Build single sign-on into your Web and mobile apps

You don't want to build one-off authentication and authorization in every Web and mobile application you create. Instead, try a service like Okta or Microsoft Azure AD

Authentication is one of the biggest problems facing anyone building apps integrated with cloud services.

You don't have to search much to find stories of developers hard-coding authentication tokens into mobile apps and accidentally leaking valuable keys or account details into the wild. With more and more apps being built by nonprogrammers to work with multiple cloud services, that risk can only grow. Controlled user authentication needs to be part of any modern application development strategy.

Building your own authentication and authorization tooling isn't easy. Does the service you're working with use OAuth, SAML, or something custom? If it's OAuth, which version? Then there's the question of federated identity: Do users need a separate ID for each service, or should they have a single sign-on tied to their corporate identity? Finally, there's the problem of bringing new users onboard and of deprovisioning those who no longer need access to an app -- or who have left the company.

To continue reading this article register now