Configure mobile authentication

The Verint Mobile Gateway provides an interface between a Verint solution (for example, WFO) and the mobile client applications (iOS or Android-based). To ensure secure sign-in to mobile applications, each mobile application must be authenticated.

Form authentication

By default, the authentication method is Form, which requires users to enter credentials unique to this system.

OpenID authentication

Although Form authentication is the default for a new system, you can define other methods that use the OpenID authentication protocol. When OpenID authentication is defined:

  • The user logs on to the Mobile Client Application and is directed to an Identity Provider (IdP).

  • The IdP performs authentication and redirects the user back to the mobile client application with an IdP token.

  • The access token grants the user permission to sign in to the application, without sending their credentials.

  • The access token is switched to a session token once the sign-in is complete.

Before you begin 

You must have the Configure Mobile Authentication Method privilege Permissions associated with each role that define the features of the application a user is able to view and the functionality in the application the user can access. to complete this procedure. (This privilege is available at Framework - System Management Module that allows performing suite-wide system management activities from a single, Web-based application, the Enterprise Manager. - Configure Feature Settings - Configure Mobile Authentication Method on the Roles Setup page.)

Procedure 

  1. Go to System Management. Under General Settings, select Feature Settings.

  2. Select the Mobile Authentication Method tab.

  3. Select an authentication method. The default authentication method is Form.

  4. Configure the Application Authentication Properties for the authentication application.

  5. To save the page settings, click the Save icon in the upper right corner of the page.

Application Authentication Properties settings

Each authentication application defined must include specific settings. The settings required depend on the selected authentication method.

 

Form Method

Property

Description

Method

The default authentication method for a new system or tenant is Form. The Form authentication method requires the user to provide credentials in the Sign In page that are checked against credentials stored and managed in the application.

Provider

When the selected Method is Form, this field defaults to DB Realm.

OpenID Method

Property

Description

Method

Options are Form or Open ID. The default authentication method for a new system or tenant is Form. Open ID directs authentication to an Identity Provider (IdP) that holds the user credentials.

Provider

The Identity Provider (IdP) that holds the user credentials. When the selected method is Open ID, this field defaults to Azure AD. Available options are Auth0, Azure AD, Generic, Google, Okta, PingFederate, OneLogin and ADFS. If the name of your IdP does not appear in the list, select Generic. The Generic option allows you to configure any other OIDC provider that follows the OIDC 1.0 standards.

Username claim

The claim in the id_token that provides a value for the user name in WFO. For Azure, this is the UPN (User Principal Name); for Google OpenID, this is the email address. Okta uses preferred_username.

  • Custom - Select this check box to use a custom claim name. The custom claim name is used to validate the ID token used in the authentication of the user with the WFO application. When this option is selected, the username claim becomes a free text field limited to 100 characters.

  • User authenticates with different username – Select this option to have the mobile client use an alternate username to authenticate with the IdP. In this scenario, the mobile client uses a different username to authenticate with the IdP than is used to authenticate with the WFO application.

Discovery Document URL

The system uses the Discovery Document URL to retrieve the various end-points, required to validate the IdP Access token.

For Example: https://login.microsoftonline.com/{IdP_tenant}/.well-known/openid-configuration.

The Discovery Document URL, and the jkws_uri that is obtained from the Discovery URL response, must be accessible from the application server.

Application ID

A unique ID assigned to the authentication application when it is registered with the IdP. For example, 6731de76-14a6-49ae-97bc-6eba6914391e or 0oabucvyc38HLL1ef0h7.

Bundle ID

The Bundle ID or Package Name is a string that the (IdP) uses to validate the identity of the invoking application. The Bundle ID for each authentication application that you create must be unique, and according to guidance in the OIDC customer requirements, for example, com.verint.teamview

Redirect URI

The URI that the IdP uses to redirect back to the mobile application following a successful signin attempt.

For example: com.verint.workview://oauthredirect or com.verint.teamview://oauthredirect.

Actions

The Delete icon removes the current row,

Related information 

Configure mobile with DB Realm authentication (Authentication Guide)

Configure mobile OpenID method authentication settings (Authentication Guide)

Verint Mobile Gateway (Technology, Security & Network Integration Deployment Reference Guide)