One of the key things I love about working at Appdome is solving very difficult problems in mobile. This time we’re solving SSO inside an enterprise mobility suite like Blackberry, AirWatch, MobileIron, etc. This is HUGE, bigger in many ways than adding the SDK to apps in seconds.
What is the problem?
Apps typically handle user authentication via a standard username and password provided by app vendors. For apps residing “inside” an EMM, users have to authenticate twice - first with the EMM and then with the app - in each case using different usernames and passwords. This is not the end-user experience most people want or expect.
The ideal user experience is for the user to authenticate or SSO to the EMM and that’s it. But to make that happen, the app has to trust the EMM system and rely on its authentication for user sign in. There are different authentication protocols that would allow for an app to “trust” the EMM and allow the EMM to be used to sign the user into the app automatically. The most common protocols are Kerberos and Kerberos Constrained Delegation (KCD).
Here’s the problem, while most EMMs support Kerberos and KCD, most apps don’t. Building a Kerberos and KCD authentication flow is difficult and most app developers don’t see a reason to code this in their apps. Yikes!
What is Mobile App Pre-Authentication by Appdome?
Several of our customers had worked for months trying to make their EMM’s Kerberos or KCD support work with their desired app. The result? A lot of hard work, missed deadlines and still no avail. The technical difficulties were too big to overcome without the vendors implementing the protocol in the same way. For ISVs and EMMs to make significant changes to their source code to support the same authentication workflow is out of the question in most cases.
Appdome created Mobile App Pre-Authentication and added it to our Appdome Mobility Suite. Appdome’s Mobile App Pre-Authentication now allows a Fused app to trust an EMM‘s authentication so that users can automatically sign into the app once they are correctly signed into the EMM. Appdome’s Mobile Pre-Authentication supports Kerberos, Kerberos Constrained Delegation (KCD), SAML and OAuth. Yes!
How easy is it to use Mobile App Pre-Authentication by Appdome?
It’s super easy to use Mobile App Pre-Authentication! The steps on the Appdome platform are very simple. Just toggle on “Appdome PreAuth” and add the Pre-Authentication URL. And with a single click, Pre-Authentication is Fused with the app, in minutes, no-code required.
Customers are using Mobile App Pre-Authentication by Appdome today! Organizations take an app, like SAP Fiori, fuse the BlackBerry Dynamics SDK and turn on the KCD protocol and viola, everything works seamlessly! Months of work evaporate, the app and the delegation works and users get the seamless sign-on experience everyone wanted.