Identity Integration for Mobile Apps: LDAP & Social Login

Posted: August 20th, 2015Author:

Most apps require a user to register and log in with credentials. Most often, the app requires that the user create a user/password that is specific to the app. This is a cumbersome process that requires the user to remember yet one more password. It’s also not very secure.

A much better approach is to enable the user to simply log in with existing credentials from another service that is trusted, like an LDAP directory in an enterprise or a social identity provider such as Facebook.

Here’s a brief explanation of the two approaches:

  • LDAP, or Lightweight Directory Access Protocol, is an internet protocol that programs use to look up information from a server. LDAP can be used to look up encryption certificates, pointers to printers and other services on a network, and provides “single sign-on,” where one password for a user is shared between many services. It’s typically used by enterprise organizations.
  • Social login is a form of identity integration that uses existing login information from a social networking service such as Facebook, Twitter or Google+ to sign into a third party website. It is designed to simplify logins for end users as well as provide more and more reliable demographic information to web developers.

Let’s take a look at why single sign-on/identity integration is so advantageous in many cases:

  • It removes the need for users to remember and manage multiple passwords. By using an LDAP directory or social login integration, you can put an end to the perpetual “I can’t remember my password/I need to reset my password” calls and emails from your customers. When multiplied across a large organization, the time spent fixing this recurring problem burdens IT organizations. By reducing the number of passwords that users have to remember, this particular IT burden will be significantly lightened, freeing up time to work on more critical issues.
  • It reduces the risk of user account lockout. While related to the first benefit, it’s important to remember that persistent users with multiple accounts and passwords may continue to enter an incorrect password until they are locked out of their account. This presents another challenge for IT, since they now have to spend valuable time discovering whether the person submitting the request is actually entitled to do so.
  • It improves security. Another benefit of fewer passwords is a basic increase in security. When users have many passwords to remember, they often write them down on post-it notes, or enter them into an easily accessible spreadsheet. By implementing identity integration, you remove the need for users to do this, thus strengthening the security of the application.
  • It improves user experience through automatic login. Usability and user experience are two key components for the long-term adoption of technologies in any organization. While it may seem obvious, users typically appreciate it when IT helps them streamline their work processes, even in terms of  little details such as remembering passwords.

It’s also important to note that when each user has many mobile devices, until the password is updated on every device, the account may continue to lock the user out unless an intermediary proxy is in place that allows for a soft lockout before the requests ever make it to the authoritative directory. Yet again, by implementing LDAP or social integration and reducing the number of passwords that users have to remember, you can help mitigate this issue.

Considerations for LDAP

Like any new tech integration, there are considerations that should be taken with LDAP to secure a successful deployment. For example, make sure you create a strong password policy. This should include the complexity, age and history of passwords. This is extremely important because an account being compromised would allow access to all applications and services that the single sign-on is used for.

Further, find a balance between ease-of-use and security in environments where multiple users may access a single device. In this type of environment, it’s important to configure short timeouts and frequent prompts for confirmation that the user is still using the application.

Identity Integration and Appery.io

With our newest update, we’ve added built-in support for for LDAP, Facebook, Twitter and Google. We provide integration with identity providers “out of the box” with a simple point and click process.

By implementing these features, we’ve significantly simplified the process of adding identity integration to all your apps. Every developer or business analyst can now add identity integration to their apps, making them more secure and more convenient. No coding required.