Mobile App Deployment
Pyramid content can easily be deployed to mobile devices (both phone and tablet). Users on such devices can access Pyramid through mobile browsers or via dedicated native apps (iOS and Android only) without requiring extra services or server components. Both entry points will expose the core application in the same way to end users, however, the native apps offer a better user experience for end-users and more control for administrators.
The following guide glues together both insights into how mobile devices can be used with Pyramid (and content) as well techniques for best practices when it comes to a mobile deployment strategy.
Mobile Deployment Considerations
Smart Phone vs Tablet
When deployed to smart phones, Pyramid is delivered through a specific "mobile" client - that is optimized for the small form factor. It offers read-only access to live content with significant data interactivity (Discover and Present) while it also exposes a minified experience for the internal portal - the Bulletin Board - where rendered publications (from Publish) and alerts can be seen, opened and read.
When deployed to tablets on the other hand, Pyramid loads the desktop client applications (both for viewers and pros) - since they have been optimized to work equally well on tablets and desktop applications alike. This includes support for full touch functionality throughout the entire application. As such, Pro can effectively author and create content normally on a tablet the same way they may on a desktop.
There are native apps for both the smart phone and tablet - both wrapping the functionality described above.
Native App vs Browser
The native app experience offers a few user experience improvements over the typical mobile browser:
- It provides a more convenient mechanism to set and manage user security settings (see below). These cannot be controlled from the browser.
- The native app makes better use of screen real-estate, offering more space for content than the browser.
- The native app offers smarter display and reactions to content like screen auto-rotation.
Browsers, on the other hand may offer better handling of generic 3rd party mobile security frameworks if they are being used and are not supported by the native app.
Mobile Content Preparation
Discover reports , Present dashboards and Publish rendered publications can all be accessed through both smart phone and tablet interfaces (either via the native apps or via the device's browser). The handling of each content type can be summarized as follows:
- Discover reports are loaded as designed in the desktop. The internal display engine will auto-optimize the content for display on phones, while it will reflect a closer match to the original desktop design on tablets. User and designers have no ability to adjust the way Discover content is presented on mobile devices.
- Present dashboards, unlike Discover reports, can be custom designed for each of the 3 main device modalities: desktop, tablet and phone. This means, designers can have 3 independent designs for each device within a given dashboard definition. If designers do not supply a specific design, the application will auto-optimize the content for display on a given device.
- Publish publications are rendered with specific document types, with specific sizes and settings. The mobile devices therefore do nothing other than open the content as is.
Mobile Administrative Setup
Before the mobile framework can be deployed, it needs to be enabled and configured in the admin console. Mobile access in Pyramid is governed centrally from the mobile settings section in the admin console - under “Mobile” section, In “Device Settings” tab:
Check-off which mobile operating systems the application will operate on. If both boxes are unchecked, the native mobile devices will not be supported on the platform - and mobile access will be blocked.
Mobile Device Saving Mode:
“Mobile device saving mode” can be configured as to how a user’s login credentials are to be saved on the device. These options make native client access to Pyramid tremendously convenient versus the mobile browsers.
- Save User Name and Password: Saves the user name and password and it does not have to be entered on every login.
- Save Only User Name: Saves the user name, and the user will have to enter their password on each login attempt.
- <![CDATA[ ]]>Don’t Save: Does not save the user’s credentials they will have to be entered with each login.
Device Id Check
This option lets you manage which devices can or can’t login (Effectively dual factor authentication. See below). By default, the switch is disabled, and all devices will work with the system (pending user authentication).
To enable the option to manage logins, check “Device Id Check”. Once enabled, two additional settings are provided: “Opt Out” and “Opt In”.
- Opt Out: All devices can login by default, and it keeps a log of every login. Admins then have an ability to block specific devices.
- Opt in: All devices are blocked by default, and it keeps a log of every login attempt. Admins then have an ability to enable specific devices.
Two Factor Authentication
An often requested feature for mobile application is two factor authentication. Pyramid includes this mechanism via the device ID.
The device ID check triggers a pre-check of the device itself before the user authenticates with the credentials. This double check process, of both the device and the user’s credentials, represents a two-factor authentication model. Further, the device ID is checked before the user credentials, providing better protection for brute force attacks.
Mobile Login Process
When the user clicks the "Login" button in the native app on their mobile, the mobile app will do the following:
- Check if the mobile operating system is supported.
- Check if the device ID is allowed (if the admin, “Device Id check” is enabled).
- Authenticate the user using their credentials.
If a device is lost, admins can simply go to the device listing and block the device itself from accessing the platform, regardless of the user's credentials.
Of great concern in any deployment of an enterprise grade application is security - especially when it contains corporate data. The following explains how users are authenticated in Pyramid and the security of content and data,
Pyramid's mobile platform supports authentication directly into the application ("forms" or "basic"). If the Pyramid web application is protected via firewalls, users simply need to connect to their office network normally on the device to gain standard entry into the application. The document below explains the general authentication flow.
- This graphic explains how the security mechanism for mobile operates compared to a standard desktop browser flow.
Beyond the direct login approach, Pyramid's mobile supports SAML and Azure Proxy login:
- If customers have decided to deploy SAML based authentication, the native app will automatically redirect the users to the SAML login screens.
- If customers have decided to deploy Azure Proxy (for authentication amongst other things), the native app will automatically direct the users to the Azure login screens.
The mobile apps do not save any content or data offline once a session is closed. While in session, the client may store query and meta data fragments. These are flushed once a session is closed. This does not include any reports exported or printed to offline files like PDF and Excel.
Credentials can be optionally saved (see below) by the applications. If they are, they are encrypted and stored into the host operating system's settings database. If the application is uninstalled, these settings are removed.
Web Site Setup and Communication
The mobile apps, like the main client operate over the standard web HTTP and HTTPS protocols. Since mobile connectivity is usually via the Internet (vs. intranet), the use of an HTTPS site with SSL certificates is STRONGLY RECOMMENDED for secure communication and authentication.
Since the web servers that will host the mobile app will be exposed to the Internet usually, they should be fully secured and protected with all relevant technologies like firewalls. On the other hand, since the mobile framework uses SSL encryption for communication, and can be deployed with two-factor authentication (see below), there is less need for mobile VPN's and other mobile security frameworks.