Abstract: A method for authenticating a user seeking access to first and second resources that have different authentication levels. The method includes receiving a primary token that is associated with a first authentication event of the user and authenticates the user to access the first resource, and receiving a first request to access the second resource. The method further includes receiving first credentials of the user. The method further includes, responsive to validating the first credentials, generating a second authentication event, associating the second authentication event with the primary token, and issuing a first secondary token that authenticates the user to access the second resource.

Abstract: Disclosed are various examples for providing a single sign-on experience for mobile devices that may or may not be managed. A service provider receives an access request from a first client application executed in a client device. The service provider causes the first client application, using a redirection response that redirects the access request to an identity provider, to request an authentication token from a second client application executed in the client device. The service provider receives the authentication token from the first client application. The service provider then authenticates the first client application in response to verifying the authentication token.

Abstract: A computer-implemented method for automatically registering an application with an enterprise system is disclosed. The method accesses an application utilizable with the enterprise system. Generates an application access template for the application, including: generating information specific to the application that is able to be utilized with the enterprise system, and generating parameters specific to the application that is able to be utilized with the enterprise system. The method defines, in the application access template, a basic authorization protocol information; and utilizes the application access template for a subsequent dynamic registration of the application with the enterprise system.

Abstract: A computer-implemented method for automatically registering an application with an enterprise system. The method includes, obtaining the application associated with the enterprise system, wherein the application is pre-configured for subsequent registration with the enterprise system such that the registration establishes a trust relationship between the application and the enterprise system. The method further includes installing the application on a host device, and in conjunction with installing the application, automatically requesting the registration of the application with the enterprise system.

Abstract: Various examples of detecting whether a device meets an enrollment level are disclosed. A request to authenticate a user based upon user credentials is obtained. Applications for which the user is authorized are identified. An enrollment level associated with each of the plurality of applications is also identified. A user interface including the plurality of applications and the enrollment level associated with each of the plurality of applications is generated.

Abstract: Various examples of detecting whether a device meets an enrollment level are disclosed. A request to authenticate a user based upon user credentials is obtained. Applications for which the user is authorized are identified. An enrollment level associated with each of the plurality of applications is also identified. A user interface including the plurality of applications and the enrollment level associated with each of the plurality of applications is generated.

Abstract: Disclosed are various examples for providing a single sign-on experience for managed mobile devices. A management application executed in a computing device receives a single sign-on request from a managed client application executed by the same computing device. The management application determines that the client application is permitted to access a management credential for single sign-on use. The management application provides the management credential to the client application in response to the single sign-on request.

Abstract: Various examples of detecting whether a device meets an enrollment level are disclosed. A request to authenticate a user based upon user credentials is obtained. Applications for which the user is authorized are identified. An enrollment level associated with each of the plurality of applications is also identified. A user interface including the plurality of applications and the enrollment level associated with each of the plurality of applications is generated.

Abstract: Disclosed are various examples for providing a single sign-on experience for managed mobile devices. A management application executed in a computing device receives a single sign-on request from a managed client application executed by the same computing device. The management application determines that the client application is permitted to access a management credential for single sign-on use. The management application provides the management credential to the client application in response to the single sign-on request.

Abstract: A computer-implemented method for automatically registering an application with an enterprise system. The method includes, obtaining the application associated with the enterprise system, wherein the application is pre-configured for subsequent registration with the enterprise system such that the registration establishes a trust relationship between the application and the enterprise system. The method further includes installing the application on a host device, and in conjunction with installing the application, automatically requesting the registration of the application with the enterprise system.

Abstract: Disclosed are various examples for determining whether a client device complies with compliance rules while authenticating a user account. A client certificate can include an identifier corresponding to a client device. An identity provider can extract the identifier while authenticating the user account. The identity provider can determine whether the client device complies with compliance rules prior to authenticating the user account on the client device.

Abstract: A computer-implemented method for automatically registering an application with an enterprise system. The method includes, obtaining the application associated with the enterprise system, wherein the application is pre-configured for subsequent registration with the enterprise system such that the registration establishes a trust relationship between the application and the enterprise system. The method further includes installing the application on a host device, and in conjunction with installing the application, automatically requesting the registration of the application with the enterprise system.

Abstract: A method for authenticating a user seeking access to first and second resources that have different authentication levels. The method includes receiving a primary token that is associated with a first authentication event of the user and authenticates the user to access the first resource, and receiving a first request to access the second resource. The method further includes receiving first credentials of the user. The method further includes, responsive to validating the first credentials, generating a second authentication event, associating the second authentication event with the primary token, and issuing a first secondary token that authenticates the user to access the second resource.

Abstract: Various examples of detecting whether a device meets an enrollment level are disclosed. A request to authenticate a user based upon user credentials is obtained. Applications for which the user is authorized are identified. An enrollment level associated with each of the plurality of applications is also identified. A user interface including the plurality of applications and the enrollment level associated with each of the plurality of applications is generated.

Abstract: Various examples of detecting whether a device meets an enrollment level are disclosed. A request to authenticate a user based upon user credentials is obtained. Applications for which the user is authorized are identified. An enrollment level associated with each of the plurality of applications is also identified. A user interface including the plurality of applications and the enrollment level associated with each of the plurality of applications is generated.

Abstract: A method for authenticating a user seeking access to first and second resources that have different authentication levels. The method includes receiving a primary token that is associated with a first authentication event of the user and authenticates the user to access the first resource, and receiving a first request to access the second resource. The method further includes receiving first credentials of the user. The method further includes, responsive to validating the first credentials, generating a second authentication event, associating the second authentication event with the primary token, and issuing a first secondary token that authenticates the user to access the second resource.

Abstract: Disclosed are various examples for single-sign on by way of managed mobile devices. For example, an identity provider service can receive a request for an identity assertion from an application executed in a client device. The identity provider service can then detect a platform associated with the client device. A response to the request can be sent based at least in part on the platform, where the response requests authentication by a management credential. Data generated by the management credential is received from the client device, and the management credential is determined to be valid for the identity assertion. The identity assertion is then sent to the client device in response to determining that the management credential is valid for the identity assertion.

Abstract: Disclosed are various examples for providing a single sign-on experience for mobile devices that may or may not be managed. A service provider receives an access request from a first client application executed in a client device. The service provider causes the first client application, using a redirection response that redirects the access request to an identity provider, to request an authentication token from a second client application executed in the client device. The service provider receives the authentication token from the first client application. The service provider then authenticates the first client application in response to verifying the authentication token.

Abstract: Disclosed are various examples for providing a single sign-on experience for managed mobile devices. A management application executed in a computing device receives a single sign-on request from a managed client application executed by the same computing device. The management application determines that the client application is permitted to access a management credential for single sign-on use. The management application provides the management credential to the client application in response to the single sign-on request.

Abstract: Disclosed are various examples for providing a single sign-on experience for mobile applications that may or may not be managed. A first application executed in a client device sends an access request to a service provider. The first application receives a redirection response from the service provider that redirects the first application to an identity provider. The first application then receives a further redirection response from the identity provider that causes the first application to request an identity assertion from a second application executed in the client device. The first application receives the identity assertion from the second application. The first authentication then authenticates with the service provider using the identity assertion.