Single Sign-On (SSO) for mobile app login and backend login

Single Sign-On (SSO) is an authentication process that enables users to access multiple applications or systems with a single set of login credentials. These credentials can be authenticated using various methods, such as the classical username-password pair via a login form, biometrics (fingerprint or facial recognition), or a temporary one-time code to achieve Multi-Factor Authentication.

SSO for mobile app

Charge point operators (CPOs) who require Single Sign-On services can be utilities, petrol retailers, OEMs, or large companies with established customer-facing business operations and a pre-existing customer base. CPOs use SSO to enable customers to access their EV charging app using login credentials that they have already created for other company applications and systems. By doing so, customers are relieved of the burden of creating new login credentials and remembering multiple passwords, thus lowering the risk of login-related errors.

Besides providing a better user experience, SSO gives CPOs full control over their user base, simplifying user management and improving data security by storing all data in one secure location. By adopting SSO, charge point operators may rely on their already established compliance with various regulations such as SOX, HIPAA, and PCI DSS, which demonstrates their commitment to data security, instills trust in customers, and helps to avoid compliance-related fines.

SSO also benefits network operators who want to start with AMPECO’s white-labeled mobile apps and later switch to their own mobile app. By implementing SSO from the outset, the transition to their own app, later on, is smoother with less disruption to existing users.

SSO for backend login

Integrating enterprise login mechanisms with AMPECO’s backend system streamlines the process for employees to access their accounts using their existing company credentials. Implementing SSO also helps CPOs enforce strict password policies consistently across multiple systems, reducing the risk of password compromise and ensuring that no user has more access than needed, reducing the risk of unauthorized access or data breaches. With centralized authentication and authorization, CPOs can easily manage access to different systems and track user permissions. This allows for efficient and secure access control, enabling CPOs to grant or revoke access to specific resources as needed. Additionally, SSO enables CPOs to utilize their existing secure authentication mechanisms, such as multi-factor authentication (MFA) or two-factor authentication (2FA).

CPOs can simplify user management and enforce strict authentication policies across all their systems by implementing Single Sign-On (SSO) for both the mobile app for EV drivers and the backend for their employees.

The challenges associated with implementing SSO

While SSO offers numerous benefits, it has its fair share of challenges. The initial implementation of the identity provider may be a technical challenge for organizations due to the number of various (or legacy) systems it needs to integrate with. The efforts for this initial setup are later on greatly repaid by the simplification of centrally managing all identity and authentication functions. While centralizing authentication and identity management into a single system (the authentication provider) creates a single point of failure and a single attack target (if breached, could lead to unauthorized access to multiple applications), it also reduces the complexity of enforcing applicable security measures and makes for a single asset to protect. To ensure comprehensive integration converage, organizations should select a reputable provider who adhere to industry standards.

Even with this in mind, implementing SSO is considered a necessity for most large organizations. Many require SSO support as an essential feature, and the lack of it can disqualify software providers from consideration altogether by enterprise organizations looking for solid business partners. Ensuring security is vital as CPOs must comply with various regulations to protect user data and demonstrate their commitment to data security when applying for RFPs, tenders, financing, or when offering EV charging to certain government or state institutions. Building a proprietary SSO solution can be costly and time-consuming, which is why most organizations opt for third-party solutions based on industry-standard protocols.

Have control over your authentication and login processes

Charge point operators can customize their app and backend login process to suit their specific needs. They can use the default AMPECO login mechanism, mixed, or external login. CPOs can assign different roles to users in the Identity Provider (IDP) system and map them to specific roles in the AMPECO system, ensuring that users can access only the resources and data they need.

AMPECO’s EV charging management system enables users with specific access to sign in directly to the respective partner admin streamlining the login process. In most cases, all charging data is stored in AMPECO’s system to provide an efficient and seamless user experience, but CPOs can choose to store all user data separately, where our platform would only keep a unique user identifier to link the data.

AMPECO supports a range of industry-standard SSO solutions

For SSO in mobile applications, we offer integrations with Auth0 and KeyCloak. For the backend, we support Active Directory and SAML 2.0, an open standard created to provide cross-domain single sign-on utilized by Azure Active Directory and other Enterprise grade SSO solutions.

Our SAML 2.0 integration allows easy configuration with any SSO provider supporting this protocol. Our Auth0 integration offers a range of features to enhance user experience, including device locale detection, language localization for the login page, and support for social logins. We can also match existing Auth0 profiles with those in our platform. When Auth0’s API key is configured, we show the Change Password button in the app for the customers signed with email and password to allow customers to initiate a password reset through Auth0, providing a seamless and secure experience.

The business benefits of SSO

Mitigate security risks: Implementing SSO reduces the number of passwords employees must remember and manage. When employees are required to use separate passwords for each app, they often use the same or similar passwords across multiple accounts, making it easier for hackers to access sensitive corporate systems.

Cost savings: SSO reduces the total number of inbound password reset calls from employees and frees IT help desk teams to work on other tasks requiring attention.

Enhanced user experience: SSO eliminates the need to complete redundant sign-on attempts across applications by providing secure, one-click access to users’ apps.

Unified user management and regulatory compliance: SSO provides a unified user management system, allowing CPOs to centralize password and access management. This can be especially helpful for organizations that must comply with regulations like SOX, HIPAA, and PCI DSS.

The advantages of SSO for EV drivers and employees

For EV drivers using the mobile application, SSO provides one-click access eliminating the need to repeatedly enter login credentials, increasing security, saving time, and reducing frustration.

For employees, using SSO in the admin panels allows them to use a single identity to navigate multiple web and mobile domains or applications. In a typical business setting, employees need to access multiple applications and services multiple times a day. Manually logging in to each application can be very time-consuming, but SSO reduces user logins to just one, allowing them to accomplish tasks faster, with less hassle. Using SSO also minimizes the risk of identity theft by simplifying password management to the use of a single password, making it easier to generate, remember, and use stronger passwords.

SSO authentication with AMPECO

AMPECO supports a range of industry-standard protocols and providers for SSO for both mobile app and backend use cases. With our SSO integration, CPOs can easily configure their system with any SSO provider that supports the SAML 2.0 protocol, enhancing user experience with device locale detection, language localization for the login page, and support for social logins. By integrating their enterprise login mechanisms with the AMPECO backend system, CPOs can streamline access for their users, save time, and reduce the risk of unauthorized access and data breaches.

Cookie	Duration	Description
__hssrc	session	This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
_GRECAPTCHA	5 months 27 days	This cookie is set by Google. In addition to certain standard Google cookies, reCAPTCHA sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
JSESSIONID	session	Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
__hssc	30 minutes	HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.

Cookie	Duration	Description
__hstc	1 year 24 days	This is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_131368643_1	1 minute	This cookie is set by Google and is used to distinguish users.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_hjAbsoluteSessionInProgress	30 minutes	No description available.
_hjFirstSeen	30 minutes	This is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.
_hjid	1 year	This is a Hotjar cookie that is set when the customer first lands on a page using the Hotjar script.
_hjIncludedInPageviewSample	2 minutes	No description available.
_hjTLDTest	session	No description available.
CONSENT	16 years 3 months 14 days 11 hours	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
hubspotutk	1 year 24 days	This cookie is used by HubSpot to keep track of the visitors to the website. This cookie is passed to Hubspot on form submission and used when deduplicating contacts.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Cookie	Duration	Description
_lfa	2 years	This cookie is set by the provider Leadfeeder. This cookie is used for identifying the IP address of devices visiting the website. The cookie collects information such as IP addresses, time spent on website and page requests for the visits.This collected information is used for retargeting of multiple users routing from the same IP address.
AnalyticsSyncHistory	1 month	No description
li_gc	2 years	No description
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.

SSO for EV charging: Unify authentication and fortify security

Aleksandar Petkov

Single Sign-On (SSO) for mobile app login and backend login

SSO for mobile app

SSO for backend login

The challenges associated with implementing SSO

Have control over your authentication and login processes

AMPECO supports a range of industry-standard SSO solutions

The business benefits of SSO

The advantages of SSO for EV drivers and employees

SSO authentication with AMPECO

Subscribe for our newsletter

Subscribe for our newsletter

Related Reading

Ad-hoc payments: 4 ways public CPOs can rely on AMPECO to comply with AFIR

How EV charging providers can leverage electricity meters to improve load management in critical locations

How to enhance AMPECO’s white-label mobile app with custom functionality