SAML Single Sign-On Flow
Last updated
Last updated
Mobb supports SSO with your Identity Provider (i.e. Microsoft Entra ID) if required. If this is a requirement, please reach out to us via support@mobb.ai.
Single Sign-On (SSO) is a user authentication process that allows end-users to access the Mobb application with a single login provided by their Identify Provider (IdP). The following diagram explains the SSO flow in Mobb.
User Navigates to Mobb
The user opens the Mobb application.
Mobb Checks for Existing Session
Mobb looks for a valid session
If no valid session is found, Mobb initiates the SSO flow through Auth0.
Auth0 Redirects User to IdP
Auth0 redirects the user to the IdP (i.e. Microsoft Entra ID) login page to authenticate.
User Authenticates with IdP
The user enters their credentials on the IdP sign-in page.
IdP verifies the user’s identity against the organization’s directory.
IdP Issues Security Token
Upon successful authentication, IdP provides Auth0 with a security token (e.g., a JWT or SAML assertion).
Auth0 validates the IdP token and creates a session for the user.
User Is Redirected Back to Mobb
Auth0 redirects the user’s browser back to Mobb, along with the Auth0 token in the callback parameters.
Mobb verifies the token signature, checks its validity (expiry, issuer, audience, etc.), and extracts user attributes (e.g., email, roles).
If valid, Mobb creates or updates a session on its side and applies any role-based access control configured by the Mobb administrator.
User Gains Access to Mobb Platform
The user is now authenticated in Mobb’s system and can use the platform as permitted by their assigned roles/permissions.
Subsequent actions during this session are validated via Mobb’s session or tokens.
Ongoing Access and Session Renewal
As the user continues to work in Mobb, the session remains valid until it expires or the user signs out.
If/when the session expires, Mobb may prompt re-authentication through IdP again, re-initiating the SSO flow if needed.
