Ping Identity is an industry-leading cloud identity provider. Ping Federate enables outbound and inbound solutions for single sign-on (SSO). Of course, not all mobile apps come pre-built with the standards (e.g., SAML or Open ID Connect) necessary to support Ping Federate. And, not all mobile apps come pre-built to rely on and trust Ping Federate for sign in.
This Knowledge Base article provides step-by-step instructions for using Appdome to add Ping Federate to any Android and iOS mobile app. Using Appdome to add Ping Federate, the mobile app will rely on and trust Ping Federate and include the in-app mechanisms to securely store, use, retrieve and update the authentication credentials passed from Ping Federate to the mobile app.
We hope you find this knowledge base useful and enjoy using Appdome!
About No Code Ping SSO on Appdome
The following diagram illustrates the Single-Sign-On flow within the app when integrating Ping as a cloud provider:
- The application sends a request to reach an unauthorized resource (protected by a gateway, AD, or the app server itself)
- The server protecting the resource responds with 401 or 30X response since the request is not authorized
- Appdome identifies the response for the protected resource and opens an internal Webview within the built App
- The internal Webview is opened on the Ping Hub URL
- The user can now authenticate using any authentication method the hub URL requires, during the authorization session, the cookies and authorization token are received
- The Ping server redirects to the successful URI since the authorization succeeded
- Appdome identifies the successful URI redirect and closes the internal Webview, thus returning the view to the original app
- Once the app tries to reach the protected resource, Appdome will attach the authorization header or cookies to the outgoing request, the gateway will trust these credentials, and the app will reach the protected resource successfully
Appdome is a mobile integration platform as a service (iPaaS) that allows users to add a wide variety of features, SDKs, and APIs to Android and iOS apps. Using a simple ‘click to add’ user interface, Appdome allows anyone to easily integrate Ping Federate to any mobile app – instantly, no code or coding required.
Using Appdome, there are no development or coding prerequisites. For example, there is no Appdome SDK, libraries, or plug-ins to implement. Likewise, there are no required infrastructure changes and no dependency on SAML, OAuth, OpenID Connect or any other authentication standard inside the app. The Appdome technology adds Ping Federate and relevant standards, frameworks and more to the app automatically, with no manual development work at all. Using Appdome, mobile apps will use Ping SSO to authenticate users as if Ping SSO was natively coded to the app.
Prerequisites for Using Appdome for Ping SSO
In order to use Appdome’s no code implementation of Ping SSO on Appdome, you’ll need:
- Appdome account – IDEAL or Higher
- Mobile App (.ipa for iOS, or .apk or .aab for Android)
- Ping Hub URL
- Authentication Successful URI
- Ping Triggering URI
- Ping Client ID (Application id)
- Signing Credentials (e.g., signing certificates and provisioning profile)
Login to your Ping Federate and retrieve the Ping Client ID. If you did not register an app in Ping yet, you can see How to Register Apps in Ping Federate.
How to Add Ping SSO to Any Mobile App on Appdome
Follow these step-by-step instructions to add Ping Federate to Any Mobile App:
Upload a Mobile App to Your Account
Please follow these steps to add a mobile app to your Appdome account.
If you don’t have an Appdome account, click here to create an account.
From the Build tab, Add Ping Identity
- Select the Build tab. Note: a blue underline will appear showing the step is active
- Select the Authentication category. Note: a blue highlight will appear showing the category is active.
- Enable Authentication Profiles and Select Ping Identity Cloud from the drop-down menu.
- You can add specific URLs for Protected Resources to apply the authentication to, or leave “all” to apply to all URLs accessed by the app.
- Enter the URL for your OAuth Server Authorization Endpoint.
- Enter the URI for Redirect URI.
- If your deployment uses Open ID, enable OpenID Authentication
- Enter the Client ID
- Enter the OAuth Server Token Endpoint
- Enter the Client Secret (Optional)
- Add additional Scopes (Optional)
- Click Build My App
The technology behind Build My App has two major elements – (1) a microservice architecture filled with 1000s of code sets needed for mobile integrations, and (2) an adaptive code generation engine that can recognize the development environment, frameworks and methods in each app and match the app to the relevant code-sets needed to add Ping SSO to the mobile app in seconds. For example, the technology of Open-ID Connect and Webview authentication, work that ordinarily a developer would need to do.
Congratulations! You now have a mobile app fully integrated with Ping SSO.
Building Custom Ping SSO Workflows Inside Android and iOS Apps
Building Ping Single Sign-On inside Android and iOS apps involves several significant considerations. Perhaps the most significant consideration is “where” and “when” the SSO workflow will take place inside the app. Usually, an SSO workflow is initiated at the start of a login sequence. In this use case, the client and the server are built to handle the basic authentication sequence (User –> launches the app –> enters credentials –> credentials verified by the server –> user issued a token or cookie allowing access to the app).
But, what if the app developer hasn’t or doesn’t want to build the app to support basic authentication? Or, what if the app developer wants more than the username and password provided in the basic authentication workflow (e.g., access to user details available in new authentication methods)? In these cases, Appdome-DEV Events provide a framework to pass user details contained in an OpenID and SAML authentication response to the app developer. This framework allows new flexibility to create custom SSO workflows inside an app using industry-standard methods to retrieve and pass user details between authentication services and mobile apps.
Ping authentication services usually connect on the backend to a store of user data and use SAML or OpenID to handle authentication requests. Using SAML and OpenID, applications have access to all the user and authentication details returned by the server backend (i.e. any data the backend implements).
Read this KB article to learn how to build custom Ping SSO workflows in your apps.
After Adding Ping SSO to a Mobile App on Appdome
After you have added Ping SSO to any Mobile App on Appdome, there are a few additional steps needed to complete your mobile integration project.
Add Context™ to the Appdome Built App
Appdome is a full-featured mobile integration platform. Within Context™, Appdome users can brand the app, including adding a favicon to denote the new service added to the app.
For more information on the range of options available in Context™, please refer to this knowledge base article.
Sign the Ping SSO Enabled Appdome Built App (Required)
In order to deploy an Appdome Built app, it must be signed. Signing iOS apps and Signing Android apps are easy using Appdome. Alternatively, you can use Private Signing, download your unsigned app and sign locally using your own signing methods.
Deploy the Appdome Built App to a Mobile Device
Once you have signed your Appdome Built app, you can download to deploy it using your distribution method of choice. For more information on deploying your Appdome built apps, please read this knowledge base.
That is it – Enjoy Appdome for Ping Cloud SSO in your app!
How Do I Learn More?
Check out Appdome for SSO+ blog or request a demo at any time.
If you have any questions, please send them our way at firstname.lastname@example.org or via the chat window on the Appdome platform.
Thanks for visiting Appdome! Our mission is to make mobile integration easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.