OS version configuration
As an organization, you want applications to use only approved operating system (OS) versions to communicate with the OneWelcome Identity Platform. OS version management is an important feature of the OneWelcome Identity Platform. This gives your organization more control over which applications are allowed to communicate with your back ends.
The OneWelcome Identity Platform can accept different versions for every OS. You don't need to create a configuration for an operating system. If an OS does not have a configuration, it means that all versions are accepted for that OS. The OS configuration applies to all mobile clients for a specific OS, regardless of the configured application version. For information about application versions, see application configuration.
Note
There are several reasons why your users use older versions of an OS. Phone vendors do not always offer the latest OS versions for a device. Upgrading the OS can be a time-consuming or unfeasible effort for a user due to network or device memory limitations.
To configure approved versions for a specific OS, on the administration console, go to the Configuration section, then App configuration, and click the Operating Systems tab.
Forcing users to upgrade
The OneWelcome Identity Platform grants access only to clients that provide a valid OS version. The version is valid when it meets the conditions provided within the OS configuration:
-
It is higher than the minimum version, if a minimum version is configured.
-
It is not blocked.
Note
If there is no configuration for the OS, then every version of this OS is valid. In this case, the OS version information is not required.
Forcing users to upgrade their OS
Clients that provide an invalid OS version are forced to upgrade the OS version to a newer version before they can use your application again.
Forcing users to upgrade their application
If an application doesn't send the version information for a configured OS, the user is prompted to upgrade to a newer application version, which is able to send the OS version to the OneWelcome Identity Platform.
Limit approved OS versions
On the admin console, the Operating systems section allows you to limit the approved OS versions in one of the following ways:
-
Specify the minimum OS version that is required.
-
Block specific OS versions.
These settings (blocked, minimum OS version) are optional and independent of each other.
Configure minimum OS version
The minimum supported OS version can be set to the major (version 2), minor (version 2.1), or patch (version 2.1.4) release of the OS. Only the first three numeric parts are parsed and the dot character (.) is expected as a separator.
Examples:
| Minimal version | Supported versions | Blocked versions |
|---|---|---|
| 2 | 2, 2.0, 3, 3.0.1 | 0.5, 1, 1.9.9 |
| 2.1 | 2.1, 2.1.0, 2.1.1, 2.1.rev2, 3, 3.0 | 2, 2.0, 2.0.9 |
| 2.1.4 | 2.1.4, 2.1.4.beta1, 2.1.4-patch, 2.1.5, 2.2 | 2, 2.1, 2.1.3 |
Block a specific OS version
Use this option when one version of a mobile OS has a security vulnerability (such as 2.1.3), but others (such as 2.1.2, 2.1.4) do not. Another example is to allow Android version 4.4 on tablets and phones, but block Android version 4.4w for wearables.
The request is denied if the configured version exactly matches the value of the blocked version. Any value is allowed to be configured.
Note
Normally you configure the supported OS versions at build time, so that users who are not running a required OS version are unable to download your application. However, sometimes you need more drastic measures in case of security vulnerabilities, but don't want to completely prevent application usage. In this case, block the vulnerable OS versions.
