We’re excited to be in Vegas to attend Oktane ’18 as a sponsor and Okta partner. We are showcasing a new mobile identity service called Appdome for SSO+, which enables enterprises to add native single sign-on (SSO) to any mobile app instantly, without coding.
This new service allows enterprises to easily add single sign-on from their cloud identity provider of choice (like Okta or Microsoft Azure AD) to any mobile app on-demand. This new service will help enterprises accelerate their move to cloud-based identity.
Migrating to cloud-based identity and SSO
If you’re the CIO of a medium or large enterprise, you’re likely to deal with some form of strategic ‘digital transformation’ initiative that might involve a daunting migration from on-premise to cloud identity services. Mobile is starting to play a much bigger role in this transition. There might also be occasions where you’ve pondered on how to pull it all off.
You’re not alone. Delivering a unified identity and access control solution for all your mobile apps can be a daunting challenge. First, I’ll describe some of the challenges enterprises face when implementing SSO in their mobile apps. Then I’ll tell you about an easier way to do it.
Challenges delivering SSO in mobile apps
Perhaps you’ve started moving your desktop apps to the cloud. Maybe you’re using Okta, Azure AD, Ping, or OneLogin to deliver SAML-based SSO for your desktop cloud apps, and that’s gone reasonably well. Now you’re ready to enable all your mobile apps with SSO, since you need to provide a unified authentication experience across all access channels.
Maybe you have 50 to 100 mobile apps connecting to critical systems of record, all tied in to your on-prem AD store. These back-end services may be old monolithic systems, many of which aren't API enabled. Your mobile apps may be written in different frameworks or dev environments, ranging from Cordova, Swift, Kony, SAP, X-code or Android Studio. Some are hybrid apps that you’ve tried to refactor over the years, and a few were written in React Native. Maybe 25% of those apps have SAML 2.0, OIDC, OAuth2, or other modern authentication standards. But most use legacy enterprise authentication protocols like KCD, Kerberos and ADFS.
SAML 2.0 or OpenID Connect?
If you’ve tried to add SAML to a handful of those ‘vintage’ apps, you would have realized that the process is actually quite complex. What if your legacy backend only communicates over Kerberos, and you learned that making the two co-exist is not feasible?
For the apps that you actually did integrate SAML, your dev project took MUCH longer than expected and your developers ran into several near project-killing ‘framework dependencies’. Ever try adding SAML to an app written in Ionic or React Native? It's alot harder than you think.
For some apps, you switched gears and implemented OpenID Connect, because you were told it’s easier, more secure and more ‘mobile friendly’ than SAML. All true statements, but OIDC is also not ‘prescriptive’; it leaves many implementation decisions up to the mobile developer or ISV. Inconsistent implementation decisions can create unfavorable user experiences and/or security issues. Additionally, now you need to decide if you should upgrade all apps from SAML to OpenID Connect. This all requires manual work, and you are not in control of the development schedules, especially for ISV apps.
You don’t want SSO ‘with strings attached’
It is ideal to deliver simple, native SSO for all your mobile apps – giving users one set of credentials to authenticate to all apps. But with all these dependencies, you’ve ended up with something far less optimal than the simplified SSO experience you set out to achieve. This usually embodies itself in some combination of the following: Multiple authentication flows with different sets of credentials, or a clunky webview inside the app, or a separate app required to authenticate (not the delightful user experience that you expected). Or maybe you delayed/postponed SSO for your mobile apps, thinking it was just too hard or risky.
So where does all this leave enterprises in terms of adding SSO to their mobile apps?
A better way to implement SSO in mobile apps:What if I told you there was:
- A better, faster, and more secure way to add SSO to all your mobile apps?
- A solution which reduces risk by eliminating dependencies on factors you can't control (like ISV development schedules or broad adoption of specific authentication standards)?
- A solution which let’s you migrate legacy on-prem apps to a modern cloud-based authentication solution – at your own pace?
That is EXACTLY what Appdome for SSO+ gives you:
- without coding SAML 2.0 or OpenID Connect
- without platform or framework dependencies
- without ISV or developer dependencies
- without infrastructure or backend changes
- without duplicate sign-on workflows
Sound too good to be true? Watch this video and tune in to my next blog to learn more!