How to Add Additional Security to Your App with User Authentication

User authentication is a way to prevent your apps from being accessed by people from outside your company. This means that you can publish your app to the public app stores, safe in the knowledge that external users cannot access important or confidential information.

By using Fliplet’s authentication systems you can quickly and easily protect your app – so that you can concentrate on the more important things.

Fliplet’s authentication tools allows you to protect your apps in three ways:

  • Single sign-on (SSO)
  • Email authentication
  • Passcode protection


Single sign-on

Uses existing company login systems

No need for user/password management

Access cloud-based data services

Email authentication

No IT integration required

Authenticate against multiple email domains

Up to 16-digit unique code

Passcode protection

Protects from non-employee intrusion

One minute set-up

Touch ID available to iOS users

Single sign-on

Single sign-on uses security systems already in place to secure your app. These services are used to authenticate a user against company records.

By using single sign-on, your users won’t have to create/find new login details for your app. Their login details will be the same as every other service offered at the business.

As a result, there are less barriers between your user and the app; this can help increase usage while avoiding making concessions with your security.

How does it work?

Single sign-on works by using your company’s login system to authenticate a user. The app will require the user to enter their company login details before being let into the app.

A login screen will open when the app is first used which will securely connect to your company’s login system. Upon successfully inputting their details, the user will be logged into the app.

Their login credentials will be valid for as long as your company protocol allows (for example, Google will automatically log users out every 8 weeks).

Email authentication

The email authentication system uses the unique email domain name of your company to verify the user. If a user doesn’t have a company email address, they can’t verify themselves and will be unable to login.

By using this system, you can ensure that key content isn’t being accessed by non-company users. Which is great if you don’t have a private app store or a mobile device management system and you want to list your employee apps in the public app stores.

How does it work?

The app will require the user to enter a valid company email address before allowing them to enter the app. Without a valid email, this is where there user’s journey will end.


Once the user has entered an email address and tapped ‘Authenticate’, the app will check the domain name against a list of allowed addresses. If the domain name is on the list, the user will be sent an email. If it isn’t, they will be notified that they must enter a valid email address.

The email will contain a unique code that is able to unlock only that user. The unique code can be as complicated as you wish; here are your options.

  1. Numeric or alphanumeric characters
  2. 6-16 digits
  3. A code with limited time validity (1-60 minutes)

These options allow you to increase the security level of your authentication system. However, please note that by increasing the security you are also adding an additional barrier between your user and the content which may decrease their engagement with the app.

Once the user has successfully entered the passcode, they will be redirected to the app.

Note: The user will only be asked to enter their login details once. The only instance where they will be asked to re-enter their details is if they forget their passcode or if they delete the app and then re-download it.

Passcode (and Touch ID) protection


Without a mobile security or MDM system, you or your IT team will be unable to lock or remotely wipe the a user’s device if it is lost or stolen. Passcode protection is a basic way of protecting your app from common issues like lost or stolen devices if you do not have access to a more sophisticated system.

Passcode protection works by locking the app each time the user exits. By doing so, it protects the content of the app from external use.

How does it work?

When the user first loads the app, they will be prompted to set up a 4-digit numerical passcode. Without doing so, they will not be allowed to access the app. Once they have added their passcode, they will then be asked to verify it by re-entering it. From here they will be able to access the app.

Each time the user accesses the app, they will be asked to enter their passcode If they have an Apple device (depending on the model), they will also have the option of using TouchID (which authenticates with the user’s fingerprint) to authenticate with – a handy way of saving time!

Using the authentication suite

We would advise that you use both email authentication and passcode protection for maximum data security. By using this method, you can control who gains access to the app in the first place, then control access over the lifetime of the app.

Ask your Customer Success Manager if you’d like to set this up in one of your apps.

Things to note

By adding levels of security to your app, you are increasing the additional steps users need to take to access your app content. Each additional barrier will increase the likelihood that the user will not use the app therefore:

  • Make sure you are authenticating for the right reason
  • If your content doesn’t need protecting, don’t do it
  • Ask for our quick guides on both solutions

These features are available to all Fliplet users now. Please contact a member of the Customer Success team to get help adding them to your apps.

Want some help with your app?

You should speak to a member of the Customer Success team. You can do this by:

  • Email:
  • Telephone: UK: +44 (0) 203 582 9720 US: +1 (415) 200 3720
  • Live chat: Chat to us in Fliplet Studio
  • Fliplet FAQ

We look forward to hearing what you think of this new feature – feedback is welcome!