Abstract image of a woman sitting on books and studying on a laptop

Mobile SSO using NAPPS

Download as PPTX, PDF
Ashish Jain, profile picture
Ashish Jain

The document discusses single sign-on (SSO) for mobile applications. It notes the growth of smartphones and tablets and how users now access work applications from multiple devices. This has led to challenges around authentication and access management across different platforms and applications. The document explores existing SSO methods and standards like SAML and OAuth that aim to provide a common authentication mechanism. It introduces the concept of a "token agent" native mobile application that can obtain access tokens on behalf of other applications to enable SSO functionality and help address issues like separate authentication flows and access token management for each individual application.

Technology
1 of 50
Downloaded 64 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
© 2014 VMware Inc. All rights reserved. Mobile SSO using NAPPS Ashish Jain @itickr CIS 2014
Why is this important ? 0 300 600 900 2009 2010 2011 2012 Smartphones and tablets PC shipments of information workers use three or more devices for w o r k t o i n c r e a s e p r o d u c t i v i t y EXPLOSIVE GROWTH in shipments of smartphones and tablets Sources: IDC, BGR, Forrester FLAT pc shipments New Device Platforms New Apps New User ExpectationsNew Device Platforms BYOD & JIT
The Changing Device Mix 148 141 202 240 128 352 722 1516 0 1000 2000 2012 2017 Smartphone Tablet Portable PC Desktop PC Source: IDC's Worldwide Smart Connected Device Tracker Forecast Data, February 28, 2013 Connected Device Market by Product Category, Shipments, 2012-2017 in Millions
The Changing Device Mix Source: IDC's Worldwide Smart Connected Device Tracker Forecast Data, September 11, 2013 By 2017, 87% of connected devices will be smart phones and tablets
App 1
App 1 App 2 App 3
App 1 App 2 App 3 App 4
App 1 App 2 App 3 AD
App 1 App 3 AD Policy Server App 2
App 1 AD Policy Server App 2 App 3 App 1 AD Policy Server App 2 App 3
App 1 AD Policy Server App 2 App 3 App 1 AD Policy Server App 2 App 3
App 1 AD SAML IdP App 2 App 3 App 1 AD App 2 App 3 Policy Server SAML RP Policy Server SAML
App 1 AD SAML IdP App 2 App 3 App 1 AD App 2 App 3 Policy Server SAML RP Policy Server SAML
App 1 AD SAML IdP App 2 App 3 App 1 AD App 2 App 3 Policy Server SAML RP Policy Server SAML
App 1 AD SAML IdP App 2 App 1 AD App 2 App 3 Policy Server SAML RP Policy Server SAML App 3SAML RP
App 1 AD SAML IdP App 2 App 1 AD App 2 App 3 Policy Server SAML RP Policy Server SAML iOS App App 3SAML RP
App 1 AD SAML IdP App 2 App 1 AD App 2 App 3 Policy Server SAML RP Policy Server SAML iOS App App 3SAML RP
App 1 AD SAML IdP App 2 App 1 AD App 2 App 3 Policy Server SAML RP Policy Server SAML OAuth AS iOS App App 3SAML RP
App 1 AD SAML IdP App 2 App 1 AD App 2 App 3 Policy Server SAML RP Policy Server SAML iOS AppiOS App OAuth ASApp 3SAML RP
App 1 AD SAML IdP App 2 App 1 AD App 2 App 3 Policy Server SAML RP Policy Server SAML iOS AppiOS App OAuth ASApp 3SAML RP
App 1 AD SAML IdP App 2 App 1 AD App 2 App 3 Policy Server SAML RP Policy Server SAML iOS AppiOS App OAuth AS OAuth ASApp 3SAML RP
App 1 AD SAML IdP App 2 App 1 AD App 2 App 3 Policy Server SAML RP Policy Server SAML iOS AppiOS App OAuth AS OpenID Connect OpenID Connect OAuth ASApp 3SAML RP
App 1 AD SAML IdP App 2 App 1 AD App 2 App 3 Policy Server SAML RP Policy Server SAML iOS AppiOS App OAuth AS OpenID Connect OpenID Connect OAuth ASApp 3SAML RP TA
Web SSO Flow 1 2 3 4 SAML IdP RP AD
Mobile App Auth Flow 1 2 4 3 SAML IdP RP / RS AD Mobile App AS 5 6 7 OAuth
Mobile App Mobile App(s) Auth Flow 1 2 4 3 SAML IdP RP / RS AD Mobile App AS 5 6 7 OAuth
Mobile App Auth Flow
IdP Discovery
IdP Discovery
IdP Login
Access to App
Mobile App Auth Flow
IdP Discovery
IdP Discovery
IdP Login
App Access
App Access
Mobile App Mobile App(s) Auth Flow 1 2 4 3 SAML IdP RP / RS AD Mobile App AS 5 6 7 OAuth Issues  Authentication per Mobile App.  No invalidation of access token  No clean up of offline/cached data on device
Mobile App SSO – SP Init
Mobile App SSO – IdP Init
Mobile App SSO
Mobile App SSO
Where are we today ? • Layer 7 • Centrify • Samsung Knox • Google Auth
App 1 App 3 AD Policy Server App 2
Deployment Models • Enterprise in-house native apps • Native App for a SaaS provider • Multiple native apps for a single SaaS provider
NAPPS • OIDF working group • Profile of OpenIDConnect • Participants include (VMware, AirWatch, Ping Identity, Mobile Iron, Okta, OneLogin…)
NAPPS Terminology • Token Agent: Native app that obtains access tokens on behalf of other native apps • AppInfo Endpoint: Endpoint to obtain metadata about apps • Primary Token: OAuth token obtained by TA for its own use • Secondary Token: OAuth token obtained by TA on behalf of other native app
Mobile App SSO 1 23 SAML IdP RP / RS AD Mobile App AS 5 9 OAuth Token Agent 3 PT 6 ST 4 5 7 8
Mobile App SSO
Thank You!

