Enable the Web Authentication policy to use an external OAuth authentication provider. Blue Cedar supports the OpenID extension to OAuth.
Redirecting authentication flows to an external authentication provider allows apps to achieve Single Sign-On (SSO) between any apps integrated with the Web Authentication policy. Using an external authentication provider also allows Multi-Factor Authentication (MFA) flows to be used.
The Mobile User Experience
Some of the details of the mobile user experience depend on the authentication provider. For example, If a web authentication provider does not require multi-factor authentication, the mobile user installs the integrated app, which has been integrated with the Web Authentication policy that specifies the authentication server. When users first launch the app, they enroll via the app to establish the authentication token.
As an example with multi-factor authentication, if you use a PingFederate server as an authentication provider with MFA, the mobile user installs:
The PingID app from the app store
The integrated app, which has been integrated with the Web Authentication policy that specifies the PingFederate server.
Users enroll the PingID app, and enroll the integrated app. If users launch the integrated app without already enabling PingID, they are prompted to complete that enrollment.
Manage Web Authentication profiles via the web interface (UI) or the REST API: