Authenticating Enterprise Users into Mobile Apps2. CONFIDENTIAL
»
©2013
SYMPLIFIED
»
symplified.com
»
@symplified
»
2
Symplified
Overview
» Launched
in
2008;
Founded
by
co-‐authors
of
SAML
» Headquartered
in
Boulder,
CO;
OperaTons
across
US,
Europe,
Asia
» Single
Sign-‐On
• Simplify
user
access
to
internal
and
external
applicaTons
• Any
user,
any
device,
any
locaTon
• AuthenTcaTon,
directory
integraTon,
access
control,
centralized
provisioning,
strong
authenTcaTon
» Iden7ty
&
Access
Management
• Centralized
control
&
visibility
over
applicaTon
access
and
usage
• Meet
security,
compliance
and
audit
reporTng
requirements
3. CONFIDENTIAL
»
©2013
SYMPLIFIED
»
symplified.com
»
@symplified
»
3
Mobile
Developer
SDK
• New
Symplified
Mobile
Developer
SDK
» Enterprise
mobile
app
developers
today
have
no
easy
way
to
quickly
build
authenTcaTon
into
their
apps
and
connect
it
with
exisTng
idenTty
infrastructure
• What
does
the
SDK
do?
» The
new
Mobile
Developer
SDK
allows
developers
to
quickly
and
easily
build,
test
and
deploy
authenTcaTon
and
SSO
for
their
naTve
mobile
apps
• Where
is
it
available?
» As
an
open
source
library
in
the
Xamarin
component
store
starTng
TODAY
» GitHub:
github.com/symplified/Symplified.Auth
4. CONFIDENTIAL
»
©2013
SYMPLIFIED
»
symplified.com
»
@symplified
»
4
Why
Create
a
SSO
Component?
• No
off
the
shelf
solu7on
today
» Enterprise
app
developers
spend
much
of
their
Tme
building
authenTcaTon
into
apps
just
to
connect
to
idenTty
infrastructure,
such
as
AcTve
Directory,
LDAP
or
other
user
directories
• Need
for
a
common
iden7ty
plaCorm
» Without
a
common
idenTty
pladorm,
implementaTons
can
lead
to
security
vulnerabiliTes,
inconsistent
policy
enforcement,
bad
user
experience,
and
very
liele
visibility
into
user
behavior
• More
7me
for
building
true
app
func7onality
» Using
an
idenTty
pladorm
and
extending
it
to
naTve
mobile
apps
frees
up
developers
to
do
what
they
do
best
-‐
create
funcTonality
• The
Symplified
Mobile
Developer
SDK
solves
these
challenges
» Allows
developers
to
quickly
and
easily
build,
test
and
deploy
authenTcaTon
and
single
sign-‐on
(SSO)
for
their
naTve
mobile
apps
» Securely
connects
those
apps
to
exisTng
enterprise
user
stores,
such
as
AcTve
Directory,
LDAP
and
others
5. CONFIDENTIAL
»
©2013
SYMPLIFIED
»
symplified.com
»
@symplified
»
5
Features
• NaTve
Mobile
ApplicaTon
Enterprise
IdenTty
IntegraTon
• Full
SAML
2.0
ImplementaTon
–
The
naTve
app
is
the
Service
Provider
• Client-‐Side
AuthenTcaTon
• SAML
AsserTon
to
OAuth
2
Token
Bridge
• Free
SAML
2.0
IdenTty
Provider
Sandbox
6. CONFIDENTIAL
»
©2013
SYMPLIFIED
»
symplified.com
»
@symplified
»
6
Symplified
SAML
IdenTty
Provider
Sandbox
idp.symplified.net
• SAML
2.0
IdenTty
Provider
• Free
For
TesTng
7. CONFIDENTIAL
»
©2013
SYMPLIFIED
»
symplified.com
»
@symplified
»
7
What
Is
SAML?
• Security
• AsserTon
• Markup
• Language
9. CONFIDENTIAL
»
©2013
SYMPLIFIED
»
symplified.com
»
@symplified
»
9
IdenTty
Provider
Metadata
I
Trust
This
Person
10. CONFIDENTIAL
»
©2013
SYMPLIFIED
»
symplified.com
»
@symplified
»
10
Using
SAML
AsserTon
As
OAuth2
AuthenTcaTon
Grant
11. Ques7ons?
Symplified
Mike
Gile
Senior
Mobile
Developer
mgile@symplified.com
+1
(713)
263-‐4840
@symplified
symplified.com
Xamarin
David
Hathaway
Enterprise
Customer
Success
Manager
david.hathaway@xamarin.com
+1
(415)
562-‐4167
@dwhathaway
xamarin.com
12. CONFIDENTIAL
»
©2013
SYMPLIFIED
»
symplified.com
»
@symplified
»
12
Mobile
SDK
–
Key
Features
• Extend
Symplified
to
Na7ve
Mobile
Apps
» Symplified
acts
as
the
idenTty
bridge
between
naTve
mobile
apps
and
exisTng
idenTty
infrastructure,
allowing
use
of
a
company’s
user
stores
(such
as
AcTve
Directory,
LDAP
or
others)
to
authenTcate
users
• Leverage
Any
3rd
Party
IdP
» Use
any
third
party
IdP
that
supports
SAML
for
authenTcaTon
against
exisTng
enterprise
idenTty
infrastructure
• Supports
Mul7ple
Iden7ty
Repositories
» Developers
can
leverage
and
span
mulTple
idenTty
repositories
such
as
AcTve
Directory,
LDAP,
Databases,
SOAP
and
REST
services;
external
Social
directories
(Google,
Facebook,
etc.);
and
more
to
authenTcate
users
• Seamless
Access
» Users
and
admins
now
have
the
same
level
of
app
security
and
accessibility
across
desktops,
laptops
and
mobile
devices
-‐
with
one
set
of
credenTals
13. CONFIDENTIAL
»
©2013
SYMPLIFIED
»
symplified.com
»
@symplified
»
13
AddiTonal
Tools
&
Support
• The
Symplified
Iden7ty
Provider
(IdP)
Sandbox
» A
custom,
hosted
IdP
environment
for
developers
to
build
and
test
authenTcaTon
in
their
apps
using
the
Symplified
Mobile
Developer
SDK
• API
Documenta7on
» Complete
documentaTon
and
sample
code
• Community
Resources
» Free
support
via
online
communiTes
for
communicaTng
and
collaboraTng
amongst
peers
and
Symplified
experts
• Open
Source
» Distributed
as
an
open
source
library
under
the
Apache
2.0
license,
and
readily
available
on
Github