More Related Content

PDF
CIS14: Mobile SSO using NAPPS: OpenID Connect Profile for Native Apps-jain
CloudIDSummit
 
PPTX
Mobile Devices in the Enterprise: What IT needs to know
Ashish Jain
 
PPTX
MDM/MAM/MIM Workshop - CIS 2013
Ashish Jain
 
PPTX
CIS 2015 Mobile SSO
Ashish Jain
 
PDF
Mobile SSO: Give App Users a Break from Typing Passwords
CA API Management
 
PPTX
Single sign-on Across Mobile Applications from RSAConference
CA API Management
 
PDF
apidays LIVE LONDON - API Abuse - Comprehension and Prevention by David Stewart
apidays
 
PPTX
API Abuse - The Anatomy of An Attack
Nordic APIs
 
CIS14: Mobile SSO using NAPPS: OpenID Connect Profile for Native Apps-jain
CloudIDSummit
 
Mobile Devices in the Enterprise: What IT needs to know
Ashish Jain
 
MDM/MAM/MIM Workshop - CIS 2013
Ashish Jain
 
CIS 2015 Mobile SSO
Ashish Jain
 
Mobile SSO: Give App Users a Break from Typing Passwords
CA API Management
 
Single sign-on Across Mobile Applications from RSAConference
CA API Management
 
apidays LIVE LONDON - API Abuse - Comprehension and Prevention by David Stewart
apidays
 
API Abuse - The Anatomy of An Attack
Nordic APIs
 

What's hot (20)

PDF
Wearable Internet Chicken: Exploring the Android Wear Datalayer API
kirgy
 
PDF
apidays LIVE Singapore 2021 - Securing the Open Source supply chain by Liran ...
apidays
 
PPTX
Financial services rely on APIs
Rogue Wave Software
 
PDF
Real-time data with a VaadinDrone in Bluemix at IBM InterConnect 2015
Fredrik Rönnlund
 
PPTX
Zebra Technologies | On designing for the internet of things
Ian Manger, MBA
 
PPTX
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
CA API Management
 
PDF
WE MAKE GRAPHICS BECOME WEB APPS
Jean-Philippe Beaujard
 
PPTX
Null pune 1st March-news bytes
n|u - The Open Security Community
 
PDF
Big on Mobile, Big on Facebook. How the European super startups did it.
Julien Lesaicherre
 
