Security

New in App ID: App Identity, Custom Sign-In Methods, and More

Share this post:

New capabilities in IBM Cloud App ID

If you are a developer building an application, you may be happy to hear about the latest capabilities we’ve added to IBM Cloud App ID to give you more flexibility in how you authenticate your app users. With the new capabilities, you can now leverage any custom identity provider or sign-in method and authenticate apps in addition to users. To stay updated beyond what we share in this post, you can follow the latest “What’s New” announcements in the overview section of your App ID instance.

What is App ID?

IBM Cloud App ID is a service that lets you add user authentication to your apps and protect APIs and back-ends running on IBM Cloud. For consumer apps, users can sign up through your app and log in with the credentials that they set, or they can use social login (e.g., Facebook and Google). For employee apps, employees can sign in with their enterprise credentials via SAML 2.0 federation of your enterprise identity provider. App ID takes care of the many complex and nuanced details of authenticating and managing users so that you don’t have to.

What’s new?

Authenticate apps

While App ID provides multiple mechanisms for authenticating users, you now also have a way to authenticate apps that don’t involve a user by leveraging the OAuth 2.0 client credentials flow. An example of when you may want to have one app communicate with another service or app without involving a user is an IoT device that monitors and reports environment variables to an upstream server.

Manage apps

We’ve made it easy for you to keep track of applications that use App ID for authentication. You can register and track your apps in the App ID console, and from there, you can get the credentials you need to use to leverage App ID in your app.

Profiles—start building a user profile in advance

App ID now lets you pre-register users and assign them custom attributes and roles before they first sign in to your app. For example, you may want to assign a user a “Coordinator” or “Participant” role in your app in advance.

Sign-in users using a custom identity provider

App ID supports SAML-based identity providers, App ID’s own native Cloud Directory, and social identity providers (e.g., Facebook, Google). If you want to use a different identity provider to authenticate users (e.g., Github or LinkedIn) or a legacy enterprise identity provider with a proprietary authentication protocol, you can use these for authentication and protect your back-ends with App ID. If your identity provider offers an SDK, you can use it to facilitate user authentication information before packaging and exchanging information with App ID.

Sign-in employees with any sign-in method

Now, in addition to letting employees sign in with their enterprise email and password, you can choose to let them sign in with any authentication method that your SAML based identity provider (IdP) supports (e.g., with a smart card or touch id).

Other new things you might like:

  • You can now define the user attributes that you want to associate with your App ID tokens so that you can quickly access this info directly in your client app code.
  • App ID now exposes a well-known URL to allow you to automatically configure your app using the OpenID Connect (OIDC) discovery document.

Feedback and help

As always, we’d love to hear your feedback and questions. Get help for technical questions at Stack Overflow with the ibm-appid tag. For non-technical questions, use IBM developerWorks with the appid tag. For defect or support needs, use the Support section in the IBM Cloud menu. To get started with App ID, check it out in the IBM Cloud Catalog.

Offering Manager - Cloud Developer Services - Security

More Security stories
November 1, 2018

IBM Key Protect Released in AP North Region on IBM Cloud

Having the ability to use encryption key management to protect applications and supporting data in a public cloud environment is a critical component of all enterprise security governance protocols. Adding to our global geographical coverage, IBM’s key management service, IBM Key Protect, is now available in the AP North Region based out of Tokyo.

Continue reading

October 22, 2018

Use Your Own Provider for Mail Sent with IBM Cloud App ID

With IBM Cloud App ID’s Cloud Directory feature, you can add sign-up and sign-in to your mobile or web apps and create a user registry to manage users. Cloud Directory supports sending email messages to your users to verify their email address, allows them to reset their password, and more.

Continue reading

October 8, 2018

IBM Key Protect is Now Available for IBM Cloud Kubernetes Service

Having the ability to use encryption key management to protect applications and support data in a public cloud environment is a critical component of all enterprise security governance protocols. IBM’s key management service, IBM Key Protect, is now supported for use by IBM Cloud Kubernetes Service.

Continue reading