Who is this article for?

Mobile Users and Admins supporting company mobile updates.

An active Mobile application is required.

The  Ideagen EHSQ Enterprise Mobile application supports all three major operating systems (iOS, Android, and Windows 10)

• iOS: The app runs on devices introduced within the past three years. Choosing a model with at least 4GB of RAM is strongly recommended for best performance.

  Recommended Device: iPhone 12 or newer

  A complete list of iPhone and iPad devices is available on Wikipedia. 

• Android: The app supports devices that have been introduced within the past three years with at least 4GB of RAM. Testing efforts are centered around current Samsung phones and tablets and Google Pixel phones. Best performance is ensured on these certified devices; other devices may offer varying results

  Recommended Device: Samsung 10 or newer

  More information on Android versions is available on Wikipedia.

• Windows: The Windows native app supports Windows 10 and Windows 11 Pro and Enterprise. Other editions (Mobile, Home, Education, etc.) are not supported. Windows 10 support is limited to the last release, 21H2. Please note that devices with ARM processors are not supported currently.

  Recommended Device: Google Pixel 5 or newer

  More information on Windows versions is available on Wikipedia.

Connectivity

Reliable connectivity is essential for the app to function as intended, ensuring that all user data is accurately synced with the server. The application is designed to interact seamlessly with the server stack. These elements work together to authenticate users, manage secure sessions, and facilitate the exchange of information between the client and server.

• The app uses two base URLs and a subscriber code to interact with the server stack. YWServices base URL is used to make a call to the LoginPage servlet and SAML redirect RESTConnect base URL is used for all other interactions with the server.
• The app does not call any third-party services or endpoints except in the case of SAML authentication.
• The user configures connections. Base URLs are either hard-coded, manually entered by the user, or consumed from a QR code.
• The app validates a new connection by calling YWServices LoginPage servlet. This verifies the subscriber code and confirms that the app can reach the server.
• The response (which includes some subscriber preferences) returned LoginPage servlet is cached for later use by the app.

Access

IP Restrictions

IP restrictions mandate that users connect to the system via a trusted network, as if they were accessing the desktop user interface directly. Typically, this involves logging in while connected to a company WiFi network or VPN.

Alternatively, access can be configured using one or more specific roles, which permit traffic from a broader range of IP addresses. This approach ensures that a mobile user logging in from outside a trusted network will have access only to those designated roles. For further information on configuring IP restrictions for specific roles, please refer to Setting up IP address restrictions.

SingleSignOn (SSO)

An Identity Provider (IP) must be accessible and properly configured for seamless authentication. When Single Sign-On (SSO) is enabled, the application will redirect users to an identical IP authentication screen that they encounter when logging into the desktop UI. This ensures a consistent and familiar login experience across both desktop and mobile platforms. 

IP access required

Mobile users must have access to the IP address from their mobile devices in order to successfully authenticate. Without this access, users will not be able to complete the login process on their mobile devices.