SharePlus supports the following authentication mechanisms out-of-the-box:
Passcode Lock (including Touch ID)
Windows Integrated Authentication (Active Directory)
SharePoint Form Based Authentication (FBA)
Office 365
Custom Web Login Forms
Client-Side Certificates
For other authentication methods, refer to this section.
SharePlus provides an optional Passcode Lock. When opening the application with Passcode Lock enabled, you are prompted to enter a four digit code. The lock is automatically activated when the application goes to background or after a configurable amount of idle time.
Settings can also be centrally enforced by an Administrator through the use of global configuration.
When configuring the Passcode Lock in SharePlus Enterprise, you can also enable the native iOS Touch ID as an additional security layer. You will need to set up Touch ID on your device first, where you can enroll up to five fingerprints.
When enabling Windows authentication, the security features of Windows clients and servers is used.
In this common authentication mechanism, the user is prompted to introduce his credentials.
This mechanism is used with SharePoint Servers hosted by Office 365 on the cloud.
This mechanism has been implemented to support customized online authentication mechanisms such as Forefront UAG and ISA Server. This authentication method behaves like Office 365 authentication.
When using Web Login, users normally need to enter their credentials and submit the information. Through web-based auto login, users skip that part as the whole authentication process works as an integrated mechanism. They only need to select Web Login and associate an account, SharePlus then automatically populates the fields and submits the credentials information.
For the web-based auto login to work, SharePlus will search for the login name, password, and submit button within the page. The following fields are needed:
input tag with name = “login” or class = “SPLoaderUserInput”
input tag with name = “passwd” or class = “SPLoaderPasswordInput”
button with class = “SPLoaderAutoSubmitElement”
Client-side digital certificates can be used to request authenticated access in a SharePlus Enterprise application. You can deploy your client-side certificates by using two methods:
Manual configuration. The certificate is saved to SharePlus “Local Files”, and then it is assigned to a user account.
Integrated. SharePlus reads the certificate from a shared location on the keychain or the certificate is pushed to the app by an MDM.
This method is very straightforward, and, at a very high level, you just need to complete the following two steps:
Copy the client-side certificate to the device running SharePlus in order to make it accessible to the application (Local Files).
Associate the certificate to the user account that you want to use the authenticated access.
To achieve this two steps, you need to use the Wi-Fi sharing feature to send your certificate from your PC to SharePlus’ Local Files over the network. Also, you must edit the desired account to enable the use of certificates and later select the new certificate to be used. For a detailed procedure, refer to our How to use Client-side Certificates blog post.
This method has two possible scenarios:
Using a shared Keychain
Pushing the certificate to the app
An MDM Server Agent (or “Helper App” – custom app used to deploy in the shared location) can be used to store certificates on a shared location on the keychain. The following three main steps are needed:
The MDM Server Agent and SharePlus must be re-signed so they can share keychain access.
Once deployed to the device, the MDM Server Agent obtains the certificate and stores it on the keychain on a known location.
SharePlus must be configured to read credentials from that known location.
As Enterprises are able to re-sign all their mobile applications before deployment, both the MDM Server Agent and SharePlus must be configured to belong to the same group. In consequence, both apps will share keychain access.
In this case, the MDM is configured to send the Client Certificate to the app. For further details regarding MobileIron see Policies & Configs in MobileIron Integration with SharePlus.
Besides existing out-of-the-box authentication methods, SharePlus Enterprise allows other possibilities to be taken into account, either using Web-based Authentication or by developing a custom Authentication Provider.
SharePlus can be extended through the SharePlus SDK, which allows the implementation of custom authentication methods according to the Enterprise needs.
One-time password (OTP) methods, like RSA token, are supported using Web-based Authentication or through the implementation of custom Authentication Providers.