Safari View Controller (iOS) and Chrome Custom Tabs (Android) allow mobile applications a mechanism to bring the native OS web browser experience into their application. In our iOS and Android mobile apps, we've implemented this feature to provide end users (and their organizations) further control and flexibility on the authentication experience into Box.
- Greater control of the authentication experience by the individual and organization.
- Using this feature Identity Providers (within the SSO process) and potentially password vault services can automatically populate user credentials.
- If the user already has an active Box session on their device, they can now be seamlessly authenticatedinto Box without having to re-enter their credentials.
- Ability to authenticate only approved devices
- Organizations will be able to use certificate based authentication or perform other device level checks as a means of restricting access to only approved devices. Additionally they could use this as a means to provide easy access
- Unified experience between what you see inthe Box app's login process and that of the device's native browser.
- In the past, there have been some cases where authentication has failed in the mobile app but has worked in the device's mobile browser. This feature can help customers with unique login experiences that may not have previously worked in our app.
- Mobile Device Trust cannot be used in conjunction with this feature.
- By enabling it our mobile apps lose control of the authentication process and therefore currently cannot run custom device checks during the process.
- This feature requires the enterprise to be SSO enabled or above.
- Enabling this feature flip will turn it on for both iOS and Android devices.
- The user's SSO authentication session can remain active in the mobile browser even if they log out of the mobile app.
- A user who navigates to box.com through their mobile browser may automatically be logged into their Box account due to an active SSO session on the device. This is similar behavior to what exists on the web app when there is no SSO logout redirect URL specified.
- Some Android devices may not be compatible for instance if they do not have Chrome or an old version
How do I enable this feature for my enterprise?
If you would like us to enable these features for your organization, please reach out to your Customer Success Manager or Account Representative.