Secure mobile apps with Multi-Factor Authentication and Single Sign-On
With the increased usage of mobile devices such as smart phones and tablets, most applications today can also be used from a mobile device.
This is great! I can do different type of work, such as writing emails, add prospects to the CRM system, when I sit on the bus or work from home!
But what about security?
As the CIO, if I use multi-factor authentication (MFA) for secure authentication I like to make sure it is also used to secure the mobile apps employees are using.
Can this be done? Is there a standardized way to achieve this to simplify and control the app integration process? And how do we make it simple for the end user? Is Single Sign-On (SSO) an option?
There is a number of different MFA methods to solve this, such as PhenixID One Touch, that also suits mobile devices well. It is a no-brainer.
Integration between the app and the authentication service to achieve SSO has been more difficult to accomplish – up until now!
Traditionally, the way to integrate web apps with an authentication service is called federation. Federation is a widely-used standard but it has limitations when it comes to mobile apps. As the standard relies on tokens shipped via the user agent, the mobile app must add a web component (mini browser) into the app. This will make application integration tedious and SSO will not be feasible.
There are also proprietary APIs to facilitate app integration. SSO will not be feasible though.
Another option is to use OpenID Connect (OIDC).
OIDC is an open standard targeted to both web and mobile applications.
OIDC is built upon oAuth2. It’s really oAuth 2.0 + an identity token which is used for authentication.
OIDC use the browser on the mobile device to keep track of the user session against the authentication service. Once the user authenticated, the session is established. Apps will fetch the signed identity proof, called an assertion, through an API call.
OIDC secures identity tokens and simplifies the addition of MFA for a developer. It also makes SSO feasible to simplify for end users. Access- and authentication policies can be applied to a single point to increase control.
With OIDC, you could also consume external OIDC tokens. This may be useful if you would like to secure app access for external user identities, such as customers or suppliers.
With PhenixID as the OpenID Connect provider, you can secure, simplify and control mobile apps access in your organization.