Add Native SSO to Mobile Apps in minutes
We’re excited to be in Vegas to attend Oktane ’18 as a sponsor and Okta partner. We are showcasing a new mobile identity service called Appdome for SSO+, which enables enterprises to add native SSO to mobile apps instantly, without coding.
This new service allows enterprises to easily add single sign-on from their cloud identity provider of choice (like Okta or Microsoft Azure AD) to any mobile app on-demand. This new service will help enterprises accelerate their move to cloud identity by removing making integrations simple, easy and low risk.
Migrating to cloud-based identity SSO
If you’re the CIO of a medium or large enterprise, you’re likely to deal with some form of strategic ‘digital transformation’ initiative that might involve a daunting migration from on-prem to cloud based identity SSO like Okta, Azure AD or Ping. Mobile is starting to play a much bigger role in this transition. There might also be occasions where you’ve pondered on how to pull it all off.
You’re not alone. Delivering a unified identity, authentication and authorization solutions for all your mobile apps can be a daunting challenge. First, I’ll describe some of the challenges enterprises face when trying to add SSO to mobile apps. Then I’ll tell you about an easier way to do it.
Challenges Adding SSO to Mobile Apps
Perhaps you’ve moved many of your desktop apps to the cloud. Maybe you’re using Okta, Azure, Ping, or OneLogin for SAML-based SSO for your desktop apps, and that’s gone reasonably well. Now you’re ready to enable your mobile apps with SSO, since you need to provide a unified solution across all apps and channels. Makes sense.
Maybe you have 50 to 100 mobile apps which connect to critical systems of record, all tied into your on-prem Active Directory store. Many of these back-end services are legacy monolithic systems and not all are API enabled. Your apps were created by different teams, using a plethora of frameworks & environments, ranging from Cordova, Swift, Kony, SAP, Xcode or Android Studio. Some are hybrid apps, some written in React Native. Some have webview browsers, others don’t. Perhaps 25% of your mobile apps support a modern auth standard like SAML, OpenID Connect or, OAuth2 But even those have implementation differences among vendors which increase operational complexity. The rest of your apps may use traditional or prem-based enterprise authentication protocols like KCD, Kerberos and ADFS. Quite a mix.
SAML 2.0 or OpenID Connect?
If you’ve tried to add SAML to a handful of those ‘vintage’ apps, you would have realized that the process is actually quite complex. What if your legacy backend only communicates over Kerberos, and you learned that making the two co-exist is not feasible?
For the apps that you actually did integrate SAML 2.0, your dev project took MUCH longer than expected and your developers ran into several near project-killing ‘framework dependencies’. Ever try adding SAML to an app written in Ionic or React Native? And Okta and other IdPs don’t work out-of-the-box with all development frameworks. Unfortunately, it’s a lot harder than you think.
For some apps, you switched gears and implemented OpenID Connect, because you were told it’s easier, more secure and more ‘mobile friendly’ than SAML. All true statements, but OIDC is also not ‘prescriptive’; it leaves many implementation decisions up to the mobile developer ISV roadmap. Inconsistent implementation decisions can create unfavorable user experiences and/or security issues. Additionally, now you need to decide if you should upgrade all apps from SAML to OpenID Connect. This all requires manual work, and you are not in control of the development schedules, especially for ISV apps.
You don’t want SSO ‘with strings attached’
It is ideal to deliver simple, native SSO for all your mobile apps – giving users one set of credentials to authenticate to all apps. With all these dependencies, you’ve ended up with something far less optimal than the simplified SSO experience you set out to achieve. This usually embodies itself in some combination of the following: Multiple authentication flows with different sets of credentials, or a clunky webview inside the app, or a separate app required to authenticate (not the delightful user experience that you expected). Or maybe you delayed/postponed SSO for your mobile apps, thinking it was just too hard or risky.
So where does all this leave enterprises who want to add SSO to mobile apps and move to cloud based identity SSO providers like Okta?
A better way to implement SSO in mobile apps:
What if I told you there was:
- A better, faster, and more secure way to add SSO to all your mobile apps?
- A solution which reduces risk by eliminating dependencies on factors you can’t control (like ISV development schedules or broad adoption of specific authentication standards)?
- An easy way to migrate legacy on-prem apps to a modern cloud-based authentication solution – at your own pace?
That is EXACTLY what Appdome for SSO+ gives you:
- without coding SAML, OAuth or OIDC
- without platform or framework dependencies
- without ISV roadmap or developer dependencies
- without server side or infrastructure changes
- without duplicate sign-on workflows
Sound too good to be true? Watch this video and tune in to my next blog to learn more!