Whitelist and frequency of logging in and security

My app will have users added to the Whitelist, as opposed to allowing a whole domain. I understand how a user first downloads the app and logs in. I’ve read posts about AppSheet checking to make sure that user is still in the Whitelist each time it syncs.

But what protection is there if the user’s phone is lost or stolen- from someone else accessing the app?

Are the users only required to re-log in every 60 days? That would leave the app open for anyone to access. I don’t want my users to have to login everyday but where is the balance?

How do you handle this part of security?

In my experience this it typically handled at an organization policy level. i.e to use our applications, thou shalt have a password lock screen and such and such time out settings.

1 Like

Thanks Grant. Our organization uses that same method but adds OKTA on top of it. I don’t understand how that works behind the scenes, just as an end user of it. OKTA may not be any different than the way AppSheet handles Google accounts.

1 Like