Single Sign-On (SSO) is an authentication method that allows a user to sign in to multiple applications with a single login credential.
This Knowledge Base article provides step-by-step instructions for using Appdome to add Mobile SSO to any iOS or Android app without coding
We hope you find this knowledge base useful and enjoy using Appdome!
Using Appdome, there are no development or coding prerequisites. For example, there are no Appdome SDK, libraries, or plug-ins to implement. Likewise, there are no required infrastructure changes and no dependency on SAML, OAuth, OpenID Connect or any other authentication standard inside the app. The Appdome technology adds any 3rd SSO service and relevant standards, frameworks and more to the app automatically, with no manual development work at all. Using Appdome, mobile apps will use the SSO service you selected to authenticate users as if the SSO service was natively coded to the app.
Appdome is a mobile integration platform as a service (iPaaS) that allows users to add a wide variety of features, SDKs, and APIs to Android and iOS apps. Using a simple ‘click to add’ user interface, Appdome allows anyone to easily integrate any SSO service to any mobile app – instantly, no code or coding required.
A protected resource is any network resource that requires a mean of authentication in order to gain access. An app may try to access multiple resources which are governed by different authentication providers. To ensure seamless access, the SSO configuration allows to create a profile for each authentication provider profile and associate the protected resources it governs.
Once the app tries to access a protected resource, Appdome Single Sign-On will verify that the application is authorized. The application’s requests are considered unauthorized if the HTTP status code in the response from the protected resource differs from 200 (the standard HTTP code for success). If the request is unauthorized until the authentication process has completed all subsequent calls to the protected resource by the application will be stopped. This course of action maintains a good user experience since not all applications are equipped to handle unauthorized responses from protected resources (such as HTTP status code 401).
When the authentication process initiates, a browser will launch automatically navigating to Hub URL. The user will be asked to enter credentials and upon successful authentication, the authentication provider will redirect the user to a predefined Authentication Successful URI. At this point, the authentication provider will supply a token that will be used later to access the protected resource. The token’s format may vary between authentication providers and methods, such as HTTP cookies, OpenID or proprietary formats.
Appdome’s Session Management will add the authentication result, proof that the user is authorized to access the resource, to the application’s requests when needed to ensure that all requests are authenticated and able to access the protected resource. In addition, any event of authentication token or cookies expiration, Appdome Single Sign-On will kick into action to either extend the token expiration if possible or initiate the authentication browser again.
In order to use Appdome’s no code implementation of SSO on Appdome, you’ll need:
Follow these step-by-step instructions to add SSO to Any Mobile App:
Please follow these steps to add a mobile app to your Appdome account.
If you don’t have an Appdome account, click here to create an account.
Select the Build Tab. Note: a blue underline will appear showing the step is active
Beneath the Build Tab, you will find several service options. Select Identity. Note: a blue highlight will appear showing the category is active.
The following KB articles include the details on how to add SSO to any mobile app per identity provider:
Once you add Mobile SSO to your iOS or Android app, this set of unique features enables you to further manage and control SSO behavior for the Built app.
When finished, click Build My App.
Congratulations! You now have a mobile app fully integrated with Cross-App ID.
Building Single Sign-On inside Android and iOS apps involves several significant considerations. Perhaps the most significant consideration is “where” and “when” the SSO workflow will take place inside the app. Usually, an SSO workflow is initiated at the start of a login sequence. In this use case, the client and the server are built to handle the basic authentication sequence (User –> launches app –> enters credentials –> credentials verified by the server –> user issued a token or cookie allowing access to the app).
But, what if the app developer hasn’t or doesn’t want to build the app to support basic authentication? Or, what if the app developer wants more than the username and password provided in the basic authentication workflow (e.g., access to user details available in new authentication methods)? In these cases, Appdome-Threat Events provide a framework to pass user details contained in an OpenID and SAML authentication response to the app developer. This framework allows new flexibility to create custom SSO workflows inside an app using industry-standard methods to retrieve and pass user details between authentication services and mobile apps.
Organizations use their Identity Providers (IdPs) like Azure AD, Okta, Ping, etc. These authentication services usually connect on the backend to a store of user data and use SAML or OpenID to handle authentication requests. Using SAML and OpenID, applications have access to all the user and authentication details returned by the server backend (i.e. any data the backend implements).
Read this KB article to learn how to build custom SSO workflows in your apps.
Now that you know how to add SSO to any mobile app on Appdome, there are a few additional steps needed to complete your mobile integration project.
Appdome is a full-featured mobile integration platform. Within Context™, Appdome users can brand the app, including adding a favicon to denote the new service added to the app.
For more information on the range of options available in Context™, please read this knowledge base article.
In order to deploy an Appdome Built app, it must be signed. Signing an iOS app and Signing an Android app is easy using Appdome. Alternatively, you can use Private Signing, download your unsigned app and sign locally using your own signing methods.
Once you have signed your Appdome Built app, you can download it to deploy it using your distribution method of choice. For more information on deploying your Appdome Built apps, please read this knowledge base.
That is it – Enjoy Appdome for Single Sign-On in your app!
To learn more about how you can add SSO to any mobile app, Check out Appdome for SSO+ blog or request a demo at any time.
Please view our video on Building app(s) with SSO here.
To zoom out on this topic, visit Appdome for Mobile Identity on our website.
If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.
Thanks for visiting Appdome! Our mission is to make mobile integration easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.