AssureBridge Mobile Connect™ is a powerful platform for companies that would like to quickly roll out secure mobile applications allowing users to authenticate using their enterprise/corporate credentials.

AssureBridge Mobile Connect™ provides:

  • Secure Access for Mobile Applications using the industry-standard Open Authentication (OAuth 2.0) protocol
  • The ability for users to sign on via mobile applications using their companies existing Active Directory, LDAP, SAML, OpenID or WS-Federation sign-on service
  • Protocol bridging between OAuth and other sign-on services
  • Seamless single sign-on between multiple mobile applications on a single device
  • Support for a variety of mobile devices including iPad, iPhone, Android, and smart phones
  • The ability for service providers to provide single sign-on to their customers over mobile devices
  • Secure sign-on without the need to store user passwords on the mobile device

There are a number of mobile access challenges. The following diagram outline some of the key ones that every service provider faces when they embark to offer secure enterprise mobile access.

KeyMobileAccessChanllenges

 

AssureBridge Mobile Connect™ addresses all these challenges and delivers a robust, enterprise-class mobile access solution to your customers in record time.

Distributed User Identities and Various Authentication Mechanisms

It is possible that your application user identities are stored in multiple directories across the enterprise as well as in external directories that belong to your customer or partner firms. The latter situation is often encountered by SaaS providers as their users come from customer companies, which prefer that the identities are stored in their own on-premise directories.

Complexity of Enterprise Mobile Services Environment

Complexity of Enterprise Mobile Services Environment

AssureBridge Mobile Connect™ provides a Identity Provider Integration Nexus™ which automatically directs mobile users to the correct directory whether it be Active Directory, LDAP, SAML, Google Apps, or a custom database.  Mobile users experience a single, consistent login regardless of the number of back-end directory stores.

Depending on which directory stores a particular user identity, the authentication process for that user will be different.  For example:

  • if the user identity is in a local LDAP directory, the user can be authenticated against that LDAP directory using the standard JNDI binding/lookup mechanism
  • if the user’s identity is managed in an external Identity Management system (e.g. CA SiteMinder or Tivoli Access Manager), the preferred secure way to authenticate this kind of user is via the standard SAML 2.0 based series of SSO steps
  • if the user’s identity is management by a 3rd party application or in an external database, the  users are authenticated against the 3rd party application (e.g. a Liferay Portal) via a custom pluggable authentication service

Support for 3rd Party Integration

Companies often work with partners when establishing a mobile presence.  There are two types of potential 3rd party integrations that can be required when delivering mobile applications to users:

  • As part of a mobile marketplace, multiple applications reside on a single, mobile device. To provide a seamless experience, you will need a robust SSO solution so the users using both your applications and those of your partners are not repeatedly asked to enter their credentials.
  • It is often a case that application providers would like to access back-end business services (e.g. product list, on-line photo store, etc.) from their partners. In this situation a back-end SSO solution is required to ensure that the partners’ back-end mobile services are accessible in a secure way and the users are not repeatedly prompted for their credentials.

AssureBridge Mobile Connect™  allows multiple applications, potentially developed and hosted by different organizations, to operate seamlessly together on a mobile device.

The following diagram shows potential partner integration linkages when delivering mobile business applications:
Complexity of Enterprise Mobile Services Environmen

Mobile Partner Integration Complexity

AssureBridge Mobile Connect™  supports a number of partner integration mechanisms.  The following diagram show how the architecture components integrate into a single cohesive SSO platform delivering a smooth, easy user experience to your customers.  Our platform leverages the industry standard OAuth protocol to deliver SSO across related mobile applications and back-end mobile services.

MobilePartnerIntegrationArchitecture

Smooth and Easy User Experience

AssureBridge Mobile Connect™ platform allows your organization to deliver an intuitive, seamless, and simple user experience on the mobile device.  Our solution leverages the industry standard OAuth 2.0 protocol to deliver secure access.

  • Authenticate once against a central mobile authentication gateway.  The authentication experience is the same regardless of the underlying directory/protocol
  • Use application services with access tokens.  A single login allows multiple mobile applications to access the data they need.
  • Refresh access tokens with refresh tokens.  Avoids frequent prompting for user ids and passwords while maintaining security.
  • Revoke tokens when credentials/devices are compromised or credentials change.  Allow users to be quickly removed from all applications from a central administrative location.
The following diagram illustrates a typical mobile sign-in experience:
 MobileOAuthLoginSequence

The important benefit of our mobile access solution is that application users will authenticate securely via a Web browser against a remote site, thus their corporate credentials will never be seen by a mobile application and never be stored on the mobile device itself.  Further, users use only one set of credentials for both web and mobile applications.

Device Loss or Theft

The biggest security threat in the mobile application area is a loss or a theft of the mobile device that hosts your application.  Additionally, malicious 3rd party applications and viruses present serious security threats as they are capable of compromising user credentials.  If the user credentials are compromised then there is a threat of an unauthorized access to the company’s mobile applications and Web sites.

We support secure User-Agent based approach (see above) where your user credentials are never stored on the device and never seen by the mobile applications.  Users are seamlessly directed to the corporate sign-on system where they enter their user ids and passwords.  Passwords never leave the corporate network and are never stored on the mobile device so they cannot be lost or stolen.

MobileAppArchitecture-UserAgent

Mobile Device Support

AssureBridge Mobile Connect™ supports multiple devices including Android, iPad, and iPhone.

We provide easy-to-use application libraries and ready to use code examples for Android and iOS to get your team started as quickly as possible.  AssureBridge Mobile Connect™ allows application developers to quickly enable their applications for single sign-on without the need to understand the nuances of complex protocols such as OAuth, SAML, and OpenID.

AssureBridge Mobile Connect™ Platform

To summarize, the AssureBridge Mobile Connect™ platform provides the following benefits:

  • Offers strong enterprise-class mobile security
  • Leverages leading industry security and SSO standards including OAuth, SAML, and OpenID
  • Serves as a protocol bridge offering single OAuth entry point for mobile apps regardless of back-end SSO protocol
  • Provides adapters and services to shield developers from the complexity of SSO integration
  • Provides uniform user authentication across Web and Mobile applications
  • Provides operational facilities including secure token management and usage reporting
  • Enables rapid and easy partner integration for mobile applications and back-end services
  • Integrates seamlessly with AssureBridge SAMLConnect™, OpenIDConnect™, Identity Provider Integration Nexus™, and SyncFire™ Provisioning products
  • Supports rapid delivery via an on-premise platform, a secure On-Demand service, or a hybrid solution

For more details and a demo please contact us directly.