November 7, 2018 | Written by: Carmel Schindelhaim
Categorized: Mobile | Security | What's New
Share this post:
New capabilities in IBM Cloud App ID
If you are a developer building an application, you may be happy to hear about the latest capabilities we’ve added to IBM Cloud App ID to give you more flexibility in how you authenticate your app users. With the new capabilities, you can now leverage any custom identity provider or sign-in method and authenticate apps in addition to users. To stay updated beyond what we share in this post, you can follow the latest “What’s New” announcements in the overview section of your App ID instance.
What is App ID?
IBM Cloud App ID is a service that lets you add user authentication to your apps and protect APIs and back-ends running on IBM Cloud. For consumer apps, users can sign up through your app and log in with the credentials that they set, or they can use social login (e.g., Facebook and Google). For employee apps, employees can sign in with their enterprise credentials via SAML 2.0 federation of your enterprise identity provider. App ID takes care of the many complex and nuanced details of authenticating and managing users so that you don’t have to.
While App ID provides multiple mechanisms for authenticating users, you now also have a way to authenticate apps that don’t involve a user by leveraging the OAuth 2.0 client credentials flow. An example of when you may want to have one app communicate with another service or app without involving a user is an IoT device that monitors and reports environment variables to an upstream server.
We’ve made it easy for you to keep track of applications that use App ID for authentication. You can register and track your apps in the App ID console, and from there, you can get the credentials you need to use to leverage App ID in your app.
Profiles—start building a user profile in advance
App ID now lets you pre-register users and assign them custom attributes and roles before they first sign in to your app. For example, you may want to assign a user a “Coordinator” or “Participant” role in your app in advance.
Sign-in users using a custom identity provider
App ID supports SAML-based identity providers, App ID’s own native Cloud Directory, and social identity providers (e.g., Facebook, Google). If you want to use a different identity provider to authenticate users (e.g., Github or LinkedIn) or a legacy enterprise identity provider with a proprietary authentication protocol, you can use these for authentication and protect your back-ends with App ID. If your identity provider offers an SDK, you can use it to facilitate user authentication information before packaging and exchanging information with App ID.
Sign-in employees with any sign-in method
Now, in addition to letting employees sign in with their enterprise email and password, you can choose to let them sign in with any authentication method that your SAML based identity provider (IdP) supports (e.g., with a smart card or touch id).
Other new things you might like:
- You can now define the user attributes that you want to associate with your App ID tokens so that you can quickly access this info directly in your client app code.
- App ID now exposes a well-known URL to allow you to automatically configure your app using the OpenID Connect (OIDC) discovery document.
Feedback and help
As always, we’d love to hear your feedback and questions. Get help for technical questions at Stack Overflow with the ibm-appid tag. For non-technical questions, use IBM developerWorks with the appid tag. For defect or support needs, use the Support section in the IBM Cloud menu. To get started with App ID, check it out in the IBM Cloud Catalog.