Multi-Factor Authentication (MFA) & Single Sign On (SSO)

For additional security, we can enable Multi-Factor Authentication (MFA) and/or Single Sign On (SSO) for your users. You will need to request these options to be enabled via AppCan Support.

If you have both MFA & SSO enabled, select the required authentication (None, Entra or MFA) from the ‘Authentication Method’ option.

Please note: Users will need to be on AppCan Mobile build 2.20.16 (554) or greater for MFA / SSO to be available.

Multi-Factor Authentication

To enable MFA for a user, select the required authentication method:

Email:

On login to the cloud or mobile applications, AppCan will generate a random 6-digit code and assign it to the user along with an expiry date. It will then send an email containing this code to the user’s email address. When logging on to AppCan Cloud or AppCan Mobile, it will prompt the user to enter this code after entering their username/password. If the code expires before they’ve entered it, they will be able to request a new code.

TOTP (Time-based One-Time Password):

AppCan will generate a secret key for a user, then generate a QR code based on the key. The end user can scan this into their Google or Microsoft Authenticator app on their mobile device. This will then allow the authenticator app to create a TOTP code which the user will have to enter after logging in via the cloud portal or mobile app.

You can email the QR Code and Secret Key to the user by selecting the ‘Email TOTP Code’ option.

AppCan Mobile:

After logging in, you will be prompted to enter the code sent to your email address.

AppCan Cloud:

After logging in, you will be prompted to enter the code sent to your email address.

You can select ‘Resend Code’ if required.

Single Sign On

SSO Admin Configuration

Your IT team will need to configure your Azure Active Directory (AAD) for SSO and provide AppCan with the following details:

  • Application (Client) ID
  • Directory (Tenant) ID

In AppCan, select ‘Admin’ and then select ‘Advanced’. Add your Client Secret and save the changes.

SSO User Configuration

To enable SSO for the required user, in User Administration, check the ‘Microsoft Entra User’ option and enter the Entra Username.

When the user accesses the AppCan Mobile or AppCan Portal logon screen, select ‘Sign In Using SSO’

The user will be shown a modal to enter the required client domain.

This will then prompt the user to authenticate with their Microsoft account.

Scroll to Top