search

Offline Authentication

circle-check

Offline Authentication Feature was introduced in Auth version 4.15.10.

hashtag
Overview

This feature introduces a configurable offline mode for the authentication flow. The new solution allows users to proactively choose to enter a limited offline state when the device is deemed offline. In this mode, users can enter a user ID for tracking purposes and are granted a predefined offline session, providing access to a specific set of applications configured for offline use. The system also monitors network connectivity in the background and notifies the user when it is restored.

hashtag
User Guide

hashtag
Prerequisites

To use offline mode, the following must be true:

  1. Configuration: Your system administrator must have pre-configured and enabled the offline mode feature in the application settings (bfAuth.offline.enableOfflineMode = true).

  2. Offline Applications: Applications must be pre-configured in the Launcher under the designated "Offline" group.

hashtag
Offline Authentication Process

The offline authentication process follows a strict sequence when the device cannot reach the predefined server urls (networkCheckUrls).

1

hashtag
Step 1

When you attempt to log in, the system first performs an automatic check against the predefined server urls. If the server URLs can't be reached, the system will fail first and present a dialog box stating: "Network not available. Unable to login because servers are unreachable. Proceed to offline mode?" At this point, you must choose to either No to abort the login attempt or select Yes to proceed.

No network connection prompt
No network connection prompt
2

hashtag
Step 2

If you proceed, a new prompt will appear asking you to Enter User ID. You should enter an identifier for tracking purposes; this step is for auditing and is not validated against any network service. After entering a user ID, you finalize the request by selecting Ok.

Enter User Id prompt
Enter User Id prompt
3

hashtag
Step 3

Upon submission, the system grants a local offline session with a predefined user name and group membership as configured by an administrator. If secondary authentication like a PIN or NFC is enabled, you will be prompted to complete that step next. Once successfully authenticated, you will have access to the Launcher's Offline group of applications.

Secondary Authentication prompt
Secondary Authentication prompt
4

hashtag
Final Step

Finally, the system begins monitoring for network connectivity in the background. When the network is restored, you will receive an Android notification stating: "Network is now available, logoff and login to connect to your network." To access online features and resources, you must manually log out from the offline session and perform a standard online login.

Network availability notification
Network availability notification

hashtag
Setting Up Offline Mode

"appConfig" : {
  "bfAuth": {
    "offline": {
      "networkCheckUrls": [
        "https://bluefletch.okta.com/.well-known/openid-configuration",
        "https://accounts.google.com/.well-known/openid-configuration"
      ],
      "enableOfflineMode": false,
      "group": "Offline",
      "userIdValidationPattern": "^[a-zA-Z0-9_]{6,}$"
    }
  }
}

hashtag
Settings for Offline Mode

networkCheckUrls

string[]

List of URLs for offline mode functionality to validate connectivity (if one fails, it is automatically marked as offline).

enableOfflineMode

boolean

To enable/disable offline mode functionality.

userName

string

Default Username in Session if offline mode proceeded.

group

string

Default Group in Session if offline mode proceeded.

userIdValidationPattern

string

A regular expression string pattern for validating the user id input.

PreviousBlock Multiple LoginNextTechnical Guide

Last updated