The advent of mobile phones put enormous amounts of computing power in the hands—quite literally—of end users. “Anyness” (any app, any device, anywhere) is now expectation, but it needs to happen in a secure way.
Several recent technological advances have made this possible, including mobile device management (MDM, aka freedom from being domain joined). And now with the digital workspace, employees can work conveniently, securely and with more freedom than ever possible before.
The Single Sign-On Advantage
Enter one-touch single sign-on (SSO). As the name suggests, SSO gives users instant access to multiple web, native mobile, virtual and Windows applications in just one touch. With SSO, users provide credentials (or prove their identity) on fewer occasions, creating more convenient, efficient end-user experiences.
SSO also offers a big, often overlooked security advantage: cryptography. Done right, with digital certificates and modern security standards, SSO is actually a more secure mechanism than challenging the user for credentials!
Done right, with digital certificates and modern security standards, SSO is actually a more secure mechanism than challenging the user for credentials!
SSO for Native Mobile Apps
Many vendors have struggled to provide SSO on native mobile apps. Apps are written by very large vendors you hardly know, and you are only one of their zillion customers.
In the brave new world of apps and cloud services, companies are looking to vendors to help solve the problem. It is technically possible with wrapped apps, and today it is almost trivial for browser-based apps thanks to SAML, WS-Fed and browser redirects. However, native mobile apps continue to be a challenge.
How do we do it?
VMware is the first vendor to support one-touch mobile SSO for native mobile apps with Workspace ONE.
Workspace ONE leverages native features available on the three major mobile platforms: iOS, Android and Windows 10. All the niceties offered by Workspace ONE around SSO for native apps are based on APIs offered by the respective operating systems (OSs).
More importantly, VMware offers a single pane of glass for administration that does not require the IT department to know or understand how the various OSs differ from each other. VMware also “compensates” for missing functionality in some cases (e.g. Android), bridges “old” functionality in some cases (e.g. iOS and Kerberos) and simply provides support in some cases (e.g. Windows 10).
All three schemes, with minor differences, rely upon three things:
- The registration process, when an end user authenticates and enrolls the device in MDM. At the end of the registration process, a certificate—signed by a company-approved certificate authority—is provisioned on the device, which ties the device to the user. This certificate can be internal or public and can be revoked at any time.
- The ability to intercept traffic between an app and its cloud-based resources. Unbeknownst to the end user, VMware technology helps the device and the user prove their identity to cloud-based resources, thus ensuring that we challenge the user only when absolutely necessary (e.g. when the certificate expires and the user needs to obtain a new one).
- The ability to translate individual platform behavior (across various OSs) to “standard” behavior. This ensures the end-user experience is exactly the same on all platforms, and as a result, IT administrators do not have to worry about the differences between platforms.
VMware is the first vendor to support one-touch mobile SSO for native mobile apps with Workspace ONE. If you are interested in learning more about how we enable this functionality, read our white paper here: Delivering Security & One-Touch SSO for Native Mobile Apps on Any Device with Workspace ONE.
If you’d like to find out more about how Workspace ONE can help you, contact us here to request your own personalized demo.