SAML Single Sign-On Flow

Mobb supports SSO with your Identity Provider (i.e. Microsoft Entra ID) if required. If this is a requirement, please reach out to us via [email protected].

Single Sign-On (SSO) is a user authentication process that allows end-users to access the Mobb application with a single login provided by their Identify Provider (IdP). The following diagram explains the SSO flow in Mobb.

  1. User Navigates to Mobb

    • The user opens the Mobb application.

  2. Mobb Checks for Existing Session

    • Mobb looks for a valid session

    • If no valid session is found, Mobb initiates the SSO flow through Auth0.

  3. Auth0 Redirects User to IdP

    • Auth0 redirects the user to the IdP (i.e. Microsoft Entra ID) login page to authenticate.

  4. User Authenticates with IdP

    • The user enters their credentials on the IdP sign-in page.

    • IdP verifies the user’s identity against the organization’s directory.

  5. IdP Issues Security Token

    • Upon successful authentication, IdP provides Auth0 with a security token (e.g., a JWT or SAML assertion).

    • Auth0 validates the IdP token and creates a session for the user.

  6. User Is Redirected Back to Mobb

    • Auth0 redirects the user’s browser back to Mobb, along with the Auth0 token in the callback parameters.

    • Mobb verifies the token signature, checks its validity (expiry, issuer, audience, etc.), and extracts user attributes (e.g., email, roles).

    • If valid, Mobb creates or updates a session on its side and applies any role-based access control configured by the Mobb administrator.

  7. User Gains Access to Mobb Platform

    • The user is now authenticated in Mobb’s system and can use the platform as permitted by their assigned roles/permissions.

    • Subsequent actions during this session are validated via Mobb’s session or tokens.

  8. Ongoing Access and Session Renewal

    • As the user continues to work in Mobb, the session remains valid until it expires or the user signs out.

    • If/when the session expires, Mobb may prompt re-authentication through IdP again, re-initiating the SSO flow if needed.

Last updated

Was this helpful?