Who are you? I really want to know.
Keeping it real
Authentication should be easy.
Options include login with social network accounts, client credentials (device to device), and username/password combination. With Mobile Single Sign-On (MSSO) enabled, a user can sign in once for all apps known to the Mobile SDK on the device. Proximity login (tapping or near field communication) transfers existing authentication sessions across devices and platforms, allowing you to log in on an ipad, then transfer your authenticated session to an android phone. Multiuser support is provided, allowing users with different roles and authorization to access different groups of apps all on the same shared device.
Authentication should be secure. Mutual TLS authentication with CA certificates establishes client-server trust. Geofencing limits authentication within defined geographical boundaries. One-time password and two-factor authentication prevent replay attacks. CA Advanced Authentication evaluates incoming request risks and trigger post-evaluation workflows.
Even after initial authentication, the OAuth 2.0 authorization framework combined with the OpenID Connect protocol keeps credentials private and controls resource access.
Key Authentication features include:
- Authentication against the Gateway’s internal identity provider
- Authentication against a Custom Identity Provider such as an LDAP directory
- Authenticate against CA SiteMinder
- Second Factor Authentication
- Social Login for Google, Facebook, LinkedIn, SalesForce
- SAML 2.0-based federation support
- Mobile Single Sign-On
- Multiuser on single device support
- Client credential device-to-device authentication