Working with Custom Authentication and Identity Providers in AEM Mobile

Digital Publishing

AEM Mobile can be used to not only create Business to Consumer applications, but can also be used to create internal enterprise applications and business to business apps. One of the hallmark features of the AEM Mobile platform that makes these different applications possible is Entitlement and Restricted Collections.

Enabling Entitlement within your AEM Mobile applications allows you to authenticate users with a login to gain access to articles and collections that are normally protected by a paywall or hidden from view when using restricted collections.

To enable Entitlement in your AEM Mobile project you must first define your Entitlement service in the AEM Mobile master account settings. Entitlement settings include defining your authentication endpoint as well as additional optional settings around entitlement and authentication token cache. i.e. how often the application checks back against the service for new entitlement information and how frequently the auth token should be renewed.

Once you have setup your Entitlement service you can enable the sign-in authentication dialog in your application at the AEM Mobile project level. You do not need to rebuild your application for the Entitlement and authentication changes to take affect.

Below is an example of the default authentication dialog box that a user will see when tapping the My Account link in the application’s hamburger menu.

Beyond the default authentication dialog, you can create custom authentication screens that  replace the default sign-in experience. These custom authentication screens can also use different identity providers.

Creating a custom HTML sign-in experience allows you to collect more information on the user or provide additional instructions on what type of login is required i.e. username vs. email?

AEM Mobile applications can also use custom authentication screens in conjunction with different identity providers, reducing the need to create a new account just for the mobile application.

SAML 2.0 identity providers including MFA/OKTA and recently added support for Gigya can help enterprises integrate their mobile applications into their single-sign-on systems. While defining an OAuth 2.0 identity service will give users the ability to use social logins such as Facebook for authentication.

For more information on Entitlement in AEM Mobile see:

For more information on setting up custom authentication in AEM Mobile see: