Security

New in App ID: App Identity, Custom Sign-In Methods, and More

Share this post:

New capabilities in IBM Cloud App ID

If you are a developer building an application, you may be happy to hear about the latest capabilities we’ve added to IBM Cloud App ID to give you more flexibility in how you authenticate your app users. With the new capabilities, you can now leverage any custom identity provider or sign-in method and authenticate apps in addition to users. To stay updated beyond what we share in this post, you can follow the latest “What’s New” announcements in the overview section of your App ID instance.

What is App ID?

IBM Cloud App ID is a service that lets you add user authentication to your apps and protect APIs and back-ends running on IBM Cloud. For consumer apps, users can sign up through your app and log in with the credentials that they set, or they can use social login (e.g., Facebook and Google). For employee apps, employees can sign in with their enterprise credentials via SAML 2.0 federation of your enterprise identity provider. App ID takes care of the many complex and nuanced details of authenticating and managing users so that you don’t have to.

What’s new?

Authenticate apps

While App ID provides multiple mechanisms for authenticating users, you now also have a way to authenticate apps that don’t involve a user by leveraging the OAuth 2.0 client credentials flow. An example of when you may want to have one app communicate with another service or app without involving a user is an IoT device that monitors and reports environment variables to an upstream server.

Manage apps

We’ve made it easy for you to keep track of applications that use App ID for authentication. You can register and track your apps in the App ID console, and from there, you can get the credentials you need to use to leverage App ID in your app.

Profiles—start building a user profile in advance

App ID now lets you pre-register users and assign them custom attributes and roles before they first sign in to your app. For example, you may want to assign a user a “Coordinator” or “Participant” role in your app in advance.

Sign-in users using a custom identity provider

App ID supports SAML-based identity providers, App ID’s own native Cloud Directory, and social identity providers (e.g., Facebook, Google). If you want to use a different identity provider to authenticate users (e.g., Github or LinkedIn) or a legacy enterprise identity provider with a proprietary authentication protocol, you can use these for authentication and protect your back-ends with App ID. If your identity provider offers an SDK, you can use it to facilitate user authentication information before packaging and exchanging information with App ID.

Sign-in employees with any sign-in method

Now, in addition to letting employees sign in with their enterprise email and password, you can choose to let them sign in with any authentication method that your SAML based identity provider (IdP) supports (e.g., with a smart card or touch id).

Other new things you might like:

  • You can now define the user attributes that you want to associate with your App ID tokens so that you can quickly access this info directly in your client app code.
  • App ID now exposes a well-known URL to allow you to automatically configure your app using the OpenID Connect (OIDC) discovery document.

Feedback and help

As always, we’d love to hear your feedback and questions. Get help for technical questions at Stack Overflow with the ibm-appid tag. For non-technical questions, use IBM developerWorks with the appid tag. For defect or support needs, use the Support section in the IBM Cloud menu. To get started with App ID, check it out in the IBM Cloud Catalog.

Offering Manager - Cloud Developer Services - Security

More Security stories
February 26, 2019

Enabling Helm with TLS and Service Accounts

Transport Layer Security (TLS) and service accounts—when used together— can greatly improve the security and flexibility of whatever application you choose to run on your cluster with IBM Cloud Data Shield.

Continue reading

February 12, 2019

The State of IBM Cloud Security: Think 2019

Traditional security products are not designed to address the challenges of dynamic, virtual, and distributed cloud environments. IBM’s view is that enterprises today require an end-to-end approach to security that helps them achieve three core objectives in managing their risk and compliance through structured security practices.

Continue reading

February 11, 2019

Announcing IBM Cloud Data Shield Beta at Think 2019

Since we announced IBM Cloud Data Shield experimental, we have been hard at work helping our early adopters (Irene Energy and iExec) develop their Zero Trust platforms and building the next version of Data Shield. Today, we are excited to announce Data Shield beta!

Continue reading