How Single Sign-On Extension (SSOe) Simplifies Mobile App Login
For 27 years, one of our clients has been leading the way to easy, smooth, and scalable access to educational tools through its iOS-based School App Launcher.
Designed as a comprehensive dashboard, the app centralizes access to many third-party educational tools, but its real hidden gem is its Single Sign-On extension (SSOe) capability.
But what makes this SSO extension unique and a game-changer for all its users alike?
How does it tackle the pains of fragmented user access while scaling effortlessly for institutions of all sizes?
Let's unpack together the technology behind this feature created in collaboration with Apple and explore how it’s changing access to education, but also healthcare, finance, manufacturing, or entertainment for the better.
The Power (and Complexity) of Single Sign-On
Single Sign-On has always been an important feature in enterprise and education technology, offering students, teachers, administrators, and other types of users the ability to use one set of credentials to access multiple tools.
But our client’s environment, covering countless schools with diverse tech stacks, posed unique challenges.
Each school contributes its customizations, from using apps in Safari to mandating integration with native iOS applications or external platforms. These complexities demanded a robust approach to provide an easy, smooth and secure login experience.
Behind the Scenes of Authentication
To address these challenges, our client leaned into multiple authentication protocols, including OAuth 2.0, SAML, and OIDC, to enable login flows across third-party apps hosted within the app’s WebView.
But the process wasn’t without friction. Redirection outside the app’s controlled environment often caused compatibility issues, such as missing resources or app hand-off errors, creating roadblocks for users.
Even with tools like Apple’s Credential Provider extension, which is used to manage autofill and simplify traditional logins, key gaps remained open.
That’s when, together with our client and Apple, we decided to bring something new: the Single Sign-On Extension (SSOe).
Introducing the Single Sign-On Extension
The SSOe is designed to transform authentication workflows by expanding login functionality at the operating system level.
Available on iOS, iPadOS, and macOS, this system-level extension simplifies authentication by enabling users to log in once and maintain that authentication across native apps, Safari, and WKWebViews.
How SSOe Works
(This section and the next one are a bit geeky techy, but needed for the context; if you want to skip them, click here)
Device management plays a critical role in deploying the SSOe. Devices are enrolled via Mobile Device Management (MDM), which installs an SSOe configuration profile.
This newly installed profile defines criteria such as domains, URL patterns, and app bundle IDs for redirecting login requests. Whenever a URL request matches the profile’s criteria, iOS invokes the app’s SSO extension (ASAuthorizationProviderExtension) to handle the login.
Authentication is securely performed within the extension through stored tokens, credentials, or biometrics, ensuring that sensitive data never leaves the system’s secure environment. Upon successful login, the extension delivers a token or credential to the requesting app or WebView, enabling seamless access without additional logins.
Redirect-Based SSO
Given our client’s need to support web-based authentication protocols like OAuth 2.0 and SAML, we implemented the Redirect SSO approach.
This extension type intercepts URL requests, handles authentication, and redelivers the response with the necessary tokens or headers. The extension ensures consistent authentication management even when a third-party app initiates the call by securely injecting local session cookies into requests and appending the app’s return URL.
With the SSOe, our client’s app achieves effortless SSO across multiple platforms. Authentication requests are now resolved using local credentials stored in the app, drastically reducing complexity and response time, without hitting external servers unnecessarily.
Collaboration with Apple
The implementation of the SSOe was a collaborative effort with Apple.
Their team provided guidance and ongoing support that proved invaluable to our developers. For example, when we encountered challenges in optimizing OAuth 2.0 responses intercepted by the SSOe, Apple’s team directly helped us identify efficient solutions to align with our client’s requirements.
You can read more about the documentation here.
SSOe’s Impact on Education
By integrating the SSOe into the app, we bridged significant gaps in the authentication process for K-12 schools.
With a single, secure login, students and teachers can access all their school-related apps without facing the friction of multiple credentials or app limitations. This not only enhances productivity but also creates a more inclusive, accessible digital learning environment.
Our team is already excited to collaborate even further with Apple, ensuring easy, smooth, and secure user experiences.
Future of EdTech
As you saw above, the integration of SSOe is an important step in modernizing educational technology.
For our client, the app sets a new standard for efficiency and security, only by centralizing and simplifying authentication. In doing so, it improves user experiences across the education ecosystem.
For decision-makers seeking scalable solutions for their institutions, features like SSOe are an investment in a smarter, more connected future for education and even healthcare, finance, manufacturing, or entertainment.
With the right guidance and tools, anyone can provide seamless, scalable experiences that truly stand out for their users. Yes, even you. And we’re here to guide you every step of the way.
Designing an app that not only meets your goals but also makes a lasting impact is possible. Shall we?