How to Make Mobile Apps Work with Microsoft Authentication Library (ADAL)

 

Learn how to Make Mobile Apps Work with Microsoft Authentication Library (ADAL).

What is Microsoft ADAL?

Microsoft Azure Active Directory Authentication Library (ADAL) is a framework designed to make secured resources available to apps via security tokens.  Apps integrated with ADAL can share authentication state enabling seamless SSO (Single Sign-On) capabilities. 

Microsoft ADAL is used primarily in Microsoft apps. Mobile apps that are not created by Microsoft typically support other authentication methods, not ADAL. Using the MicrosoftADAL-OAuth 2.0 framework in non-Microsoft mobile apps is complex. These applications need a way to share authentication state based on tokens received by Microsoft Outlook or the Microsoft Authenticator application.
Microsoft ADAL offers two modes of authentication: (1) direct authentication – where the user is directed to an Authentication Authority page,  and (2) Brokered Authentication – where the user would also have an authenticator application installed. The authenticator handles a shared authentication for all the applications that need to authenticate.

The following diagram illustrates the Single-Sign-On flow for apps that have been integrated with Microsoft ADAL.
Note: The flow is similar for direct and brokered authentication. 

  1. The application sends an unauthorized request to reach a resource like internal.mycomp.com which is protected by a gateway, AD, or the app server itself.
  2. The server protecting the resource responds with 401 or 30X response since the request is not authorized.
  3. Appdome identifies the response for the protected resource and opens an internal Webview within the Built App.
  4. The internal Webview is opened to the ADAL Hub URL (For example:  myadal.com.com).
  5. The user can now authenticate using any authentication method the hub URL requires, during the authorization session, the cookies and authorization token are received.
  6. The Azure server redirects to the successful URI (e.g. mycomp://authorized) since the authorization succeeded. Note that the app’s Success URI is configured on Azure should match the configuration during fusion.
  7. Appdome identifies the successful URI redirect and closes the internal Webview, thus returning the view to the original app.
  8. Now, when the app tries to reach the protected resource, the authorization header or cookies are attached to the outgoing request. The gateway will trust these credentials and the app will reach the protected resource successfully.

adding adal to ios and android apps

Adding Microsoft ADAL to Mobile Apps Fast

Appdome is a no-code mobile app security platform designed to add security features and 3rd party services like Microsoft ADFS to Android and iOS apps without coding.  This KB shows mobile developers, DevSec and security professionals how to use Appdome’s simple ‘click to build’ user interface to quickly and easily make mobile apps work with Microsoft authentication. 

Using Appdome, mobile apps will use Microsoft ADAL SSO to authenticate users as if ADAL was natively coded to the app. Appdome for ADAL  SSO is compatible with mobile apps built in any development environment including Native Android and iOS apps, hybrid apps and non-native apps built in Xamarin, Cordova, and React Native, Ionic and more. This streamlines implementations, cuts development work, and ensures a guaranteed and consistent integration of Microsoft ADAL SSO to any mobile app.

Log in to your Microsoft Azure portal and retrieve the Azure Client ID. If you have not yet registered an application in Azure AD, you can see How to Register Apps in Microsoft Azure Active Directory.

How to add Microsoft ADAL SSO to Any Mobile App on Appdome

Appdome makes using Microsoft ADAL in mobile apps easy. Simply upload an Android or iOS application to Appdome, select Microsoft ADAL and click “Build My App.” Below is a step-by-step guide to completing a full integration of Microsoft ADAL in mobile apps on Appdome.

Follow these step-by-step instructions to add Microsoft Adal SSO to any mobile app:

Upload a Mobile App to Your Account

Please follow these steps to add a mobile app to your Appdome account.
If you don’t have an Appdome account, click here to create an account.

From the “Build” tab, Add Microsoft ADAL SSO

  1. Select the Build tab.   Note: a blue underline will appear showing the step is active
  2. Select the Authentication category. Note: a blue highlight will appear showing the category is active.
  3. Enable Authentication Profiles
  4. Select Microsoft Active Directory Authentication Library (ADAL) from the drop-down menu.
  5. You can add specific URLs to apply the authentication to, or leave “all” to apply to all URLs accessed by the app.
  6. Enter the URL for your ADAL Authority
  7. Enter the URI for Redirect URI
  8. Enter the Client ID for the app (in Azure sometimes also called Application ID)
  9. Optionally toggle “ON”  Validate Authority
  10. Optionally toggle “ON”  Brokered Authentication
  11. Click Build My App

Make Mobile Apps Work with Microsoft Authentication Library (ADAL)

The technology behind Build My App has two major elements – (1) a microservice architecture filled with 1000s of code sets needed for mobile integrations, and (2) an adaptive code generation engine that can recognize the development environment, frameworks and methods in each application and match the application to the relevant code-sets needed to add Microsoft ADAL SSO to the mobile app in seconds.

Congratulations! You now have a mobile app fully integrated with Microsoft ADAL SSO.

Prerequisites for using Appdome for Microsoft ADAL SSO

In order to use Appdome’s no code implementation of Microsoft ADAL SSO on Appdome, you’ll need:

  • Appdome account
  • Mobile App (.ipa for iOS, or .apk for Android)
  • Azure Hub URL
  • Authentication Successful URI for Native App
  • Azure URIs for protected resources
  • Azure Client ID (Application id)
  • Signing Credentials (e.g., signing certificates and provisioning profile)

No Coding Dependency

Using Appdome, there are no development or coding prerequisites. There is no SDK and no library to manually code or implement in the app. The Appdome technology adds the relevant standards, frameworks, and logic to the app automatically, with no manual development work at all.

How to Sign & Publish Secured Mobile Apps Built on Appdome  

After successfully building your app using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include 

Or, see this quick reference Releasing Secured Android & iOS Apps built on Appdome. 

How to Learn More

For more information on how Appdome gets, retrieves and stores ADAL tokens in mobile apps, please review the data sheet on No Code Microsoft Authentication in Mobile Apps.

Check out Microsoft documentation, Appdome for SSO+ blog or request a demo at any time.
If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

Gil Hartman

Have a question?

Ask an expert

HilaMaking your security project a success!

Get Your Copy
2021 Global Mobile
Consumer Security
Survey