Single-Sign on has always been a challenge on mobile phones. Now that companies have to switch to Android Enterprise (Device Admin’ is being deprecated), the Android world is kind of lacking an important feature which used to work with EMM Proprietary solution: Native Kerberos SSO or Kerberos Constrained Delegation.
Fortunately there is some neat solution, swiss-made and cross-EMM compatible, called Hypergate. Hypergate is an Android application that can be configured with Android Enterprise (AppConfig) and that will fill the gap on Android Enterprise – it allows native Kerberos for all your Android Apps (Chrome, cordova based or native Android Apps) and offer a nice SDK for the integration.
Here’s a nice example of App Configuration (example with MobileIron)
I had the chance to integrate it in some test labs and I have to say that it does a great job – Single-Sign On can even be achieved without user interaction, as the application supports certificate-based authentication to a KDC (Key-Distribution Center)
It will definitely work with Linux and Microsoft Application backends, or for example for an authentication to and IDP (ADFS, PingOne etc.)
I could test it with Apache for a ticketing system integration and I know some customers are already using it for Office 365 SSO on Android.
Of course, the connectivity has to be done with a per-App VPN like MobileIron Tunnel. The application is highly customizable and most IT admins will just love it.
In short, it provides what Android was lacking and what iOS was providing since iOS v7: a nice SSO configuration for your apps.
More details can be found on the following web page: