Today I’m thrilled to announce that Salesforce customers can now quickly and easily add Salesforce authentication to any Ionic app using Auth Connect.

Auth Connect is an Ionic solution that provides a simple, secure method of integrating with auth providers to enable single sign-on (SSO) within your Ionic apps.

The perils of rolling your own SSO

An often overlooked challenge of app development is implementing secure user authentication in your mobile experiences.

Not only is it time consuming to integrate with an existing auth provider, it’s also risky. Teams that don’t properly authenticate users or store user secrets safely will expose themselves to the risks of a data breach or violation of customer privacy.

For example, a common mistake made by teams that implement their own auth integration is to use the InAppBrowser plugin to display a web-based UI for user login. This puts the user at risk of a JavaScript injection or “man in the middle” attack, whereby a bad actor intercepts the communication and obtains the user’s credentials.

Out-of-date, insecure auth provider plugins are also sources of risk, along with poorly implemented OAuth integrations.

That’s why we built Auth Connect.

Simple, secure SSO with Auth Connect

Using the OAuth and OpenID Connect authentication standards, Auth Connect provides all the infrastructure needed to set up login, logout, and token refresh in an Ionic app. Auth Connect uses native System Components, rather than an embedded browser, for the best possible security and protection against data theft.

And best of all, Auth Connect is built and supported by the Ionic team, and includes ongoing maintenance, security patches, and pre-built integrations with popular auth providers like Auth0, AWS Cognito, and Azure AD, and now Salesforce.

User Authentication and Salesforce

Salesforce may not be the first vendor that comes to mind when you think of authentication, but given how important and pervasive Salesforce data is in most businesses, it’s necessary to consider how and when to grant access to Salesforce data from within a mobile app experience.

Thankfully, Salesforce provides several methods to authenticate users, from simple out-of-the-box methods to highly custom solutions. One way is through what Salesforce calls a “connected app”.

Borrowing from Salesforce’s Security Guide:

A connected app is a framework that enables an external application to integrate with Salesforce using APIs and standard protocols, such as SAML, OAuth, and OpenID Connect. Connected apps use these protocols to authenticate, authorize, and provide single sign-on (SSO) for external apps. The external apps that are integrated with Salesforce can run on the customer success platform, other platforms, devices, or SaaS subscriptions. For example, when you log in to your Salesforce mobile app and see your data from your Salesforce org, you’re using a connected app.

With Salesforce support now available in Auth Connect, we’re making it easy for teams to build highly secure mobile experiences that access Salesforce data via connected apps, or who just want to rely on Salesforce as their identity provider.

Give Auth Connect a try

If you’re interested in learning more about Auth Connect or getting your hands on a trial, check out our Auth Connect product page and select “Request a Demo”. One of our Solutions Engineers will give you the full tour.