Frequently asked questions
How do users sign in to the app?
Users must use their Sage People username and password or single sign-on details.
To access the app, the user must have the Sage People Mobile App permission set assigned and the user profile must have the API Enabled checkbox selected.
Users whose profiles do not have the appropriate permissions can install the app, but see an "Unable to log in" message when attempting to sign in.
Pre-boarders, and those who have left the organization, are unable to sign in to the app.
After signing in for the first time, the user is prompted to set a security PIN that can be used to unlock the app. If configured on the device, the user can unlock the app with biometric identification.
How long does a user session last?
You can control the duration of a user session with the Refresh Token Policy and Session Policies > Timeout Value settings on the Setup > Apps > Connected Apps > Manage Connected Apps page. This setting defines how frequently users are required to re-authenticate with their username and password. Typically this value is set to 30 or 60 days, depending on your ogranization's policy. See Configure the app.
By default, the app requires PIN or biometric re-authentication after two minutes in the background.
How do I remotely log out a team member's device?
To remotely end the user's session (for example, if the team member's device is lost or compromised):
-
In Salesforce Lightning Experience, go to Setup > Users > Users.
In Salesforce Classic, go to Setup > Manage Users > Users.
-
Click the name of the user whose session you want to revoke.
-
Under OAuth Connected Apps, find the active Sage People Mobile session and click Revoke.
The user's access and refresh tokens are removed, and the user is shown the sign-in screen when opening the app.
To prevent a user from signing in to the app, remove the Sage People Mobile App permission set for the user.
What security features does the app use?
The app employs a range of security features to keep user data secure:
-
Access to the app is secured by a user-defined PIN or biometric identification.
-
After four PIN entry attempts, the user is logged out and must authenticate using their username and password or single sign-on credentials.
-
The app uses any multi-factor authentication requirements configured for the user's account.
-
App screens are masked when the app is in the background.
-
The app undergoes rigorous security testing, including regular penetration tests, and is subject to the Sage mobile certification release process.
What data does the app store on the device?
The app retrieves data using API requests, stores the data in memory while the app is running, and clears the data when the app is closed.
The app stores the following information locally on the device:
- Files uploaded to or downloaded from the app. These are stored in the app's folders on the device. These files are purged at specific times so they don't take up storage space.
- User session details are securely stored, including the Salesforce instance URL, access token, and refresh token.
- The team member's avatar image and the organization logo are stored in the app's cache folder.
- The user's app preferences, including the app version and the sign-in URL.
Files uploaded to or downloaded from the app are private to the app unless shared with or opened in another app. For example, viewing a PDF in Android via the app opens the file in a PDF viewer which makes a copy of the file. If removing all personally identifiable information from the device, these copies must be purged manually.
The app also uses a web view to display Salesforce login and single sign-in web pages, and the self-service Sage People website. The web view uses standard web browser technology which employs caching and cookies.
How does the app secure local session information?
The app uses industry-standard encryption techniques using iOS Keychain and Android keystore technologies.
How can I delete data stored by the app?
Signing out of the app and uninstalling it clears all local data. If any downloaded files have been opened in another app (for example, downloaded PDF files) any copies of these files made by the third-party app must be manually removed.
If you uninstall the app on iOS without signing out first, the Keychain entry is retained. This can be removed by reinstalling the app and opening it.
What user telemetry is sent by the app?
When analytics cookies are enabled, the following telemetry is used by Sage People to improve the app:
- Anonymous usage information is captured to help us determine the most widely used parts of the app. This enables us to focus improvements on the most popular parts of the app and to improve its usefulness.
- Anonymous crash information is captured, enabling us to identify and fix problems, drawing on as much usage information as possible. This information includes how the app has malfunctioned, and device details such as the make and model of phone.
Does the app track my activity or capture personal information?
The app does not collect or send any personally identifiable information. No activity outside of the app, such as browsing data or location information is available to the app.
For the Sage privacy notice and cookie policy, see the following links:
What device permissions does the app require?
The app requests specific device permissions that are required for it to function. For Android, app permissions are detailed in the Google Play store and can be viewed and controlled in your device settings. For iOS, app permissions can be viewed and controlled in your device settings.
What accessibility features are supported?
The app supports the following accessibility features:
- Font resizing: the app supports large font sizes, as set on the device.
- Accessible color palette: the app uses your organization's custom color – set at organization level – to generate an accessible color palette that is used throughout the app.
- Large buttons: the app uses large buttons which are designed to be easy to tap.
Why aren't empty fields displayed on the My Work Details page?
From app version 1.4.3 (December 2021), empty fields are now hidden on the My Work Details screen. This mirrors the behavior in the WX desktop interface.