{{search ? 'Close' : 'Search'}}

Mobile App Security and SSO

< API Management Home

Maximize productivity with enterprise mobile apps.

The ubiquity of smartphones and mobile devices in the workplace has presented enterprises with incredible opportunities for maximizing productivity. By creating mobile apps that allow access to backend systems, enterprises can empower their employees to leverage mission-critical application functionality and data anywhere, at any time, from any device.

With these opportunities come security risks, particularly in BYOD (“bring-your-own-device”) scenarios. Enterprises need to deploy identity and access management (IAM) systems able to ensure their apps are only being used by authorized personnel and that these individuals are receiving appropriate levels of access to sensitive enterprise resources.

Most IAM technologies are not sufficiently secure in enterprise mobile use cases because they:

  • Rely on username/password approaches that are cumbersome on mobile devices
  • Do no integrate with mobile application management systems, creating identity silos
  • Fail to account for the multiple different contexts in which any mobile app will be used

Read eBook: It’s All About the App – Mobile Security That Helps Enable the Business

Add strong, user-friendly security to enterprise apps.

These limitations can be addressed by deploying an enterprise-grade single sign-on (SSO) solution that enables users sign in only once to securely access a range of enterprise resources. This solution should both simplify and secure the process through users sign in to apps by leveraging the strong authentication capabilities inherent to mobile operating systems.

The solution should mediate between mobile devices and enterprise IAM, enabling not only SSO, but also the ability to leverage SSO to enable secure local storage, geo-location and even integration with identities from social networks like Facebook. Finally, the solution should leverage device-specific security–not only encryption, but also hardening solutions such as Samsung Knox.

CA Technologies offers a complete, standards-based and proven solution for simplifying enterprise-level mobile security through SSO. This solution is built upon CA Mobile API Gateway, a lightweight, low-latency mobile middleware that helps solve critical, mobile-specific identity and security challenges.

Read Data Sheet: CA API Gateway

Implement end-to-end security for mobile apps.

CA Mobile API Gateway uses OAuth 2.0, OpenID Connect and PKI standards to leverage existing enterprise IAM investments. Communication is secured through the gateway via client-side libraries. CA Mobile API Gateway ships with a Mobile SDK, which makes it simple for developers to implement mobile SSO for iOS and Android devices. The Mobile SDK delivers:

  • Client-side libraries, code examples and documentation
  • The ability to leverage device OS security in order to create a secure SSO container
  • Standards-based security flows based on OAuth 2.0, OpenID Connect and PKI
  • Cryptographic security (mutual SSL) via a single API call
  • PKI provisioning with secure transfer, storage and pinning of certificates
  • Geolocation-based access control to account for differing user contexts
  • Integration with social logins including Facebook, LinkedIn and Salesforce
  • Native integration with the Samsung Knox Authenticator

SSO is implemented via the gateway’s Management API, which simplifies the development process by ensuring that developers do not have to directly deal with the complex OAuth/OpenID Connect protocol flow between mobile device and gateway. For maximum security, communication is secured through the gateway via mutual SSL configuration.

Read Success Story: Alaska Airlines – Secure Mobile API Publishing

Learn more about this solution

Visit CA Mobile API Gateway Page >

Data Sheet

CA Mobile API Gateway

Securely open enterprise and cloud applications to mobile devices.

CA Mobile API Gateway

White Paper

Secure Mobile Access for Enterprise Employees

Simplify security and management for enterprise-level apps and BYOD.

Secure Mobile Access for Enterprise Employees


Enterprise on the Go – 5 Essentials for BYOD & Mobile Enablement

Securely leverage enterprise information assets to create custom mobile apps.

Enterprise on the Go – 5 Essentials for BYOD & Mobile Enablement


OAuth in the Real World - Learn How It Works

OAuth works—using a common setting to reflect parallels to make the technology more easily understood.

OAuth in the Real World - Learn How It Works