The Top 10 IT Questions About The Staffbase Employee App

Take your employee communications to the next level with your own employee app.

You have seen Staffbase, you really like it and your next internal step is „talking to IT“? Then this article is for you. Here are the most common questions that we get during our initial talks with IT professionals. We love to talk to them, because these conversations usually change from skepticism about “just another app” to real enthusiasm that Staffbase is an enterprise-ready platform, built with professional IT environments in mind.



#1: Is this “just an App”?

No. Staffbase is a platform for employee communications in employee-centric organisations. It comes with ready-made components for the most important communication use cases. This includes corporate news, pages/documents, employee directory, forms, the canteen’s meal plan, maps and even leave requests. Staffbase consists of mobile-ready client apps for multiple platforms and a powerful Software-as-a-Service backend with a Content Management System (CMS), user management, security settings and APIs. We provide native apps for iOS and Android (Windows is in the make), web apps for Blackberry and currently Windows and a browser version that runs on all desktops or terminals. We even plan to add a specific channel for screens.


Each customer gets a fully branded set of apps including an own name, logo and launch screen. All apps are based on the same platform and configuration is done in Staffbase’s Content Management System. This way all customers actually use the same software and benefit from our large and fast-growing customer base as well from our QA and maintenance processes. New features will be made available to all customers at once. Custom features can be developed using our set of APIs.


One thing about the web-based CMS: we have built it from scratch and fully focus just on use cases around employee communication and services. We have demoed it to hundreds of communication and IT professionals so far and we always get a lot of excitement about the unique combination of two usually incompatible characteristics: a broad and powerful functionality but yet very easy to use. If you have not seen it yet – we are happy to show you around!


#2: How are the Apps deployed? Can we use our MDM?

The best way to distribute the native apps is the public app store of iOS and Android. Employees know how to search and download apps there and updates are automatically distributed and installed. Yes, these apps may also be downloaded by other users but all internal content is protected by a login.


We usually submit the apps though our Staffbase App Store accounts. We offer an individual submit process through your own company accounts as an additional service.


Apple is very strict in how they deal with apps for closed user groups. This means that all apps, even if employees are the primary target group, need to have a public area with relevant public content. This could be general information about the company, a list of locations, current job vacancies, press releases or news from the company’s Facebook or Twitter account. We support public areas out of the box. This means you are able to create that public content at the Staffbase CMS.


Mobile Device Management (MDM): yes, it is possible to distribute your native apps from Staffbase through a MDM. Lets talk about your specific solution.


#3: Does it integrate with existing platforms (SharePoint)?

Yes. We see two different integration scenarios:

  • There is usually some content (i.e. your corporate news at the existing intranet) that shall be imported into Staffbase. We support that with a content API that allows pushing content (text, pictures, documents) to Staffbase. Because SharePoint is by far the most requested source, we decided to build a standard SharePoint connection that will work with SharePoint 2013 and SharePoint online.
  • Many of our customers use Staffbase not just as a mobile extension of existing intranets but rather as the company’s central communication intranet. This is a nice move towards a more employee-centric intranet strategy where some content needs great reach (Staffbase) and some content needs higher security (collaboration). Staffbase content can be imported into your “Collaboration Intranet” or an overlying intranet dashboard. SharePoint: we also have this scenario on our roadmap and will provide a configurable Staffbase Webpart for SharePoint.


#4: How can we add own functionality or integrations?

Staffbase supports multiple types of custom functionality or integrations with our build-in plugin extension framework. All features are organized as plugins that can be switched on or off. Plugins can have multiple instances and each instance can be published to all users or specific user groups. You can find all available standard plugins in the Content Management System or build your own plugins which will be available to your apps only. Plugins are created using HTML/JavaScript in the front-end and can run on your own servers. Plugins can also be used to create custom integrations with your existing HR systems. Content is just one field of use for integrations. Think about HR information like vacation or time sheet status or payroll notification. That’s highly relevant for employees.


For the integration of external content systems, Staffbase provides a REST API. It provides read and write access to news, pages, user management and other objects in Staffbase.


#5: How does user onboarding and management work?

This is usually one of the biggest initial topics and includes enough content for a separate article. Here is the short version.


Staffbase comes with a build-in user management that is one of the core strengths of the product. We typically see and support very diverse requirements. Here is a quick overview on the key topics:

  • Authentication: How do users get invited to the platform and which credentials do they use for the first time and afterwards. These are the options:
    • Single-Sign-On (SSO) like OpenID or SAML to use existing company accounts, for example based on Microsoft ADFS
    • Self-service signup via @company email (users will create an individual password for Staffbase)
    • Email invitation (users will receive an invitation email to any email address including a signup link; they will create an individual password for Staffbase)
    • One-time access code (Staffbase generates access codes for your users and you can print them, send them via email, print it on the payslip…; the access code lets users to create a new account using their email address and an individual password)
    • Combination of two secrets (Employees can authenticate using a combination of for example employee ID and last name; no account creation required after login)
  • User synchronisation: create, update and delete users in Staffbase:
    • Active Directory/LDAP integration,ustom-built connection via the Staffbase User API, mass import via csv (uploaded manually or automatically to API endpoint),managing users manually and a combination of these methods.
  • Management of user groups. This is inevitable if you deal with more employees and want to deliver a personalized and truly employee centric experience. Staffbase offers three ways to create user groups:
    • Automatic groups – theses groups are based on existing AD groups and can be automatically generated and maintained. Conditional groups – this very powerful feature allows to use any user metadata to create and automatically maintain groups (i.e. create a group for all sales people in Boston).Manual groups – small groups (i.e. editors) can be created manually.
  • User roles and admissions:
    • Staffbase comes with global roles like admin, managing editor, editor and user. Users can get promoted to editors for specific content like a news channel, a page or an employee survey. Finally, there is an author role for interactive and engaging channels where all employees should be able to contribute. That set of roles proved to be very flexible in handling all user governance requirements that we have seen so far.


