Configuring Corporate Single Sign On
In previous releases, access to the App Portal app store was limited to domain-authenticated users only. Starting with App Portal 2016, you can configure single sign-on authentication for your users using your corporate single sign-on system, enabling them to access the App Portal app store on-the-go from locations outside the corporate network or VPN. Identity Provider (IdP) initiated SSO is supported, but Service Provider (SP) initiated SSO is not.
Single sign-on authentication is supported when using the both the standard App Portal user interface and the mobile interface.
Single sign-on is configured on the Site Management > Settings > Single Sign On view, where you can separately specify settings for both the Standard User Interface and the Mobile User Interface (SAML 2.0 only).
App Portal provides support for the following single sign-on authentication types:
| Type | Description |
|---|---|
| SAML 2.0 | SAML (Security Assertion Markup Language) 2.0 is an XML-based, open-standard data format for enabling web browser single sign-on. See Configuring SAML 2.0 Authentication. Note: SAML 2.0 is the only type of single sign-on authentication type supported by the App Portal mobile interface. |
| OAuth 2.0 | OAuth is an open standard for authorization, commonly used as a way for users to log in to third party websites using their Google, Facebook, Microsoft, Twitter, etc. accounts without exposing their password. See Configuring OAuth 2.0 Authentication. Note: Not supported by the App Portal mobile interface. |
| OpenID Connect | OpenID is an open standard and decentralized authentication protocol which allows users to be authenticated by co-operating sites (known as relying parties) using a third-party service. See Configuring OpenID Connect Authentication. Note: Not supported by the App Portal mobile interface. |
| Custom | To implement a custom single sign-on authentication type, you would need to write a custom SSL page ( \.aspx ) to redirect to. App Portal is installed with a boilerplate custom SSL page named CustomSignon\.aspx , which your services team can customize for your organization. See Configuring Custom Authentication.Note: Not supported by the App Portal mobile interface. |
When using single sign-on, App Portal needs to be configured to run with anonymous authentication in IIS. By default, Windows Authentication is selected.
See Also