Tom Kemp's Centrify Blog

Going One Step beyond Mobile Single Sign-on (SSO)

Friday, November 16, 2012

Recently Centrify announced that it has extended our cloud-based mobile security offering to include Mobile Authentication Services aka “MAS”. Aha, you say, sounds like Centrify is doing Mobile Single Sign-On aka “Mobile SSO” for Rich Mobile Apps (RMAs) and Mobile Web Apps (MWAs) on iPhones and Androids etc. — and doing so by leveraging the goodness of an on-premise Active Directory. That’s true, but we are actually going beyond SSO and delivering what we call “Zero Sign-On” aka ZSO which I will talk a bit in this blog.

To put this announcement in context, this follows our release earlier this year of our Centrify for Mobile solution that lets you “domain join” iPads, iPhones and Android devices into your Active Directory domain (just like Microsoft does for Windows, and we do for Linux, UNIX and Macs). From there our solution delivers Active Directory Group Policy-based management of mobile devices to enable Mobile Device Management (MDM). With our MAS capabilities, we are now making available the other major service provided by Active Directory — authentication — and seamlessly extending it to mobile devices and applications, making Centrify the only vendor to offer both integrated MDM and MAS.

So why is this of interest? Well, the rise in mobile device adoption has created challenges that go beyond setting security policies via mobile device management, especially when it comes to security and authentication for users accessing applications. IT organizations have moved toward Single Sign-On (SSO) for traditional desktop systems and applications, and with Linux/UNIX/Mac systems and on-premise apps such as SAP with Centrify, but until now there has been no way to fully leverage a ubiquitous infrastructure, such as Active Directory, for mobile devices and native mobile applications in particular.

Until today, mobile apps required separate authentication and authorization that were set up in a siloed back-end service, leading to poor security polices as well as user frustration and loss of productivity from having to remember multiple complex passwords in order to meet security requirements. In addition, independent software vendors must ensure security and productivity of mobile applications, but lack simple, universal mechanisms for adding authentication to their applications.

Now according to the Gartner report, “The Evolving Intersection of Mobile Computing and Authentication” (subscription required), two categories of mobile device applications exist. The first is the mobile Web application (MWA). Its technology and protocols are reasonably well understood because the MWA leverages a Web browser for communication with resource. As users demand a richer experience, developers began leveraging the mobile devices’ native SDKs to build rich mobile applications (RMAs). The result is reflected in the adoption of RMAs versus WMAs. According to Gartner, RMAs represent 65 percent of deployed mobile device applications.

So how are we delivering this Mobile SSO capability? Well for RMAs we are delivering a MAS Software Development Kit (SDK) that lets mobile application developers provide corporate users with a “Zero Sign-On” experience and stronger authentication when accessing applications from their mobile devices, which eliminates the need to remember and re-enter credentials for each mobile app. “Zero Sign-On” goes beyond Single Sign-On for devices enrolled in the Centrify Cloud Service, as users who have enrolled their mobile device in the Centrify Cloud Service are provided a certificate identifying the user of a specific device. Users are then able to use Mobile Apps that integrate with the Centrify MAS SDK to gain seamless access to authorized cloud services upon unlock of the mobile device.

Centrify Cloud Service

To further make it easy to add AD-based ZSO to your mobile apps, we have also partnered with one of the leading Mobile app development platforms, Appcelerator, who will make our MAS SDK available as part of their marketplace for their Titanium mobile application development platform. Click here for our announcement re: this.

And to further adoption of Mobile ZSO, we are also making this SDK free to mobile application developers, so even more goodness. For more reading material on MAS and our MAS SDK, see my colleague Shreyas Sadalgi’s blog post entitled “Introducing Centrify Mobile Authentication Services: SSO is Dead, Long Live ZSO!” or simply request the MAS SDK here.

Finally, what about Mobile ZSO (again a superset of SSO) for Mobile Web Apps aka MWAs? We have a great story for that … stay tuned for more information on that topic in a blog post coming very soon.

< Previous Article: Centrify Rolls out New Release of Mobile Device Management
> Next Article: As Enterprises Adopt Cloud, Spotlight on Identity Shines