Remaining permanently logged in to the Fabasoft Cloud app

You certainly know the following situation: While you are travelling by train you are using your mobile device to work on a document in the Fabasoft Cloud. You lose your Internet connection, your device switches from WiFi to mobile data – and you are consequently logged off the Fabasoft Cloud. Thanks to the Fabasoft Cloud November 2019 Release, situations like these are now a thing of the past. From now on you can choose to log in to the Fabasoft Cloud app on a permanent basis.

Permanent login

Once you have updated your Fabasoft Cloud app (available in the App Store and the Google Play Store), you can set up a code lock in the course of logging in. This only has to be done once. Depending on the authentication methods provided by your device you can also choose to activate Touch ID or Face ID to unlock the app.

Login with permanently logged-in function  Activate code lock

You then log into the Fabasoft Cloud again and will remain logged in until you explicitly choose to log off via the respective Fabasoft Cloud function. Your login status is also kept if you close the app.

Register in the Fabasoft Cloud  Log-out in the Fabasoft Cloud naviation

When you open the Fabasoft Cloud app again you only have to enter your code or identify yourself via Touch ID or Face ID if you have previously chosen one of these authentication methods. This ensures that only you can use the Fabasoft Cloud app, even if your mobile device is unlocked.

Overview of the devices in use

In the web client, you can manage the devices that are permanently logged into the Fabasoft Cloud by accessing “Account Menu (your user name)” > “Advanced Settings” > “Devices”. If one of your devices is lost, you can log it off in this place.

Administration of organisations

The “Permanent Login” option is managed by the administrator of an organisation. It is activated for all users by default. With the help of the organisational policy “Permanent Login” (“Authentication” tab), the administrator defines whether all users or only specific ones can use this feature. In addition, the validity period and the permitted operating systems for permanent login can be restricted.

Technical background

Fabasoft Cloud session cookies are currently bound to the IP address. This is one of measures that are taken to prevent session hijacking. However, IP address binding leads to session invalidation whenever the IP address changes. This frequently happens in mobile use cases, for example if WiFi access points are switched or if the device changes from a WiFi connection to mobile data or vice versa. In addition, the validity of Folio session cookies is limited with regard to time.

If permanent login is used, strong binding of the user to the device is initiated, which is based on an asymmetric public/private key pair. The private key is stored securely on the device (for example in the keychain of iOS). Furthermore, the user has to lock the Fabasoft Cloud app with an app-specific code. Biometric identification mechanisms provided by the device can also be used to unlock the app.

Whenever the user wants to use the app, she has to identify herself with her biometric ID (or the app-specific code). If the Fabasoft Cloud session cookie becomes invalid, the app can request a new one by sending a request signed with the private key. The Fabasoft Cloud service checks the signed request with the public key assigned to the user and the device, and issues a new session cookie.

 

For a detailed description of the app as well as all further enhancements of the Fabasoft Cloud 2019 November Release, click HERE.