KNOWLEDGE BASE
Space shortcuts
Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

This article is still under development. 


Where to find Security

Mobsted uses various built-in ways to authenticate your users into applications. This section can be accessed through either App's menu, magenta box ↓



or if you are already within the application, you can see it in the top menu ↓


This is something you can use as a central entry point for all you users, before users actually install the app. When they enter the application an object/user is created and the installation will happen from that very object. 

Who can access your App

Anyone without registration.

This is useful for things like marketing pages and applications. You can ask people for their names or email later in the application, but no email or phone number authentication will happen


Anyone after registration and authentication

This is recommended when you need to get new users onboard, but need to 100% confirm either a phone number or an email. A user will be asked to enter either phone or email BEFORE he/she sees any application content.


NOTE - that what you require mobile phone or email is set in the following section below - "How to authenticate users"


Only those added by me

This is when no new users can be created by a user him/herself, but only by you, from within the service or using API exchange


How to authenticate users login in

  • Email - will send an email code every time a known user logs in and authentication JWT tokens have expired (sending email security codes is free). Make sure you add an "Email" column in Users/Objects table. 


  • SMS - text will be sent to a mobile number on the same conditions as email (NOTE that a free account only has a limited amount of SMS included, so you will need to connect your own SMS account to pay for TXT messages.) Make sure you have a "phone" column in users/objects.


  • External ID - you can use external authentication services:
    • like Google SSO (more social type plugins are coming soon), see here an article on how to add Google authentication for users
    • you can connect apps to your company's Active Directory service, so your employees will be recognized and given rights
    • or use external OpenID Connect comliant service

NOTE - External ID is able to function WITHOUT the phone or email set. This way you will need to use an action called "Create Auth" on any button within your app


  • Timeout change - you can set for how long do you need to keep authentication JWT tokens alive. The Default value is 1 month, but by pressing the "Set another time", green button ↑, you can set other lifetimes for JWT tokens (magenta ↓), access token marked blue ↓ and refresh token marked red below ↓


Using a combination of Access and Refresh tokens you can create a security setting relevant to your application. More info on this in a separate article - coming soon. 

Add extra security 

You can make additional security checks after a period of idle time, or if the user offloads the app from running memory (like swiping apps on a phone). This is needed, when for example a banking app user has it open for a while, without doing anything. 


  • PIN code - is something a user will need to input, as a digital PIN or a password. Make sure you add PIN code column in users/objects and that some info does exist in it
  • IP Address - means a user can only login into the app from a certain range of IPs, that you add input in the area down below security page:



  • No labels