Cross-app identity is the next big thing in mobile authentication. On Appdome, we’re making cross-app identity a reality for every authentication method.
Background on Cross-App Identity in Mobile Apps
What is Cross-app identity in mobile apps? It is the ability for two or more mobile applications to share authentication and authorization state. With Cross-app identity, a successful user authentication event to one app can “unlock” other Fused apps within the same group, whereby all subsequent apps trust the authentication state of the first app, without requiring multiple logins. Therefore cross-app identity provides a true SSO experience to users with multiple mobile apps.
Way back in the past, mobile device management (MDM) vendors tried to deliver cross-app identity by enabling MDM administrators to place apps inside a management container, and then asking users to install a management profile on the mobile device. Using this approach, the user would authenticate to the container to access the apps within it. These days, most organizations are moving away from MDM. So developers and enterprises need new ways to achieve cross app identity in mobile apps directly (i.e., without an MDM).
Limited options, tough work…
Achieving cross-app identity is possible IF the mobile app is enabled with Microsoft Active Directory Authentication Library (ADAL) and OAuth 2.0. It is also possible for iOS apps with active keychain sharing enabled. If your mobile app supports these methods, you may be in luck. You’ll have to add protection to secure authentication credentials. You’ll also have some tricky configuration challenges. But, it’s possible. It’s also worth noting that some cloud identity providers leverage server side implementations coupled with mobile SDKs, which together could enable cross app authentication if the SDK is coded to your app. However, as with building and maintaining anything inside mobile apps, adding MS-ADAL, OAuth 2.0, or vendors SDK/APIs takes development time and effort.
Most enterprise customers and their B2B or B2E app makers are not willing or able to do the work. If your mobile app doesn’t support these methods (i.e., doesn’t have these methods or SDKs coded inside the app), you’re out of luck. There’s no way to share authentication, authorization or access state between apps. Your users have to separately authenticate to each mobile app. And that just makes for a painful user experience.
Making Cross-App Identity in Mobile Apps Easy and Universal
Our customers asked us to simplify and expand cross app identity in mobile apps. This is why Appdome created a no-code, in-app Cross-App ID feature that is compatible with any authentication method and any identity provider.
With Appdome’s new Cross-App ID feature, Appdome-Fused mobile apps can share authentication and authorization state for any and all authentication methods. Let’s say you want to use an OpenID or SAML based authentication service with several mobile apps. If you fuse Cross-App ID, the apps themselves will trust the new OpenID or SAML based authentication service. Therefore a mobile app user who successfully authenticates to one Fused app “unlocks” all other apps within the group. This is because second and subsequent apps trust the authentication session of the first app. And so, no matter what authentication service you Fuse, the user enjoys cross app identity and true SSO across mobile apps, even if the authentication service doesn’t support cross-app ID.
How Appdome makes Cross-App ID a Reality
Allow me to go little deeper into what’s inside the framework that supports Appdome’s Cross-App ID. First, the Cross-App ID framework is actually a collection of code sets, called Fusion Adapters. Each adapter is designed to work with a specific class of apps and authentication services. Now if you have a React Native app and you want to add Microsoft AD authentication (using, say NTLM or Kerberos), the Appdome platform adds the specific Fusion Adapters required to connect your app to that service. This includes all the stitching needed to save, store and share credential info. In fact, Appdome automatically adds everything needed to deliver Cross-App identity to the Fusion Layer inside the app. In the past, this would only be possible with lots of modifications to the source code of multiple apps.
Furthermore, if your other apps were all built by different developers, in different frameworks, or using different environments, Appdome-Fused apps still enjoy Cross-App ID, as the apps can sync state with each other online . If the user needs to re-authenticate (for example after a token refresh) the first app will prompt the user to re-enter their credentials. Upon successful re-authentication, all the apps will automatically re-authenticate and synchronize with each other.
Appdome Cross-App ID is Secure by Design
Oh, and don’t worry. We avoid the well known problems of cross-app resource sharing (of course). Appdome’s Cross-App ID framework is protected by Appdome’s industry leading security, providing a secure and segmented identity store for all authentication credentials. Appdome encrypts all cached credentials with enterprise grade AES-CTR 256 bit encryption. There is no sharing of authentication data with any other services. In addition, Appdome In-App Private ID and Appdome ONEShield™ (e.g., Encrypt In-App Preferences, Data-at-Rest Encryption) ensure that any cached or stored credential information is encrypted and stored securely inside the app.
Give Appdome’s Cross-App ID a Try!
This is huge for mobile developers, as you don’t need to limit yourself to a select few authentication choices to get cross app identity. In addition, organizations don’t need to perform costly server or authentication upgrades just to share state between mobile apps. Adding Cross-App Identity is simple and easy. There’s no code or coding required, and no framework or standards dependencies. There’s also no requirement for MDM, and no impact to app roadmaps at all.
You can read the detailed step-by-step guide describing how to enable Cross-App ID in this Knowledge Base article.
We’re 100% committed to making your mobile app integration projects simpler and easier to complete. I hope you try cross app identity on Appdome.