We plan on trying certificate authentication (X509 Client Cert Template Auth Scheme) for an "IWA-like" authentication experience, ie, where the user does not need to manually enter credentials.
This does work quite well for native safari-based web applications.
Since true mobile apps typically contain wrappers, access to the client certificate is a little more challenging.