Skip to main content

         This documentation site is for previous versions. Visit our new documentation site for current releases.      

Secure custom mobile apps by using single sign-on

Updated on May 3, 2021

With the improvements to Pega Platform™, single sign-on (SSO) users can now sign in to custom mobile apps with any OpenID-compatible identity provider, such as Google, Auth0, Okta, and NetIQ. To use external login with SSO, you do not have to modify your custom mobile app. It is easy to configure SSO at the Pega Platform application level.

By using external login with SSO, you make your custom mobile apps more secure. Custom mobile apps cannot access Pega Platform application resources without presenting a valid access token. The token is granted after an external login screen opens in a system browser, and the user provides login credentials to the identity provider. Login credentials are not disclosed to the custom mobile app. The login screen is displayed again only if the mobile app can no longer obtain a valid access token. Also, if an optional refresh token was issued, the user can refresh the access token without repeating the login process. To improve security even further, mobile devices use the Proof Key for Code Exchange (PKCE) security extension to OAuth 2.0 for public clients.

For more information, see Configuring a custom mobile app to use external login with OpenID Connect.

  • Previous topic Search faster on mobile with a native search gadget
  • Next topic Protect a custom mobile app with a device lock

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us