See mobile Menu

Dev Overview of NAPPS for Mobile

The Problem

The proliferation of mobile applications, including mobile apps custom to an organization, makes the need for an SSO solution critical.

Consider these data points that illustrate the challenges facing mobile users and organizations:

  • SHADOW IT: The average enterprise has over 500 cloud applications in use, however fewer than 15% are enterprise ready

  • MOBILE ACCESS: Nearly half of all cloud app activities occur on mobile devices. Yet, most mobile apps don’t support SAML for SSO. For those mobile apps that do support SAML, the authentication user experience is poor and security is weakened as user sessions are not frequently revalidated.

A Solution: NAPPS, The New Standard for Mobile SSO

The industry is moving to solve this problem with the introduction of NAPPS or Native Applications, a standard protocol to provide SSO for users on mobile devices through a “token agent,” which enables native mobile applications to authenticate users more easily.

As is the case with SAML and SCIM for web applications, the promotion of NAPPS to mobile application developers is imperative to provide a more secure and integrated user experience.

The NAPPS specification is part of the OpenID Foundation and is defined by the Native Applications Working Group. It is based on the OpenID Connect and OAuth 2.0 standards.

It provides a seamless sign-on experience where an identity provider can federate access across numerous applications, and sessions can be validated repeatedly without degrading the user experience.

Get Started with NAPPS

As part of OneLogin’s commitment to standards, we have developed NAPPS toolkits for iOS and Android. These open-source SDK toolkits include a test app and test token agent to help you implement NAPPS in your own apps.


Have a Question?

Have a how-to question? Seeing a weird error? Ask us about it on StackOverflow.

Found a bug? Submit a support ticket.

Have a product idea or request? Share it with us in our Ideas Portal.