Configuring Corporate Single Sign On

App Portal 2021 R1

In previous releases, access to the App Portal app store was limited to domain-authenticated users only. Starting with App Portal 2016, you can configure single sign-on authentication for your users using your corporate single sign-on system, enabling them to access the App Portal app store on-the-go from locations outside the corporate network or VPN.

Single sign-on authentication is supported when using the both the standard App Portal user interface and the mobile interface.

Single sign-on is configured on the Site Management > Settings > Single Sign On view, where you can separately specify settings for both the Standard User Interface and the Mobile User Interface (SAML 2.0 only).

Site Management > Settings > Single Sign-On View

App Portal provides support for the following single sign-on authentication types:

Supported Single Sign-On Types

Type

Description

SAML 2.0

SAML (Security Assertion Markup Language) 2.0 is an XML-based, open-standard data format for enabling web browser single sign-on.

See Configuring SAML 2.0 Authentication.

Note:SAML 2.0 is the only type of single sign-on authentication type supported by the App Portal mobile interface.

OAuth 2.0

OAuth is an open standard for authorization, commonly used as a way for users to log in to third party websites using their Google, Facebook, Microsoft, Twitter, etc. accounts without exposing their password.

See Configuring OAuth 2.0 Authentication.

Note:Not supported by the App Portal mobile interface.

OpenID Connect

OpenID is an open standard and decentralized authentication protocol which allows users to be authenticated by co-operating sites (known as relying parties) using a third-party service.

See Configuring OpenID Connect Authentication.

Note:Not supported by the App Portal mobile interface.

Custom

To implement a custom single sign-on authentication type, you would need to write a custom SSL page (.aspx) to redirect to. App Portal is installed with a boilerplate custom SSL page named CustomSignon.aspx, which your services team can customize for your organization.

See Configuring Custom Authentication.

Note:Not supported by the App Portal mobile interface.

Important:When using single sign-on, App Portal needs to be configured to run with anonymous authentication in IIS. By default, Windows Authentication is selected.

See Also

Single Sign On