Can I use SSO to sign in to AppCheck?

This is not currently supported.  If this feature would be valuable to you please raise a ticket with AppCheck Support and we will add your name to the feature request.  We cannot promise at this time if or when this will be selected for implementation, but letting us know you are interested helps us to prioritise future development.

Can I scan applications that use SSO?

SSO platforms will usually provide a login page which can be accessed when browsing to the application when not already authenticated, so the use of SSO in your own application should not effect AppCheck's ability to scan the application - it can simply log in using the form.

In the rare situation where such a form is not accessible then extra setup may be required, for example the provision of a permanent token which can be added to the scan configuration.  The best way to think about this is to ask how you would grant access to a human accessing your application through a web browser from a server that you cannot install your own software on (the AppCheck scan hub) - the scanner will access it much the same way a human would.