I’m evaluating mobile approval workflows for our ECO process and wanted to start a discussion about the tradeoffs between mobile and desktop approval experiences. Our team is debating whether to enforce desktop-only approvals for certain change types versus enabling full mobile approval capabilities.
From a user experience perspective, mobile approvals are clearly faster - approvers can act immediately from anywhere. However, we’re concerned about authentication strength and audit trail completeness. Mobile authentication typically uses saved credentials or biometric unlock, which may not meet the same security bar as desktop SSO with multi-factor authentication.
Additionally, the mobile interface necessarily shows less context than desktop - fewer attachments visible, limited change impact analysis, reduced ability to review related changes. For complex ECOs affecting multiple products, is mobile approval appropriate? What have others experienced in balancing convenience against thoroughness and security?
One consideration: mobile approval speed can actually improve audit trails by reducing approval delays. When approvers can act immediately instead of waiting to return to their desk, you get faster cycle times and more accurate timestamps reflecting actual decision moments.
We’ve seen cases where desktop-only approval requirements led to approvers batch-processing changes at end of day without thorough review, whereas mobile notifications prompted immediate attention and more thoughtful decisions. The convenience factor cuts both ways.
Has anyone implemented conditional authentication based on approval context? For example, requiring additional authentication factor for mobile approvals above certain cost thresholds or affecting specific product lines? Agile’s workflow engine should support this through custom conditions, but I haven’t seen it implemented in practice.
From a security standpoint, mobile authentication methods in Agile 9.3.5 can be configured to match desktop security levels. You can require certificate-based authentication for mobile clients, and modern mobile devices support hardware-backed credential storage that’s arguably more secure than password-based desktop login.
The real question is policy enforcement. Can you configure approval workflows to require desktop login for high-risk changes while allowing mobile for routine approvals? That would give you the best of both worlds.
The user experience tradeoff is real but manageable. Mobile interfaces should be designed for quick yes/no decisions on pre-reviewed changes, not detailed technical analysis. We added a “Review on Desktop” option in our mobile app that flags the change for later detailed review while keeping it in the approver’s queue.
For complex ECOs, the mobile view shows a summary with key impact metrics and a link to full desktop view. Approvers can defer decision if they need more context. This respects the reality that some decisions need desktop context while still enabling mobile convenience for straightforward approvals.
Thank you all for the excellent insights. Let me synthesize what we’ve learned about balancing mobile convenience with security and thoroughness.
Mobile Authentication Methods:
The authentication concern is addressable through proper configuration rather than being an inherent mobile limitation. Modern mobile devices support certificate-based authentication, hardware-backed credential storage, and biometric authentication that can meet or exceed traditional desktop security. The key is configuration - Agile 9.3.5 allows enforcing certificate authentication for mobile clients, and integration with enterprise identity providers enables risk-based authentication that triggers additional verification for high-stakes approvals.
Audit Trail Requirements:
Audit trail completeness is identical between mobile and desktop approvals. Agile captures user identity, timestamp, device type, IP address, and approval decision regardless of client type. The compliance concern isn’t technical but procedural - organizations need clear policies defining when mobile approval is appropriate versus when desktop review is required. Several participants successfully passed audits by documenting risk-based approval policies that tier requirements by change impact.
User Experience Tradeoffs:
The UX balance requires thoughtful design rather than binary choice. Effective approaches include:
-
Tiered Approval Policies: Low-risk changes (documentation, minor revisions) enable mobile approval; high-risk changes (new products, safety-critical) require desktop context
-
Deferred Review Options: Mobile interfaces should offer “Review on Desktop” functionality that flags items for detailed analysis while keeping them in queue
-
Context Summaries: Mobile views can show key impact metrics and decision criteria while linking to full desktop analysis for complex cases
-
Risk-Based Authentication: Integration with identity providers enables dynamic step-up authentication for high-value approvals
Unexpected Benefits:
Mobile approval speed can actually improve audit quality by reducing batch processing behavior. When approvers can act immediately on notifications, decisions are more timely and thoughtful compared to end-of-day batch processing common with desktop-only workflows. The convenience factor improves rather than degrades decision quality in many cases.
Implementation Recommendation:
Rather than restricting mobile approvals globally, implement a risk-based framework:
- Define change classification criteria (impact, cost, regulatory scope)
- Configure workflow conditions that route high-risk changes to desktop-required approval steps
- Enable mobile approval for routine changes with appropriate authentication
- Integrate risk-based authentication for dynamic security adjustment
- Document approval policies clearly for compliance validation
This approach maximizes mobile convenience while maintaining security and thoroughness where needed. The technology supports sophisticated policy enforcement - the challenge is defining appropriate risk thresholds and approval criteria for your organization’s context.
We integrated our mobile approval app with our identity provider’s risk-based authentication. High-value approvals trigger step-up authentication requiring additional verification. The Agile API allows you to check user authentication level before presenting approval options. This gives you dynamic security based on risk profile rather than blanket mobile restrictions.