Configure OAuth for Field Management Mobile

The OAuth authorization framework allows you to enable secure logins on the mobile app via your identity service provider.

In order to enable OAuth for the mobile app, your System Admin must complete the following setup.
Important: OAuth is a third-party option for configuring secure logins for Field Management Mobile. Logging in via OAuth is not the same as logging in via Viewpoint ID. At this time, Viewpoint ID logins do not transfer to Field Management Mobile.
  1. In the web portal, select Admin > Portal Settings > Field Management Mobile.
  2. Select the Show Advanced Settings checkbox at the top of the page.
  3. Expand the General Configuration section.
  4. In each of the following portal settings, enter the information that your identity service provider has given to your organization:

    • URL of the OAuth Identity Server: Enter the URL for the server that your identity service provider will use to authenticate your mobile users.

    • Client ID used for OAuth Bearer Token: Select the Change button for this setting, and enter the client ID that your identity service provider assigned to your organization.

      Note: Each time you select the Change button, the existing client ID is cleared from this setting, and a new one must be entered.
    • Client Secret used for OAuth Bearer Token: Select the Change button for this setting, and enter the client secret that your identity service provider assigned to your organization.
      Note: Each time you select the Change button, the existing client secret is cleared from this setting, and a new one must be entered.

    • OAuth Identity Server Scopes: Enter the list of server scopes (separated with spaces) for your identity service provider. This setting defaults to: openid email profile offline_access.

    • OAuth Identity Server Well-Known-Configuration Path: Enter the path for your identity service provider's well-known configuration file. This setting defaults to: .well-known/openid-configuration.

  5. To require that users log in to the mobile app via your identity service provider protocol, select the checkbox for OAuth Login Only.
    Important: Be sure to test your OAuth login before enabling the OAuth Login Only setting. If you enable this option, your mobile users will no longer be allowed to log in to the mobile app with their employee ID and password (the Employee Number and Password fields will not display). Instead, they must use the SSO Login button.
  6. In order for users to log in via your identity service provider's protocol, you must register their login (typically an email address). See Register Users for OAuth Login for details.
  7. After their logins are registered, remind mobile users that they must sync portal settings on the mobile app (Preferences > Sync Portal Settings). This ensures that your authorization protocol is enabled on their device.