New in App ID: App Identity, Custom Sign-In Methods, and More

Share this post:

New capabilities in IBM Cloud App ID

If you are a developer building an application, you may be happy to hear about the latest capabilities we’ve added to IBM Cloud App ID to give you more flexibility in how you authenticate your app users. With the new capabilities, you can now leverage any custom identity provider or sign-in method and authenticate apps in addition to users. To stay updated beyond what we share in this post, you can follow the latest “What’s New” announcements in the overview section of your App ID instance.

What is App ID?

IBM Cloud App ID is a service that lets you add user authentication to your apps and protect APIs and back-ends running on IBM Cloud. For consumer apps, users can sign up through your app and log in with the credentials that they set, or they can use social login (e.g., Facebook and Google). For employee apps, employees can sign in with their enterprise credentials via SAML 2.0 federation of your enterprise identity provider. App ID takes care of the many complex and nuanced details of authenticating and managing users so that you don’t have to.

What’s new?

Authenticate apps

While App ID provides multiple mechanisms for authenticating users, you now also have a way to authenticate apps that don’t involve a user by leveraging the OAuth 2.0 client credentials flow. An example of when you may want to have one app communicate with another service or app without involving a user is an IoT device that monitors and reports environment variables to an upstream server.

Manage apps

We’ve made it easy for you to keep track of applications that use App ID for authentication. You can register and track your apps in the App ID console, and from there, you can get the credentials you need to use to leverage App ID in your app.

Profiles—start building a user profile in advance

App ID now lets you pre-register users and assign them custom attributes and roles before they first sign in to your app. For example, you may want to assign a user a “Coordinator” or “Participant” role in your app in advance.

users using a custom identity provider

App ID supports SAML-based identity providers, App ID’s own native Cloud Directory, and social identity providers (e.g., Facebook, Google). If you want to use a different identity provider to authenticate users (e.g., Github or LinkedIn) or a legacy enterprise identity provider with a proprietary authentication protocol, you can use these for authentication and protect your back-ends with App ID. If your identity provider offers an SDK, you can use it to facilitate user authentication information before packaging and exchanging information with App ID.

employees with any sign-in method

Now, in addition to letting employees sign in with their enterprise email and password, you can choose to let them sign in with any authentication method that your SAML based identity provider (IdP) supports (e.g., with a smart card or touch id).

Other new things you might like:

  • You can now define the user attributes that you want to associate with your App ID tokens so that you can quickly access this info directly in your client app code.
  • App ID now exposes a well-known URL to allow you to automatically configure your app using the OpenID Connect (OIDC) discovery document.

Feedback and help

As always, we’d love to hear your feedback and questions. Get help for technical questions at Stack Overflow with the ibm-appid tag. For non-technical questions, use IBM developerWorks with the appid tag. For defect or support needs, use the Support section in the IBM Cloud menu. To get started with App ID, check it out in the IBM Cloud Catalog.

Offering Manager - Cloud Developer Services - Security

More Security stories
April 30, 2019

Introducing IBM Analytics Engine v1.2 and Announcing the Deprecation of IBM Analytics Engine v1.0

We are excited to inform you about the new version of IBM Analytics Engine v1.2 that will be available starting May 15, 2019. Along with this release, Analytics Engine v1.0 will be retired.

Continue reading

April 23, 2019

Announcing the Deprecation of the Watson Machine Learning JSON Token Authentication Service

We’d like to inform you about the deprecation of the Watson Machine Learning JSON Token Authentication service. This method of authentication will be retired on May 30, 2019.

Continue reading

April 19, 2019

Introducing IBM Cloud Object Storage Firewall: Further Secure Your Data

IBM Cloud Object Storage (COS) is giving you more control over who can access your data. We have introduced a new capability allowing you to configure your buckets with trusted IP address(es) that will dictate access to the data in COS.

Continue reading