PDF
Is Your API Being Abused – And Would You Even Notice If It Was?
Nordic APIs
 
PPT
What is Android L ?
E2LOGY
 
PDF
Android 6.0 Marshmallow - Top 4 Enterprise Features
Rishabh Software
 
PDF
The state of mobile app security
Mahima Anand Sharma
 
PDF
Wonderware InTouch
Omair Tariq
 
PDF
Ambient Intelligence - Parham Beheshti
WithTheBest
 
PDF
What about Two Factor Authentication?
Sinch
 
PPTX
APIDays Finland 2019 - How to Choose the Ultimate AI Platform
Merja Kajava
 
PDF
Android app installation-dropbox
Maxpromotion
 
PPTX
apidays LIVE New York 2021 - Playing with FHIR without getting burned by Dav...
apidays
 
PDF
LF_APIStrat17_OWASP’s Latest Category: API Underprotection
LF_APIStrat
 
Wearable Internet Chicken: Exploring the Android Wear Datalayer API
kirgy
 
apidays LIVE Singapore 2021 - Securing the Open Source supply chain by Liran ...
apidays
 
Financial services rely on APIs
Rogue Wave Software
 
Real-time data with a VaadinDrone in Bluemix at IBM InterConnect 2015
Fredrik Rönnlund
 
Zebra Technologies | On designing for the internet of things
Ian Manger, MBA
 
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
CA API Management
 
WE MAKE GRAPHICS BECOME WEB APPS
Jean-Philippe Beaujard
 
Null pune 1st March-news bytes
n|u - The Open Security Community
 
Big on Mobile, Big on Facebook. How the European super startups did it.
Julien Lesaicherre
 
Is Your API Being Abused – And Would You Even Notice If It Was?
Nordic APIs
 
What is Android L ?
E2LOGY
 
Android 6.0 Marshmallow - Top 4 Enterprise Features
Rishabh Software
 
The state of mobile app security
Mahima Anand Sharma
 
Wonderware InTouch
Omair Tariq
 
Ambient Intelligence - Parham Beheshti
WithTheBest
 
What about Two Factor Authentication?
Sinch
 
APIDays Finland 2019 - How to Choose the Ultimate AI Platform
Merja Kajava
 
Android app installation-dropbox
Maxpromotion
 
apidays LIVE New York 2021 - Playing with FHIR without getting burned by Dav...
apidays
 
LF_APIStrat17_OWASP’s Latest Category: API Underprotection
LF_APIStrat
 
Ad

Viewers also liked (20)

