General Availability: Single Sign-On (SSO) from Native Apps to Embedded Web Views in Microsoft Entra External ID Native Authentication

We’re excited to announce the General Availability (GA) of Single Sign-On (SSO) from Native Apps to Embedded Web Views for Microsoft Entra External ID (EEID) Native Authentication.

This release marks a major milestone in delivering end-to-end seamless authentication experiences for modern CIAM applications bridging the gap between native and web-based app surfaces.

Why SSO matters for Native Auth

Native Authentication gives developers full control over the identity UX—enabling pixel-perfect, in-app sign-in and sign-up experiences without browser redirects.

However, real-world applications rarely stay fully native.

Most modern apps include embedded web experiences, such as:

• Profile management pages
• Payment or checkout flows
• Loyalty or rewards dashboards
• Support or account portals

Without SSO, users are forced to authenticate again when transitioning from native UI to web content—creating friction, drop-offs, and inconsistent experiences.

With GA of SSO for embedded web views, this problem is now solved.

What’s now generally available

With this release, developers can now enable seamless SSO between native and web experiences within the same app session.

✅ Seamless user experience Users authenticate once via native UI—and are automatically signed into embedded web content without a second prompt.

✅ Token-based session continuity The native app securely retrieves an access token and passes it to the web view, enabling immediate access to protected resources.

✅ No browser dependency SSO works entirely within embedded web views (e.g., WKWebView, Android WebView)—preserving full control over UX.

✅ Developer-controlled integration Applications can inject authentication state into requests, ensuring flexibility across custom app architectures.

How it works (high-level)

The SSO flow builds on top of EEID Native Authentication:

1. User signs in via native authentication (SDK or API)
2. App retrieves a valid access token
3. App loads the embedded web view with a request containing: Authorization: Bearer <access_token>
4. The web resource validates the token and grants access immediately

This enables a secure bridge between native token state and web session state—without reauthentication.

Developer scenarios unlocked

This capability is especially impactful for CIAM developers building hybrid apps:

📱 Mobile + Web hybrid experiences Enable seamless transitions between native UI and web-based modules without re-login.

🛍️ Commerce and customer journeys Avoid authentication interruptions across checkout, billing, and account management flows.

🔒 Secure embedded experiences Maintain token-based security while delivering fully embedded web experiences.

🎯 Consistent branding Keep users inside your app—no redirects, no context switching—while maintaining authentication continuity.

Behind the scenes: Why this matters

Embedded web views are isolated from browser session state, which means they don’t automatically inherit SSO cookies. This historically forced developers to either:

• Re-authenticate users in the web view, or
• Use complex workarounds

With this release, EEID Native Auth introduces a first-class, token-based SSO model—bridging native authentication and web sessions in a secure and scalable way.

This is just the beginning of the SSO journey

While this GA unlocks SSO within a single application (native → embedded web view), it represents only the first step in a broader SSO vision for EEID Native Authentication.

We are actively investing in:

• SSO across multiple apps (native-to-native)
• SSO across devices and sessions
• Integration with broader identity ecosystems
• Advanced security scenarios (policy, conditional access, passkeys)

Our goal is to deliver a comprehensive, modern SSO platform for CIAM, built on the flexibility of Native Authentication.

Ready to get started with Native Authentication?

To begin using single sign-on (SSO) from native apps to embedded web views, configure Native Authentication in your Microsoft Entra External ID tenant and integrate your mobile application using the Native Authentication SDKs or APIs. Once your app successfully signs in users via native authentication, retrieve a valid access token and use it to load your embedded web view with the user’s authenticated context enabling a seamless, no‑relogin experience across native and web surfaces.

Stay connected and informed

To learn more or test out features in the Microsoft Entra suite of products, visit our developer center. Make sure you subscribe to the Identity blog for more insights and to keep up with the latest on all things Identity. And, follow us on YouTube for video overviews, tutorials, and deep dives.