Certificate-based authentication (CBA)

Certificate-based authentication (CBA) is a security mechanism in which users authenticate using digital certificates. It’s commonly used in enterprise environments to enhance security by ensuring that only authorized users can access certain systems or applications. No physical passwords are used, simplifying the login process; there is no need to remember them or enter them manually.
The FORM Android application allows CBA based on its WebView. This process involves several key steps:

1. Certificate Selection: When a user accesses an app, they are prompted to select a certificate for authentication. This certificate is typically stored on the device and provided by the user's IT service.

2. Certificate Submission: The selected certificate is submitted to the authentication system. The WebView component handles this process, ensuring the certificate is passed securely to the backend authentication service.

3. Mapping and Validation: The authentication service (such as Microsoft Entra ID) maps the certificate fields (like the subject name and issuer) to the user attributes configured in the system. This mapping ensures that the certificate corresponds to a valid user account.

4. Authentication: Once the mapping is successful, the user is authenticated and granted access to the application. The WebView component ensures that the session is maintained securely throughout the user’s interaction with the app.

5. Security Enhancements: Using certificates provides a high level of security by offering phishing-resistant authentication and supporting multifactor authentication.