Security

The Sage People mobile app has been designed for security. This section outlines the security features used by the app, and the secure service architecture that underpins it.

Session management

The service uses the OAuth 2.0 authorization standard to permit a connected app to access the user's Sage People information.

Diagram: data flow between the Sage People mobile app and the Salesforce organization

  1. The user signs in using their single sign-on credentials or Salesforce details. The service issues an OAuth access token and refresh token to authenticate the session. These tokens are securely stored on the device.

  2. Sessions are managed by Salesforce using the policies configured against the Sage People Mobile Android and Sage People Mobile iOS connected apps. You can set session policies for your organization that define requirements for the OAuth session, such as the token expiration timeout, IP address restrictions, and single sign-on.

    When the access token expires, the app automatically requests a new access token using the refresh token. If the app cannot obtain a new token for any reason, the user is signed out of the app and must re-authenticate using their credentials.

  3. The app times out after 2 minutes of inactivity. Access to the mobile app is secured using the device's biometric authentication or a user-defined PIN.

  4. Calls to the service from the app use a dedicated mobile REST API. The API performs checks to ensure that the user has the required permissions and that requested data is enabled for mobile. The API calls WX business logic to access team member self-service features.

  5. The app uses device memory to store information while the app is open. Session information, such as refresh and access tokens, is stored using the device's native encrypted storage.

If the user signs out of the app, the refresh token is expired and any sessions associated with the token are revoked.

Device security

The app uses the following methods to secure access to user information on end-user devices.

  • Device authentication: the app uses the device's biometric hardware, or a user-configured PIN, for authentication. After four incorrect PIN attempts, the users is logged out of the app and must re-authenticate using their credentials.

  • Inactivity timeout: the app times out after 2 minutes of inactivity. After this, the user must re-authenticate using biometric hardware or their PIN.

  • App switcher image protection: mobile operating systems can take snapshots of the app screen to display when scrolling through active apps in the device app switcher. To prevent personal information being captured, the app displays a blank screen when the app is sent to the background.

Information stored on the device

Most data is stored in memory while the app is open, and not cached on the device. The app retrieves data using API requests, stores the data in memory while the app is running, and clears the data when the app is closed.

The app stores the following information:

  • Encrypted session information

  • The user's app preferences, including the app version and the sign-in URL

  • Avatar images and organization logo (stored in cache folder)

  • Uploaded/downloaded files are stored in the app's folders on the device.

Signing out of the app clears all data stored by the app.

Encrypted session information

Session information such as the access token, refresh token and PIN is stored securely on the device using AES-256 encryption. The user's username and password are not stored.

Remote access revocation

System administrators can revoke active user sessions, and prevent users from signing in to the app by revoking app permissions using the Setup section of the HR administrator portal.

Screenshot: revoke an OAuth session

See How do I remotely log out a team member's device? in the FAQ section.

Data integrity

To ensure data integrity, the app monitors the device's network connection and displays a message to the user in the case of a loss of internet connectivity. No user activity can be performed in the app without an active network connection. All changes and updates within the app are actioned with a single API request per change. It is not possible for information on the end user's local device to become out of sync with your Sage People organization. Because of the app's network status monitoring, it is unlikely that a significant amount of user activity (such as changing details or creating a new absence request) would be lost in the case of a loss of connectivity or a device crash.