#6: Can we configure the layout / design?

Yes, that is possible and there are several ways to do this.

  1. First, there is the native app itself. You define the name, icon and launch screen of your app. Afterwards the apps are getting generated and submitted to the App Stores based on your specifications.
  2. Administrators are able to customize the layout within the app: logo, color, app name color, background picture for desktop version and logo for the CMS dashboard.
  3. You can write your own CSS rules to further customize the look of your app and desktop experience.
  4. We are able to support you with even further modifications like your individual font or individual icons. Just talk to us and we are happy to discuss your requirements.


#7: Is it secure?

The roots of Staffbase are in Germany. This means we are used to deal with one of the strictest data security and protection laws in the world and we have built Staffbase and the organization around it to fully comply with these and other leading international regulations. We use very strict data security and data protection measures to protect the data of our customers. Sensitive production data is never migrated or used outside of the production network.

  • Hosting. Staffbase offers two hosting options that both provide state of the art security measures and certifications (DIN ISO/IEC 27001, PCI-DSS, SSAE16 / ISAE3402): Our US-based environment is hosted by Microsoft Azure and our EU-based environment is hosted by Profitbricks in Germany. The usage of the Amazon Cloudfront Content Delivery Network (CDN) ensures worldwide high availability.
  • Technical platform. All connections to the Staffbase platform are secured via SSL. Any attempt to connect over HTTP is redirected to HTTPS. Only a small part of the infrastructure (REST API) is exposed to the public. The rest of the infrastructure is restricted to other servers within the infrastructure (private cloud). Only a specific group of senior staff members have access to the live infrastructure (protected by 2-factor authentication, VPN). We track all system activity and have special monitoring for suspicious activity. Our basic infrastructure parts (OS-level) leverage automatic updates for critical security patches.
  • Organization. We have a dedicated infrastructure/security team conducting regular self-reviews of our infrastructure (server + application). In addition to that we allow customers to conduct own PEN tests and use the results to improve the service for all customers. We’ve seen multiple PEN tests by clients, none of them found critical issues. All employees have individual passwords and which we immediately remove when the employee leaves the company. We have an internal data protection officer who takes care of creating and enforcing security guidelines.


#8: What is a typical timeline to implement an employee-app?

Staffbase is a standard product. You can signup and start working on your content immediately. As soon as you have provided all necessary information your apps will be generated and submitted to the App Store.Including review by Apple this takes approx. 20 days. In parallel we’ll work with you on any advanced integration scenarios like AD and SSO. However, we know that the technology is just a part of the project. That is why we developed a framework that helps to run through all required steps (i.e. content, structure, user groups, onboarding and communication plan) to make such a project successful. We are happy to share details and also offer on-site workshops to develop an implementation strategy + roadmap.


#9: How do you deal with support and maintenance during the run phase?

  • Maintenance of the platform
    • The standard pricing includes all regular updates to existing functionality and bug fixes at no extra charge. This includes ongoing adjustments based on OS (Android/iOS) changes which often are responsibly for a large amount of budgets for mobile app projects.
  • Availability of the platform
    • We’re committed to 99,9% uptime and have met this goal in the past. We document all service disruptions. We monitor availability issues 24/7 and take immediate action if service interruptions are detected.
  • Support
    • Standard 3rd level support is included into all packages. We use a ticket system to report, monitor and resolve all open support tickets. Support is email-based and in English (other languages on request). We guarantee a reply within one business day. We additionally offer premium phone support and 1st and 2nd level support on request.
  • Partners
    • We work with a network of partners to support our customers with consulting, plugin implementation and content services. We are also open to work with your existing technical providers.


#10: What’s on the Staffbase roadmap?

As you may imagine there are plenty of improvements and new features on the backlog. Our vision is to create the leading mobile employee solution that helps companies of all sizes become truly employee-centric organizations. That’s a big vision but it really helps to set priorities for our technical roadmap. Key development areas are additional powerful and engaging use cases like instant messaging (1:1 and group messaging) or live surveys, integrations (above all: SharePoint) and platform features like search or a native windows mobile app. If you have other requirements that you don’t find yet: we are happy to talk and understand your case.



Written by Frank Wolf

Frank is the CMO and co-founder of Staffbase. He is an intranet and communication expert with more than a decade of experience in helping companies connecting to their employees. He is passionate about internal communication and digital technologies that create enjoyable places to work.