Enterprise Authentication

Enterprise authentication helps you to make content such as routes, news or hotspots within your company available only to authenticated users. Two different modes are available for authentication:

  • E-Mail Verification
  • Azure Active Directory Authentication

Activating Enterprise Authentication

Enterprise authentication can be enabled at the manage tenant settings in the AppNavi portal.

After activating the switch for Enterprise Authentication, another tab Authentication For Enterprise becomes visible.
In this tab, the details for the respective authentication mode must be set.

Important: Activating or deactivating Enterprise Authentication will result in an interruption of the service. This means that the content will not be available to users for a few hours. This interruption depending on the IT infrastructure and the type of application. For this reason, we recommend that you only make changes to the Enterprise Authentication outside of business hours.

Configure Enterprise Authentication for E-Mail Verification

With this type of authentication, the user verifies himself with a verification code, which he receives via e-mail from the AppNavi system, if he is authorised to do so. The verification flow runs according to the following scheme:

  1. The user enters their email address in the AppNavi avatar
  2. The user will receive a confirmation code to the e-mail address provided - provided this is authorised.
  3. The user enters the confirmation code in the AppNavi avatar and is now authorised to use the system.

Using the rule engine, you can add any email addresses or rules to control which email addresses are authorised to log in to the AppNavi avatar. Examples of rules:

E-Mail AdressPatternIs Allowed
[email protected][email protected]Yes
[email protected]*@company.comYes
[email protected]*@company.comNo

As this enterprise authentication mode stores the credentials (user tokens) in the local storage, we recommend that you check whether there are company policies that ensure that the local storage is automatically emptied. After emptying the local storage, the user must verify himself again by sending an e-mail. Frequent resetting of the local storage can negatively affect the user experience.

Configure Enterprise Authentication for Azure Active Directory

In order to use AppNavi Enterprise Authentication in conjunction with Azure Active Directory, it is first necessary to create a new app registration in Azure Active Directory. The application must be created as type web application.

The authorisation endpoint must be configured to support both Access Tokens and ID Tokens.

The following tokens must be issued for AppNavi:

  • email
  • familiy_name
  • given_name

In addition, the following authorisations must be granted:

  • email
  • profile
  • User.Read
  • openid

Finally, the tenant ID and the client ID must be stored in the enterprise authentication settings of the portal.

As this enterprise authentication mode stores the credentials (user tokens) in the local storage, we recommend that you check whether there are company policies that ensure that the local storage is automatically emptied. Since this scenario involves a single sign-on against the Azure Active Directory, the negative impact on the user experience is significantly lower than with email verification.