PPTX
Mobile Single Sign-On (Gluecon '15)
Brian Campbell
 
PPTX
IBM Single Sign-On
Van Staub, MBA
 
PDF
Tjänsteplattform i mtg - 2014 02-05
Advania
 
PPT
SäKerhet I Molnen
Predrag Mitrovic
 
PPTX
2. Day 2 - Identify and SSO
Huy Pham
 
PDF
Twobo LDAP Attribute Store for ADFS
Twobo Technologies
 
PDF
Neo-security Stack
Twobo Technologies
 
PDF
Alfresco: Implementing secure single sign on (SSO) with OpenSAML
J V
 
PDF
CIS13: Mobile Single Sign-On: Extending SSO Out to the Client
CloudIDSummit
 
PPT
Single Sign On - Case Study
Ebizon
 
PPTX
SINGLE SIGN-ON
Shambhavi Sahay
 
PDF
SSO - SIngle Sign On
Tomasz Wójcik
 
PPTX
SSO introduction
Aidy Tificate
 
PPT
Oauth2.0
Yasmine Gaber
 
PDF
OAuth 2.0
Uwe Friedrichsen
 
PPTX
Single sign on
Rob Fitzgibbon
 
PDF
Federation in Practice
ForgeRock
 
PDF
Nordic APIs - Building a Secure API
Twobo Technologies
 
PDF
OAuth and OpenID Connect for Microservices
Twobo Technologies
 
PDF
SAML and Other Types of Federation for Your Enterprise
Denis Gundarev
 
Mobile Single Sign-On (Gluecon '15)
Brian Campbell
 
IBM Single Sign-On
Van Staub, MBA
 
Tjänsteplattform i mtg - 2014 02-05
Advania
 
SäKerhet I Molnen
Predrag Mitrovic
 
2. Day 2 - Identify and SSO
Huy Pham
 
Twobo LDAP Attribute Store for ADFS
Twobo Technologies
 
Neo-security Stack
Twobo Technologies
 
Alfresco: Implementing secure single sign on (SSO) with OpenSAML
J V
 
CIS13: Mobile Single Sign-On: Extending SSO Out to the Client
CloudIDSummit
 
Single Sign On - Case Study
Ebizon
 
SINGLE SIGN-ON
Shambhavi Sahay
 
SSO - SIngle Sign On
Tomasz Wójcik
 
SSO introduction
Aidy Tificate
 
Oauth2.0
Yasmine Gaber
 
OAuth 2.0
Uwe Friedrichsen
 
Single sign on
Rob Fitzgibbon
 
Federation in Practice
ForgeRock
 
Nordic APIs - Building a Secure API
Twobo Technologies
 
OAuth and OpenID Connect for Microservices
Twobo Technologies
 
SAML and Other Types of Federation for Your Enterprise
Denis Gundarev
 
Ad

Similar to Mobile SSO using NAPPS (20)

PDF
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CloudIDSummit
 
PDF
CIS 2015- SSO for Mobile and Web Apps- Ashish Jain
CloudIDSummit
 
PDF
Single Sign-On for Mobile
CA API Management
 
PPTX
Mobile Single-Sign On: Extending SSO Out to the Client - Layer 7's CTO Scott ...
CA API Management
 
PPT
Styr mobile enheder med Mobile Device Management, Martin Vittrup, IBM
IBM Danmark
 
PDF
Mobile Cloud Identity
Mark Diodati
 
PPTX
The Future of Enterprise Identity Management
OneLogin
 
PPTX
Secure mobile content SharePoint Best Practices Conference 2013
Mike Brannon
 
PDF
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
CA API Management
 
PDF
IBM Mobile Foundation POT - Overview of ibm endpoint manager for mobile devic...
AIP Foundation
 
PPTX
CIS 2012 - Going Mobile with PingFederate and OAuth 2
scotttomilson
 
PPTX
Mobile Security for the Enterprise
Will Adams
 
PPTX
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
CA API Management
 
PDF
WSO2Con US 2013 - Securing Cloud and Mobile: Pragmatic Enterprise Security Ar...
WSO2
 
PDF
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CloudIDSummit
 
PDF
CIS13: Gateway to the Enterprise: Supporting SSO in Mobile Apps
CloudIDSummit
 
PDF
CIS 2015- Mobile SSO: Are We There Yet? - Brian Campbell
CloudIDSummit
 
PDF
VMware Workspace One
Jürgen Ambrosi
 
PPTX
Denver Startup Week '15: Mobile SSO
Brian Campbell
 
PPTX
5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...
CA API Management
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CloudIDSummit
 
CIS 2015- SSO for Mobile and Web Apps- Ashish Jain
CloudIDSummit
 
Single Sign-On for Mobile
CA API Management
 
Mobile Single-Sign On: Extending SSO Out to the Client - Layer 7's CTO Scott ...
CA API Management
 
Styr mobile enheder med Mobile Device Management, Martin Vittrup, IBM
IBM Danmark
 
Mobile Cloud Identity
Mark Diodati
 
The Future of Enterprise Identity Management
OneLogin
 
Secure mobile content SharePoint Best Practices Conference 2013
Mike Brannon
 
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
CA API Management
 
IBM Mobile Foundation POT - Overview of ibm endpoint manager for mobile devic...
AIP Foundation
 
CIS 2012 - Going Mobile with PingFederate and OAuth 2
scotttomilson
 
Mobile Security for the Enterprise
Will Adams
 
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
CA API Management
 
WSO2Con US 2013 - Securing Cloud and Mobile: Pragmatic Enterprise Security Ar...
WSO2
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CloudIDSummit
 
CIS13: Gateway to the Enterprise: Supporting SSO in Mobile Apps
CloudIDSummit
 
CIS 2015- Mobile SSO: Are We There Yet? - Brian Campbell
CloudIDSummit
 
VMware Workspace One
Jürgen Ambrosi
 
Denver Startup Week '15: Mobile SSO
Brian Campbell
 
5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...
CA API Management
 

More from Ashish Jain (14)

