Increasingly, software applications (e.g., enterprise applications) may be consumed using devices that might not be corporate issued devices, such as bring your own device (BYOD) devices. End users may desire a consumer-like user experience for their enterprise applications. For example, users may desire the ability to perform single sign on (SSO) to enterprise applications. At the same time, IT departments may desire enterprise data to be securely consumed by authorized users, on authorized endpoints, and using authorized applications. They may also desire to leverage technologies, such as machine learning, to recognize anomalous behaviors and limit access to enterprise data using conditional access mechanisms.
SSO and conditional access may be challenging for certain platforms, such as mobile device platforms. For example, mobile platforms (e.g. iOS, Android, Windows 10, etc.) may be strong on application sandboxing, which may prevent traditional solutions for SSO that are used on desktop computers (e.g., shared system key-chain or shared authentication cookies). Mobile endpoints may be BYOD devices and may have non-enterprise applications installed by, for example, the end user. There is a need to control which applications have access to the SSO functionality. There is also a need to consider factors that affect conditional access decisions.