Delegated Authentication for Veeva CRM via MDM

    iPad | iPhone

Veeva CRM supports delegated authentication, or single sign-on (SSO), allowing users to sign in using third-party authentication. Admins can use any Mobile Device Management (MDM) solution in the AppConfig community or Microsoft InTune to configure third-party authentication.

For example, Verteo BioPharma assigns Sarah Jones a set of credentials for a third-party app. An admin enables delegated authentication for Veeva CRM, then uses MDM to push the Veeva CRM app for all users. Sarah Jones can then sign in using her third-party credentials.

Configuring MDM for Delegated Authentication

Admins must upload a configuration file in their MDM containing the third-party authentication endpoints. AppConfig MDMs and Microsoft InTune require different formats in the configuration file. Configuration file formats for different AppConfig MDMs can also vary. To view a sample configuration file, download the AirWatch XML file or the Microsoft InTune XML file.

Customers can configure and deploy OAuth 2.0 Authentication for Veeva CRM via MDM. However, the configuration for delegated authentication and OAuth 2.0 cannot be combined into one configuration file. Admins should create separate configuration files for delegated authentication and OAuth 2.0, and assign them accordingly to user groups in the MDM. The configuration file must contain values for the following parameters:

Parameter

Description

THIRD_PARTY_AUTH_URL

A valid HTTP URL endpoint that receives security token requests from CRM.

THIRD_PARTY_APPLIESTO_URL

A valid HTTP URL endpoint used by Salesforce to authenticate the security token returned by the third-party app.

Values configured in MDM override values defined locally on the device for delegated authentication.

Using Delegated Authentication

Users can sign into Veeva CRM using third-party credentials and save their credentials to iOS Keychain. See Saving Passwords to iOS Keychain for more information.

Users can also use Face ID and Touch ID with delegated authentication. See Touch ID and Face ID Authentication for more information.