About App ID

Application security can be incredibly complicated. For most developers, it's one of the hardest parts of creating an app. How can you be sure that you are protecting your user's information? By integrating IBM Cloud® App ID into your apps, you can secure resources and add authentication - even when you don't have much security experience.

What can App ID do for you? Check out the following video to learn more.

Video transcript

The following section provides the transcript for the introduction to App ID video for users who might need an alternative format or a translated version.

Wouldn't it be awesome if the barista at your local coffee shop remembered your name and your usual brew. If you're building an application, you might want to build that kind of tailored experience for your users to make them feel special or save them time. Of course, no matter how great your idea is, the success of your app depends on your ability to build trust with your users - which comes down to securing your users data and protecting the systems that your app accesses. Knowing who is using your app is a key part of this. It starts with adding sign in functionality. But, as a lot of developers know, adding authentication and authorization to your app is both risky and complex. That's why we built App ID on IBM Cloud. App ID helps developers to easily add authentication to their mobile and web apps and hosts user data in the cloud that developers can use to build custom app experiences.

To make the sign-in experience easy for your users, with App ID, you can let users sign in directly from your app and then sign in with their email and password. Or, you can let users sign in through their Facebook or Google accounts with credentials they already know. Once your users authenticate, you can authorize access to backend resources that your app uses.

App ID also helps you deliver tailored experiences for your users based on a variety of factors. In App ID you can store information about your users and let developers use this information for their apps. App ID is available for iOS, Android, and the web. And of course, it's built with open standards like OAuth 2.0 and OIDC. To get started, check out the App ID service in the IBM Cloud catalog.

Reasons to use the service

App ID helps developers to easily add authentication to their web and mobile apps with few lines of code, and secure their Cloud-native applications and services on IBM Cloud. By requiring users to sign in to your app, you can store user data such as app preferences, or information from public social profiles, and then leverage that data to customize each user's experience within the app. App ID provides a log-in framework for you, but you can also bring your own branded screens to use with Cloud Directory.

Table 1. Reasons to use the App ID service
Scenario	Solution
You need to add authorization and authentication to your mobile and web apps but don't have a background in security.	App ID makes it easy to add an authentication step to your apps. You can add email or user name, social, or enterprise sign-in to your apps with APIs, SDKs, prebuilt UIs, or your own branded UIs.
You want to limit access to your apps and back-end resources.	You can secure your apps, back-end resources, and APIs easily by using the standards-based authentication provided by App ID.
You want to build personalized app experiences for your users.	With App ID, you can store user data such as app preferences or information from their public social profiles, and then use that data to customize each experience of your app.
You want to manage users in a scalable way.	With App ID you can create a Cloud Directory, which makes it possible for you to add user sign-up and sign-in to your apps. Cloud Directory provides you with the framework to maintain a user registry that can scale with your user base. With the pre-built functionality for self-service, such as email verification and password resets, you can be sure that your app is authenticating users securely.

How it works

With App ID, you can add a level of security to your apps by requiring users to sign in. You can also use the server SDK or APIs to protect your back-end resources.

App ID architecture diagram — Figure 1. How App ID works

Application: Server SDK: You can protect your back-end resources that are hosted on IBM Cloud and your web apps by using the server SDK. It extracts the access token from a request and validates it with App ID. Client SDK: You can protect your mobile apps with the Android or iOS client SDK. The client SDK communicates with your cloud resources to start the authentication process when it detects an authorization challenge.
IBM Cloud: App ID: After successful authentication, App ID returns access and identity tokens to your app. Cloud Directory: Users can sign up for your service with their email and a password. You can then manage your users in a list view through the UI. With Cloud Directory, App ID functions as your identity provider.
External (third party): Social and enterprise identity providers: App ID supports Facebook, Google+, and SAML 2.0 Federation as identity provider options. The service arranges a redirect to the identity provider and verifies the returned authentication tokens. If the tokens are valid, the service grants access to your app.

Integrations

You can use App ID with other IBM Cloud offerings.

Kubernetes Service: By configuring Ingress in a standard cluster you can secure your apps at the cluster level. Check out the App ID authentication Ingress annotation or the Announcing App ID integration to IBM Cloud Kubernetes Service blog post to get started.
Cloud Functions and API Connect: When you create your APIs with Cloud Functions and API Connect, you can secure your applications at the gateway rather than in your app code.
Activity Tracker: You can monitor administrative activity that is made in App ID such as changes to the dashboard configuration, by using the Activity Tracker service.

Standards and certifications

App ID has successfully completed several certifications, audits, and standards.

App ID is based on a set of well-known, industry standard protocols and specifications that are frequently found in both enterprise and consumer facing applications, the OAuth 2.0 Authorization Framework and Open ID Connect. OAuth 2.0 is used to obtain and verify authorization for accessing protected resources. Open ID Connect then adds a layer of authentication and identity protection to your application.

See section 5.4 of the App ID software product compatibility report to review a complete list of certifications. In addition to the certifications, App ID is also compliant in the following specifications: OAuth 2.0, OpenID Connect, JSON Web Token (JWT), JSON Web Signature (JWS), System for Cross-domain Identity Management (SCIM).