Skip to main content

Secure custom mobile apps by using single sign-on

Suggest edit Updated on May 3, 2021

With the improvements to Pega Platform™, single sign-on (SSO) users can now sign in to custom mobile apps with any OpenID-compatible identity provider, such as Google, Auth0, Okta, and NetIQ. To use external login with SSO, you do not have to modify your custom mobile app. It is easy to configure SSO at the Pega Platform application level.

By using external login with SSO, you make your custom mobile apps more secure. Custom mobile apps cannot access Pega Platform application resources without presenting a valid access token. The token is granted after an external login screen opens in a system browser, and the user provides login credentials to the identity provider. Login credentials are not disclosed to the custom mobile app. The login screen is displayed again only if the mobile app can no longer obtain a valid access token. Also, if an optional refresh token was issued, the user can refresh the access token without repeating the login process. To improve security even further, mobile devices use the Proof Key for Code Exchange (PKCE) security extension to OAuth 2.0 for public clients.

For more information, see Configuring a custom mobile app to use external login with OpenID Connect.

Did you find this content helpful? YesNo

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us