Security

New in App ID: App Identity, Custom Sign-In Methods, and More

Share this post:

New capabilities in IBM Cloud App ID

If you are a developer building an application, you may be happy to hear about the latest capabilities we’ve added to IBM Cloud App ID to give you more flexibility in how you authenticate your app users. With the new capabilities, you can now leverage any custom identity provider or sign-in method and authenticate apps in addition to users. To stay updated beyond what we share in this post, you can follow the latest “What’s New” announcements in the overview section of your App ID instance.

What is App ID?

IBM Cloud App ID is a service that lets you add user authentication to your apps and protect APIs and back-ends running on IBM Cloud. For consumer apps, users can sign up through your app and log in with the credentials that they set, or they can use social login (e.g., Facebook and Google). For employee apps, employees can sign in with their enterprise credentials via SAML 2.0 federation of your enterprise identity provider. App ID takes care of the many complex and nuanced details of authenticating and managing users so that you don’t have to.

What’s new?

Authenticate apps

While App ID provides multiple mechanisms for authenticating users, you now also have a way to authenticate apps that don’t involve a user by leveraging the OAuth 2.0 client credentials flow. An example of when you may want to have one app communicate with another service or app without involving a user is an IoT device that monitors and reports environment variables to an upstream server.

Manage apps

We’ve made it easy for you to keep track of applications that use App ID for authentication. You can register and track your apps in the App ID console, and from there, you can get the credentials you need to use to leverage App ID in your app.

Profiles—start building a user profile in advance

App ID now lets you pre-register users and assign them custom attributes and roles before they first sign in to your app. For example, you may want to assign a user a “Coordinator” or “Participant” role in your app in advance.

Sign-in users using a custom identity provider

App ID supports SAML-based identity providers, App ID’s own native Cloud Directory, and social identity providers (e.g., Facebook, Google). If you want to use a different identity provider to authenticate users (e.g., Github or LinkedIn) or a legacy enterprise identity provider with a proprietary authentication protocol, you can use these for authentication and protect your back-ends with App ID. If your identity provider offers an SDK, you can use it to facilitate user authentication information before packaging and exchanging information with App ID.

Sign-in employees with any sign-in method

Now, in addition to letting employees sign in with their enterprise email and password, you can choose to let them sign in with any authentication method that your SAML based identity provider (IdP) supports (e.g., with a smart card or touch id).

Other new things you might like:

  • You can now define the user attributes that you want to associate with your App ID tokens so that you can quickly access this info directly in your client app code.
  • App ID now exposes a well-known URL to allow you to automatically configure your app using the OpenID Connect (OIDC) discovery document.

Feedback and help

As always, we’d love to hear your feedback and questions. Get help for technical questions at Stack Overflow with the ibm-appid tag. For non-technical questions, use IBM developerWorks with the appid tag. For defect or support needs, use the Support section in the IBM Cloud menu. To get started with App ID, check it out in the IBM Cloud Catalog.

Offering Manager - Cloud Developer Services - Security

More Security stories
January 3, 2019

Cloudflare Boosts Security and Performance with IBM Cloud

Ensuring that information flows safely and securely over the Internet is a growing challenge. Cloudflare has teamed with IBM Cloud to bring increased security and performance to individuals and to organizations of all sizes, helping protect critical online services.

Continue reading

December 21, 2018

IBM Cloud Hyper Protect Crypto Services – Key Management Service [Update]

IBM Cloud Hyper Protect Crypto Services offers highly regulated organizations a managed cryptographic service in the cloud. It provides dedicated control down to the root secret of the Hardware Security Module.

Continue reading

December 18, 2018

MFA and Password Policies for Your Cloud-Native Apps with App ID and Updated Pricing

IBM Cloud App ID is introducing new capabilities to give you the option to strengthen the security of each authentication: multi-factor authentication (MFA) and advanced password policies.

Continue reading