile token revoked from web end (Admin can revoke for a specific user).
  • When a user logs out of the application and re-login

4.1.1 Offline Mode 

The CMO mobile application user can log in in the offline mode. For the authentication of the user to happen, the user must connect to the internet. The user can still log in if there is no internet.

Before the implementation of the O-Auth, in the offline mode, the user is authenticated by comparing the username and password credentials provided in the login fields and the data existing in the database. But, after the implementation of the O-Auth, in the offline mode, the user will be authenticated using device security settings where the user can log in by providing a pin or biometric (fingerprint) scan.

For the first time, when the user logs into the CMO application, the system prompts to set up a security lock for the application with a pattern or password or pin or fingerprint.

  1. CMO application prompts the user with a Warning message.
  2. Click OK. The user will be redirected to the Device Security Settings page on the mobile.
  3. Depending on the type of security, the user can choose Fingerprint or other Screen lock options available in the settings.
  4. The user then lands on the CMO mobile application homepage.
  5. After the initial setup, when the user closes the application and logs in again, the application authorizes the user when the device is connected to the internet but the user will be able to log in to the application in the offline mode.