Mobile Application Authentication

All components of Salesforce mobile applications require user authentication at the point and time of access.

• OAuth Pairing for Mobile Applications
  Salesforce uses OAuth2.0 for mobile application authentication through username and password or SSO (single sign-on) credentials.
• Single Sign On (SSO) for Mobile Applications
  Single sign-on is a process that allows network mobile application users to access all authorized network resources without having to log in separately to each resource.
• Certificates and Keys
  Salesforce certificates and key pairs are used for signatures that verify a request is coming from a customer org. They’re used for authenticated SSL communications with an external website, or when using a customer org as an Identity Provider.
• Identity Providers and Service Providers
  An identity provider is a trusted provider that enables a customer to use single sign-on to access other websites. A service provider is a website that hosts apps. Customers can enable Salesforce as an identity provider, then define one or more service providers, so their users can access other apps directly from Salesforce using single sign-on. This can be a great help to users: instead of having to remember many passwords, they only have to remember one.
• Inactivity Lock
  Upon initial activation, Salesforce prompts the user to create an arbitrary passcode (if required by the org admin). The passcode is used to unlock the app after reboot, or an admin defined period of inactivity (1, 5, 10, or 30 minutes).
• Session Cookie
  Session cookie is only used for Visualforce pages.
• Restrict Device Platforms
  Admins can restrict Salesforce app access through the admin console by blocking the Salesforce Connected App for either platform (iOS or Android).