For up-to-date product documentation, see the IBM MobileFirst Foundation Developer Center.


Configure device single sign-on (SSO)

Enable device single sign-on (SSO) to share the state of a security check among multiple applications on the same device.


Overview

We can enable device single sign-on (SSO) for any custom security check to share the state of this check with other application instances that are running on the same device. For example, we can use device SSO to implement an authentication flow whereby successful user log in from one application is applicable also to other applications on the same device.

Device SSO is configured in the application-descriptor JSON file by using the predefined enableSSO security-check configuration property.

Note:


Procedure

Enable device SSO for a specific security check by using one of the following alternative methods:


Results

After you successfully enable device SSO for our selected security check, we can see in the Security-Check Configurations table on the application Security console page, that the value of the Enable Device SSO property for our configured security check is true. In addition, we can see the device-SSO property definition in the application descriptor: in the console, go to the application Configuration Files tab. In the Application-Descriptor JSON File section, we can see a copy of the application-descriptor JSON file. Search for the name of the configured security check within the securityCheckConfigurations object. The nested security-check object should contain an "enableSSO": true entry. In the following template, replace SecurityCheckName with the name of the security check that you configured:

"securityCheckConfigurations": { "SecurityCheckName": { [...] "enableSSO": true } }

To test device SSO, enable this feature for the same security check from multiple applications. Then attempt to access resources that are protected by this security check from multiple applications on the same device. You should be required to pass the security check only once, for the first resource request. For example, for a user-login scenario, after you successfully log in from one application, the log in from the second application on the same device should succeed automatically, without any user input.

Parent topic: Configuring application security-check properties