Home
Authentication Identity Configuration
This chapter explains how Innovapptive’s mobile applications (such as mWorkOrder, mRounds, and mTag) handle user authentication in a multi-tenant deployment environment. The authentication framework is based on federated Single Sign-On (SSO) and secure token-based session management.
Federated SSO Login Flow
Innovapptive’s mobile apps authenticate users using federated SSO, integrating with tenant-managed identity providers like Azure AD, Google, or Okta.

Title and Copyright
Copyright and Terms of Use page for iMaintenance Configuration.
Preface
Understand audience, know related documents and products and conventions followed in this document.
Introduction
The iMaintenance Configuration Guide is your blueprint for shaping how iMaintenance works in your organization.
Log in to Application
Navigate to the iMaintenance Configuration
Customer Tenant Onboarding with Azure IDP
This chapter provides step-by-step instructions to configure a customer’s Azure Active Directory (Azure AD) for federated Single Sign-On (SSO) with Innovapptive mobile applications. It applies to IT administrators and implementation engineers performing customer onboarding.
Authentication Identity Configuration
This chapter explains how Innovapptive’s mobile applications (such as mWorkOrder, mRounds, and mTag) handle user authentication in a multi-tenant deployment environment. The authentication framework is based on federated Single Sign-On (SSO) and secure token-based session management.
- Federated SSO Login Flow
  Innovapptive’s mobile apps authenticate users using federated SSO, integrating with tenant-managed identity providers like Azure AD, Google, or Okta.
- Token-Based App API Flow
  After the user is authenticated via SSO, the mobile app uses access and refresh tokens issued by the Auth Server to interact securely with backend services. This section explains how these tokens are generated, validated, and refreshed across service calls.
- Use the Token After Login
- Refresh Token Handling
- Alternatives for Users Table Synchronization
  If the Users Table cannot always be reliably synchronized with the tenant’s SSO server, alternative mechanisms may be considered to maintain alignment between user records and identity provider data.
Manage Users & Roles
Maintain Master Data
Configure iMaintenance Core Settings
The Core Settings in iMaintenance define how the product behaves across your entire organization. These settings control fundamental aspects of daily use, such as session timeouts, chat availability, measuring points, auto-timers, AI enablement, issue creation, root cause analysis, attachments, and more.
Integrate External Systems
Manage Maintenance Operations
Review Observations
The Observations module allows supervisors to view and manage issues reported through the iMaintenance mobile app. These issues are typically tied to specific assets and locations within a plant.
Design and Manage Forms
Forms are essential for capturing structured field data in the iMaintenance mobile application. This chapter covers everything from manually creating and publishing forms to leveraging AI for auto-generation to managing archived forms.
Set Up Configurations with RACE
Configure Risk Evaluation with the Risk Matrix
Customize Platform Settings
Set Up Notifications
Build Dashboards and Reports

Federated SSO Login Flow

Innovapptive’s mobile apps authenticate users using federated SSO, integrating with tenant-managed identity providers like Azure AD, Google, or Okta.

The following flow explains the complete authentication sequence—from mobile app launch to user provisioning—highlighting how the app, backend services, SSO server, and user management databases interact at each step.

The mobile app fetches the SSO method and Client ID for the tenant from the Innovapptive DB.
Based on the SSO type, the app displays a single sign-in button, such as Sign in with Google or Sign in with Okta.
When the user taps the button, an in-app browser opens and redirects them to the SSO login or consent screen.
Upon successful authentication, the SSO server redirects the user to Innovapptive’s landing URL with a one-time authorization code.
The app sends this code—along with the tenant ID—to the Auth Backend.
The backend sends a grant request to the SSO server using:
- Authorization code
- Client ID
- Client Secret
The SSO server responds with an access token and a refresh token.
Using the access token, the Auth Backend fetches the user’s profile details from the SSO server.
The backend then:
- Stores the user details and SSO refresh token in the Users Table
- Creates a Mongo Realm user with a unique password
The backend returns the following credentials to the mobile app:
- Realm username and password
- Basic Auth JWT token (used for secure API and DB sync)
Figure 1. Federated SSO Login Flow – From Mobile App to SSO and Backend Sync

Figure 2. Authentication Module Flow V1 – Step-by-Step Message Exchange Across Components

Reference: https://excalidraw.com/#json=Uc84zojdzuFrFQB_0mr-5,UHk6cX3C_yJpW-dDgC4nPw