Issues Redirecting Users into Appian Mobile App when Using SAML but Not with Local...

Bear with me as I try to explain this problem in a simple and understandable way.

 

When a user is on mobile, and receives an email alert and clicks the link in the email that goes to our Appian cloud, they are presented with the login page.  We are very early in project launch, so we currently have the "sign in page selection screen" so they can use the Appian "local" account or their company login (SAML).  This page opens in the mobile browser (for example, Safari on iOS).  It does not automatically go to Appian app, but there is a suggestion at the top of the browser to open in Appian (the little drop down that shows up in Safari when there's a mobile app compatible with that web application).  

 

Now, if they select local user they get a pop-up that says "Open this page in "Appian"?.  If they do that, it opens in Appian but presents them with the default "sign in page selection screen" so they have to tap the option again.

 

If they select the SAML option, it proceeds to execute SAML process in browser.  It does not present a pop-up "Open this page in "Appian" option, as it should (IMHO).  It also opens the full site, and not a mobile friendly version.

 

Now, when our analyst brought this up to the consulting team helping us with our deployment, they pointed him to this KB (which is very sparse, and almost a year old now) https://community.appian.com/support/w/kb/512/kb-1305-appian-mobile-app-renders-in-browser-mode-instead-of-native-app-mode.  

 

This suggestion makes no sense to me, and here is why: if I setup a redirect post-SAML auth to auto-magically open in Appian app after SAML auth, then the mobile application will still need to re-authenticate the user.  We have a call later with our SAML provider to see if this is possible, but it makes more sense to me that Appian should be able to guide the user to mobile regardless what login option they select, or somehow (like Dropbox) automatically redirect mobile users to the App without allowing them to even have a choice.  The URLs are nearly identical....which tells me that Appian is doing on thing with "signin=native" and another with "signin-saml":

 

This leads me to my question:

 

So why should my SAML provider be responsible for determining if my users have Appian app, and redirecting them accordingly?  This is the job of the application owner, not the SAML provider - right?  The application owner should handle redirects and client detection (I assume based on user-agent or something).  The SAML auth works great in the mobile app (btw), but when a user clicks a link in an email (from mobile), in my opinion, it should auto-detect and drop them into the mobile app (similar to Dropbox and many other apps that have mobile integrations).

  Discussion posts and replies are publicly visible

  • From what you're describing, I believe the issue is that you're first opening the page in the browser, and starting to interact with it, and then trying to open it in the app.

    If you choose to open the link in the app when the option is first presented (when you first click the link in the email), I believe things will work as you're expecting them to.

    Important concepts to keep in mind are 1) data is not shared between the browser and the Appian app (since these are distinct applications) and 2) the prompt to open the Appian app is based on you attempting to access a url for an Appian site.

    So, if the email includes a link to your-appian-site.com/suite/tempo , and you click on that, I would expect that you would get the option to open that link in the Appian app, since that url is for an Appian site. If you do that, and proceed to the app, all further activity should occur within the app.

    If, however, you continue to your landing/login page in the mobile browser and select one of the links on that page, you're effectively back to square one (in terms of opening the app). So, if you choose the link to the Appian native login page, you will again be prompted to open that in Appian (since that is also an Appian url). And if you proceed to the app from there, you may see the default landing page again because that is the page that's first displayed when you try to access your Appian site (and, from the perspective of the mobile app, you are trying to access the site for the first time, since data is not shared between the browser and the app. You are not signed in, and it doesn't know that you're already coming from your initial landing page.)

    And if you select the link to your SAML authentication page, you won't get a prompt to open the page in the app because your SAML login page is not an Appian url.

    If you go to the landing page in the app, and then select the SAML login option from there, I expect that authentication and subsequent navigation would continue to be within the mobile app.

    Hopefully that helps explain the behavior you're seeing.

  • I am having the same issue as John, except i am on Android 7.1 and i am not using browser at all. I get email notification i open my outlook app and click on the link it redirect to the browser by default however I have SAML configured so when i click on the sign-in options it then launches the app.