Microsoft Identity has long been the standard for enterprise identity and access management both at the desktop as well as for Mobile SSO. In the desktop era, Microsoft’s on-premise authentication solutions like AD and ADFS dominated the landscape. Now, Microsoft is squarely focused on promoting its cloud identity platform, known as Azure Active Directory (Azure AD).
What if I told you that using Appdome, you can now add Microsoft’s standard-legacy authentication or Microsoft’s cloud identity solution to any mobile app without coding? Similarly, what if you could accomplish Cross-App SSO and conditional access using any Microsoft Identity method, including Azure Active Directory (Azure AD), Microsoft Authentication Library (MSAL) Active Directory (AD) or Active Directory Federation Services (ADFS)? That’s right, you can use Appdome to achieve shared SSO between mobile apps. And as a result, establish conditional access authentication per resource no matter what Microsoft identity method you use.
Microsoft Identity Basics
Microsoft offers two types of authentication – (1) standard-legacy authentication and (2) modern authentication. Standard-legacy authentication is Microsoft’s on-premise Active Directory and ADFS service. Modern Authentication includes Microsoft’s Azure AD and MSAL services. In fact, Azure AD and MSAL are the default authentication methods for all Office 365 services.
Standard-legacy authentication uses a username and password. These are encrypted in the HTTP-header via transport layer security (HTTPS) directly against the application service. Modern authentication is a claims-based authentication that uses ADAL and Oauth 2.0. They are used either directly to Azure AD or routed to Azure AD from the application service. The benefit of modern authentication is that users and organizations can enjoy conditional access and shared-authentication between apps. Because authentication requests are made separate from the application service itself (i.e., to Azure AD).
The Problem of Using Microsoft Identity for Mobile SSO
There are two main problems that complicate using Microsoft Identity for Mobile SSO with Android and iOS apps are:
- Mobile apps are not typically designed to rely on Microsoft’s standard-legacy authentication,
- Third party (non-Microsoft) mobile apps and their servers are not typically designed with direct connections to Microsoft’s modern authentication service. In contrast with Microsoft Office 365 apps that support Azure AD and MSAL out-of-the-box.
Mobile apps are usually built by different ISVs. As such, each mobile app is built with its own username and password workflow. For example, users sign into App X and App Y with different credentials. In addition, most enterprise organizations are in the early stages of their migration to Azure AD for non-Microsoft applications. Furthermore, these enterprise organizations continue to rely on Microsoft’s AD and ADFS for the bulk of their SSO and authentication requirements. And in fact, most mobile apps have their own username and password and do not support web browsers inside the app. Consequently, there is no way for a mobile app to utilize AD or ADFS for mobile authentication.
As a result, all this presents significant problems for universal mobile SSO, shared authentication (cross-app SSO) and conditional access. To illustrate, imagine trying to ask the development teams across a dozen mobile app makers the following question. “Will you support the specific Microsoft Identity requirement needed by my organization in your mobile apps?” You will get 13 different answers. As a result, organizations that want or need the benefits of modern authentication using their existing Microsoft authentication infrastructure have come to the following conclusion. The promise of creating universal mobile SSO seems out of reach. Out of reach until now.
Using Appdome to Achieve Universal Mobile SSO with Microsoft Identity
Organizations can use Appdome right now, to achieve universal mobile SSO. Appdome’s no-code Microsoft Authentication options have three main advantages:
- Any Microsoft Identity Service. Mobile apps can be enhanced to use Microsoft’s standard-legacy authentication and/or modern authentication,
- Universal authentication scheme across apps. Organizations can apply a universal authentication scheme across apps, i.e. can provide shared-authentication (Cross-App SSO) and conditional access resource-based authentication, regardless of the authentication method in use and across mobile apps built by different ISVs, and
- Availability Now. Delivering universal mobile SSO using Microsoft Identity can be achieved today, without code or coding anything.
Appdome supports all Microsoft Identity methods, including AD, ADFS, Azure AD, MSAL, and SCEP (with Microsoft Intune). In fact, Appdome’s no-code modern authentication options use standard OAuth 2.0 or ADAL to achieve Cross-App SSO and conditional access among mobile apps. Moreover, Appdome’s no-code standard-legacy authentication options use Appdome’s Cross-App ID and per-resource authentication features to achieve Cross-App SSO and conditional access among mobile apps. In either case, the effect is the same – universal mobile SSO across all apps.
As with other Appdome implementations, there is no coding or development prerequisite to use Appdome for Microsoft Authentication. Therefore, the mobile app itself can be built in any development environment. Additionally, there is no need to add SAML, Open ID Connect or OAuth 2.0 to an app. Likewise, Appdome’s technology adds the service, any relevant standard, and features to the app automatically – in seconds.
As always, happy Fusing!