PPTX
PayPal OpenID User Experience
Ashish Jain
 
PPTX
UsingMiles - OpenID Retail Summit at PayPal
Ashish Jain
 
PPTX
Kodak - OpenID Retail Summit at PayPal
Ashish Jain
 
PPTX
Angies List - OpenID Retail Summit at PayPal
Ashish Jain
 
PPTX
eBay - OpenID Retail Summit at PayPal
Ashish Jain
 
PPTX
Spec Update - OpenID Retail Summit at PayPal
Ashish Jain
 
PPTX
OpenID Retail Summit at PayPal - PayPal Identity
Ashish Jain
 
PPTX
PayPal Identity Services - Innovate 2010
Ashish Jain
 
PPTX
Open Id Summit
Ashish Jain
 
PPTX
Say no to Bottled water
Ashish Jain
 
PPT
Open ID Security Issues
Ashish Jain
 
PPT
Consumer Privacy
Ashish Jain
 
PPT
Identity Enabling Web Services
Ashish Jain
 
PPT
Concordia
Ashish Jain
 
PayPal OpenID User Experience
Ashish Jain
 
UsingMiles - OpenID Retail Summit at PayPal
Ashish Jain
 
Kodak - OpenID Retail Summit at PayPal
Ashish Jain
 
Angies List - OpenID Retail Summit at PayPal
Ashish Jain
 
eBay - OpenID Retail Summit at PayPal
Ashish Jain
 
Spec Update - OpenID Retail Summit at PayPal
Ashish Jain
 
OpenID Retail Summit at PayPal - PayPal Identity
Ashish Jain
 
PayPal Identity Services - Innovate 2010
Ashish Jain
 
Open Id Summit
Ashish Jain
 
Say no to Bottled water
Ashish Jain
 
Open ID Security Issues
Ashish Jain
 
Consumer Privacy
Ashish Jain
 
Identity Enabling Web Services
Ashish Jain
 
Concordia
Ashish Jain
 

Recently uploaded (20)

PDF
Hybrid model detection and classification of lung cancer
IAESIJAI
 
PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
PDF
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
PDF
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
PPTX
Benefits of Physical activity for teenagers.pptx
Nokwanda Thabethe
 
PDF
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
PDF
Five Habits of High-Impact Board Members
OnBoard
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PDF
sustainability-14-14877-v2.pddhzftheheeeee
VenkateshGovindaraja9
 
PPTX
Web Crawler for Trend Tracking Gen Z Insights.pptx
Actowiz Solustions
 
PDF
A contest of sentiment analysis: k-nearest neighbor versus neural network
IAESIJAI
 
DOCX
search engine optimization ppt fir known well about this
StandardCodeLearning
 
PDF
A review of recent deep learning applications in wood surface defect identifi...
IAESIJAI
 
PPTX
O2C Customer Invoices to Receipt V15A.pptx
ssuserbfa915
 
PPT
Module 1.ppt Iot fundamentals and Architecture
nanditha7766
 
PDF
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
PDF
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
PDF
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
PDF
Unlock new opportunities with location data.pdf
Precisely
 
PPTX
observCloud-Native Containerability and monitoring.pptx
anupsingh76937
 
Hybrid model detection and classification of lung cancer
IAESIJAI
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
Benefits of Physical activity for teenagers.pptx
Nokwanda Thabethe
 
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
Five Habits of High-Impact Board Members
OnBoard
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
sustainability-14-14877-v2.pddhzftheheeeee
VenkateshGovindaraja9
 
Web Crawler for Trend Tracking Gen Z Insights.pptx
Actowiz Solustions
 
A contest of sentiment analysis: k-nearest neighbor versus neural network
IAESIJAI
 
search engine optimization ppt fir known well about this
StandardCodeLearning
 
A review of recent deep learning applications in wood surface defect identifi...
IAESIJAI
 
O2C Customer Invoices to Receipt V15A.pptx
ssuserbfa915
 
Module 1.ppt Iot fundamentals and Architecture
nanditha7766
 
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
Unlock new opportunities with location data.pdf
Precisely
 
observCloud-Native Containerability and monitoring.pptx
anupsingh76937
 

Mobile SSO using NAPPS