

Rethinking Mobile SSO - shivalry
http://tech.blog.box.com/2013/03/rethinking-mobile-sso/

======
chayesfss
Hey I'm with you, it is lacking right now if you're using generic apps. We
(SecureAuth) can protect and federate identities into native mobile apps all
day long (<https://mobile.gosecureauth.com/.>) We even help companies do SSO
into native mobile apps with technologies like NFC where we tie it to an
enterprise datastore. But like you said, the issue comes into play when
customers of ours like GSA and Unisys don't just use custom mobile apps but
rather want to assert an enterprise identity into a generic mobile app like
box, dropbox or SAP BI. These don't really allow you to programmatically
assert that identity into it (yet?). An awesome example would be after
validation of your identity we asserted that identity into the url scheme like
'box://store&UserID=variable&SessionID=123'. Here's a picture of how
SecureAuth deals with mobile apps right now though
<http://i.imgur.com/uHfRUoI.png>

