We are deploying a WAB (developer edition) based application on our own web server, but we need an authentication mechanism so that only authorized people can see the content. These end users are both within and outside of our organization. We have an ArcGIS Online for Organizations account and so do these other groups.
We would like to have folks to be able to authenticate using their own AGO accounts. This seems to suggest it is possible:
Following those directions, we were able to add a user from another AGO organization account into one of our AGO groups and then share content with them. They can open the web map that the application is based on, and they can share content to the group so it can be included in the web map. All of the content for this application is shared with this group (not 'everyone')
We deployed the WAB based application on our web server. When we open the app, we are prompted by AGO to log in and if we use an account from our own organization it opens, but if the user from another organization logs in it tells them they are not authenticated and nothing appears on the map.
So, if they log in to their own AGO organization account they can see the content of the web map shared to the group, but if they are prompted by the application on our own web server and use the same credentials, they can't see the content.
Should it be possible to do what we are trying to do? Is AGO set up in such a way that sharing content in this way is not possible? Are there any other reasonable solutions for authenticating access to an application based on WAB and AGO web maps?