Your SlideShare is downloading. ×
CIS13: Gateway to the Enterprise: Supporting SSO in Mobile Apps
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

CIS13: Gateway to the Enterprise: Supporting SSO in Mobile Apps

710
views

Published on

Michael Smith, Product Manager, Box …

Michael Smith, Product Manager, Box
Single sign-on support is a prerequisite for any enterprise product, and while SSO has been solved for the web, adapting it to native apps on mobile devices is a tough problem. With the explosion of tablets and mobile devices in business, SSO is a must for any business app developer. In this session learn how Box has tackled SSO in its mobile applications and how it has helped hundreds of other applications build SSO to support some of the biggest enterprises in the world.

Published in: Technology

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
710
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
39
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. 1   Michael  Smith   Mobile  Product  Manager,  Box   Enterprise  enabling  your  app   with  SSO  
  • 2. 2   We  Live  In  A  Whole  New  World   The Cloud Consumer Devices
  • 3. 3   Mobile  Business  Users   Sales  Reps   Field  Engineers   Mobile  Workers  
  • 4. 4   User   Wants   IT   Needs   ü  Easy  to  use   ü  Accessible  anywhere   ü  Social  CollaboraLon   ü  Enterprise  grade  security     ü  Simple  to  deploy  and  maintain   ü  Lower  TCO   The Challenge
  • 5. 5   GePng  Mobility  Right     Enable  Employee  ProducLvity   Address  security  and  compliance  requirements   Make  it  easy  for  IT  to  manage  mobility   1   2   3  
  • 6. 6   Single  Sign  On:  Today  on  iOS  
  • 7. 7   User  Provisioning   Benefits  of  SSO   Access  control   No  password  exchange   1   2   3  
  • 8. 8  8  
  • 9. 9   User  Name   Password   OAuth   SAML  SSO   API  Resource   Access   Granted   AuthenLcaLon   Required  
  • 10. 10   Fun  Facts   SP-­‐ini8ated  SSO   TargetResource  used  to  redirect   to  the  right  API  Auth  page   Uses  iOS  WebView  to  embed  a   browser  
  • 11. 11   More  on  WebViews   NaLve   ApplicaLon   Code   Sets  Webview  URLs   Returns  Redirect   Informa8on  
  • 12. 12       Road  Blocks     Minimize     Taps   Prompted  for   email  address   twice   Webview  security   func8onality   limited  
  • 13. 13   Single  Sign  On:  Samsung  Knox  +   Centrify  
  • 14. 14   Benefits  of  Samsung  Knox  +  Centrify   Mobilize  app  and  service  access   ContainerizaLon  to  separate  work  from  personal   Integrate  mobile  and  applicaLon  administraLon   1   2   3  
  • 15. 15   •  Leveraging  your  exisLng  centralized  idenLty  infrastructure  –  typically  AD   •  Use  PKI  authenLcaLon  for  SSO  to  Exchange,  Wi-­‐Fi  and  VPN   •  Enable  SSO  for  Web  apps  leveraging  federaLon  where  possible   •  Integrate  Mobile  AuthenLcaLon  SDK  to  enables  SSO  for  custom  applicaLons   Mobilize  App  and  Service  Access  
  • 16. 16   Mobilize  Apps  with  Zero  Sign-­‐On   Cloud     Proxy  Server   IDP as a Service Firewall Move  to  federated  app   authenLcaLon     Ensure  Device  Security     Integrate  Mobile  App   AuthenLcaLon     Works  great  for  one  mobile  app,     but  what  about  mul8ple  apps  on  the   device?   Web Application Mobile OS Mobile App Mobile Auth SDK MDM Step 2 One time user authentication & device registration Step 1 Web Application Registration Step 4 Token based Authentication Step 3 Token Generation ID  
  • 17. 17   •  Secure  Container  built  on  a  Secure  OS  for  both  security  and  usability   •  Provides  dual  persona  usage  of  popular  mobile  applicaLons   •  SSO  for  all  apps  in  container  -­‐  enabling  the  laptop  experience  on  a  mobile  device     ContainerizaLon  Separates  Work  From  Personal  
  • 18. 18   •  MulL-­‐applicaLon  SSO  is  built   into  the  Knox  Container   •  The  container  idenLfies  the   user  to  the  apps   •  The  container  can  get  AD   abributes  for  the  apps   •  Apps  can  request  security   tokens  for  their  web  app/ service   ContainerizaLon  with  MulL-­‐App  SSO   Cloud     Proxy  Server   IDP as a Service Firewall Web Application SE Android Step 2 One time user authentication & Container registration Step 1 Web Application Registration Step 4 Token based Authentication ID   Knox Container Mobile App 2 Mobile Auth SDK Enterprise SSO Mobile App 1 Mobile Auth SDKPersonal App Step 3 Token Generation
  • 19. 19   •  Dual  persona  enables  usage  of  the  same  app  with  different  personaliLes   – Personal  Mail  on  the  device,  Business  Mail  in  the  container   – Personal  Box  account  on  the  device,  Business  Box  account  in  the  container   ContainerizaLon  for  Personal  and  Work  Use   Office 365: david.mcneely@centrify.com Box: david.mcneely@centrify.com Mail: david@mcneely.com Gmail: dfmcneely@gmail.com Box: david@mcneely.com
  • 20. 20   •  Enabling  IT  to  manage  security  policies  for  Mobile,  WorkstaLons  and  Servers   •  Unifying  ApplicaLon  management  into  one  interface  for  Mobile,  Web  and   SaaS  ApplicaLons   •  Leveraging  automated  lifecycle  management  through  AD   Integrated  Mobile  and  App  AdministraLon  
  • 21. 21   •  Mobile  device  security  policies   follow  the  user’s  account   lifecycle  automaLcally   •  Policy  changes  automaLcally   apply  to  devices  the  user   enrolled:   Integrated  AdministraLon  Follows  User  Lifecycle   User enrolls their own devices Update device security settings or new group de-provision device Lock account and full device wipe Delete or disable account and de-provision device Active Directory
  • 22. 22   GePng  Mobility  Right     Enable  Employee  ProducLvity   Address  security  and  compliance  requirements   Make  it  easy  for  IT  to  manage  mobility   1   2   3  
  • 23. 23  23