Mobb User Docs
Start NowBlogsWatch NowContact Us
  • What is Mobb?
  • What's New with Mobb
  • Supported Fixes
  • Getting Started
    • System Requirements
    • Onboarding Guide
      • Registering a Mobb account
      • Try Mobb now!
      • Running Mobb against your own code
      • Automate Mobb in a CI/CD pipeline
    • Working with the Fix Report
    • Mobb CLI Overview
      • Analyze Mode
      • Scan Mode
      • Add SCM Token Mode
      • Review Mode
      • Common Deployment Scenarios
  • Mobb Dashboard
  • Integrating SAST Findings
    • Checkmarx
      • Generating Checkmarx One JSON Report from CLI
    • Snyk
    • SonarQube
      • Generating a SonarQube SAST Report
    • Fortify
    • CodeQL
    • Semgrep/Opengrep
      • Generating a Semgrep SAST Report
      • Generating an Opengrep SAST Report
  • CI/CD Integrations
    • GitHub Actions
      • GitHub Fixer for CxOne
      • GitHub Fixer for Opengrep
    • GitLab Pipeline
    • Azure DevOps
    • Jenkins
    • CircleCI
    • Bamboo
    • Bitbucket Pipeline
  • Administration
    • User Management
    • Project Settings
    • Access Tokens
    • Organization-Level Fix Policy
    • Integrations Page
    • SAML Single Sign-On Flow
  • More Info
    • Mobb Broker
      • Mobb Broker Token Rotation
      • Secure storage of Mobb broker in AWS Secrets Manager
    • Providing Fix Feedback
    • Frequently Asked Questions (FAQ)
    • Data Protection and Retention
    • Service Level Agreement
  • Fixing Guides
    • SQL Injection
    • Path Traversal
    • Log Forging
    • XSS
    • XXE
    • Server Side Request Forgery
    • HttpOnly Cookie Vulnerabilities
    • Hardcoded Domain in HTML
    • Hardcoded Secrets
    • HTTP Response Splitting Attacks
    • Insecure Cookie Vulnerabilities
    • Insecure Randomness
    • Missing Check against Null
    • Missing Rate Limiting
    • Regex Missing Timeout
    • System Information Leakage
  • Mobb REST API Guide
Powered by GitBook
On this page

Was this helpful?

  1. Administration

SAML Single Sign-On Flow

PreviousIntegrations PageNextMore Info

Last updated 3 months ago

Was this helpful?

Mobb supports SSO with your Identity Provider (i.e. Microsoft Entra ID) if required. If this is a requirement, please reach out to us via .

Single Sign-On (SSO) is a user authentication process that allows end-users to access the Mobb application with a single login provided by their Identify Provider (IdP). The following diagram explains the SSO flow in Mobb.

  1. User Navigates to Mobb

    • The user opens the Mobb application.

  2. Mobb Checks for Existing Session

    • Mobb looks for a valid session

    • If no valid session is found, Mobb initiates the SSO flow through Auth0.

  3. Auth0 Redirects User to IdP

    • Auth0 redirects the user to the IdP (i.e. Microsoft Entra ID) login page to authenticate.

  4. User Authenticates with IdP

    • The user enters their credentials on the IdP sign-in page.

    • IdP verifies the user’s identity against the organization’s directory.

  5. IdP Issues Security Token

    • Upon successful authentication, IdP provides Auth0 with a security token (e.g., a JWT or SAML assertion).

    • Auth0 validates the IdP token and creates a session for the user.

  6. User Is Redirected Back to Mobb

    • Auth0 redirects the user’s browser back to Mobb, along with the Auth0 token in the callback parameters.

    • Mobb verifies the token signature, checks its validity (expiry, issuer, audience, etc.), and extracts user attributes (e.g., email, roles).

    • If valid, Mobb creates or updates a session on its side and applies any role-based access control configured by the Mobb administrator.

  7. User Gains Access to Mobb Platform

    • The user is now authenticated in Mobb’s system and can use the platform as permitted by their assigned roles/permissions.

    • Subsequent actions during this session are validated via Mobb’s session or tokens.

  8. Ongoing Access and Session Renewal

    • As the user continues to work in Mobb, the session remains valid until it expires or the user signs out.

    • If/when the session expires, Mobb may prompt re-authentication through IdP again, re-initiating the SSO flow if needed.

support@mobb.ai