Hi Mark,
One option which you can try is have the users in AD if that is possible. You may setup AD or SAML Authentication with SMP and get them authenticated. Later you can do a SSO2 Generator /principal propogation and have the data flowing to back-end system with the help of mobile applications.
SMP provides No Authentication option also, which is a direct pass through. Which is again not recommended for production scenarios.
Regards,
Nagesh