With the improvements to Pega Platform™, single sign-on (SSO) users can now sign in to custom mobile apps with any OpenID-compatible identity provider, such as Google, Auth0, Okta, and NetIQ. To use external login with SSO, you do not have to modify your custom mobile app. It is easy to configure SSO at the Pega Platform application level.
By using external login with SSO, you make your custom mobile apps more secure. Custom mobile apps cannot access Pega Platform application resources without presenting a valid access token. The token is granted after an external login screen opens in a system browser, and the user provides login credentials to the identity provider. Login credentials are not disclosed to the custom mobile app. The login screen is displayed again only if the mobile app can no longer obtain a valid access token. Also, if an optional refresh token was issued, the user can refresh the access token without repeating the login process. To improve security even further, mobile devices use the Proof Key for Code Exchange (PKCE) security extension to OAuth 2.0 for public clients.
For more information, see Configuring a custom mobile app to use external login with OpenID Connect.