The OAuth authorization framework allows you to enable secure logins on the mobile app via your identity service provider.

1. In the web portal, select Admin > Portal Settings > Field Management Mobile.
2. Select the Show Advanced Settings checkbox at the top of the page.
3. Expand the General Configuration section.
4. In each of the following portal settings, enter the information that your identity service provider has given to your organization:

   • URL of the OAuth Identity Server: Enter the URL for the server that your identity service provider will use to authenticate your mobile users.

   • Client ID used for OAuth Bearer Token: Select the Change button for this setting, and enter the client ID that your identity service provider assigned to your organization.

     Note: Each time you select the Change button, the existing client ID is cleared from this setting, and a new one must be entered.
   • Client Secret used for OAuth Bearer Token: Select the Change button for this setting, and enter the client secret that your identity service provider assigned to your organization.

     Note: Each time you select the Change button, the existing client secret is cleared from this setting, and a new one must be entered.

   • OAuth Identity Server Scopes: Enter the list of server scopes (separated with spaces) for your identity service provider. For example, offline_access openid.

   • OAuth Identity Server Well-Known-Configuration Path: Enter the path for your identity service provider's well-known configuration file.

5. To require that users log in to the mobile app via your identity service provider protocol, select the checkbox for OAuth Login Only.
   Important: Be sure to test your OAuth login before enabling the OAuth Login Only setting. If you enable this option, your mobile users will no longer be allowed to log in to the mobile app with their employee ID and password (the Employee Number and Password fields will not display). Instead, they must use the Login button.
6. In order for users to log in via your identity service provider's protocol, you must register their login (typically an email address). See Register Users for OAuth Login for details.
7. After their logins are registered, remind mobile users that they must sync portal settings on the mobile app (Preferences > Sync Portal Settings). This ensures that your authorization protocol is enabled on their device.