Single Sign-On (SSO) is an authentication scheme that allows users to access multiple applications with a single set of login credentials.
With SSO, users can log in once and be automatically signed in to all of their authorized applications. This eliminates the need to remember and enter different usernames and passwords for each application.
When SSO is integrated into apps like Gmail, Workday or Slack, it provides a pop-up widget or login page for the same set of credentials.
SSO is built on a concept called federal integrity : it enables sharing of identity information between trusted but independent systems.
There are a few different ways to implement SSO, but two of the most common protocols are OpenID Connect (OIDC) and Security Assertion Markup Language (SAML).
Related : Learn about the differences and similarities between OpenID Connect vs SAML here.
SSO using OpenID Connect
OIDC uses JWT or JSON Web Tokens to share identity and access information .
It is built on top of OAuth 2.0 (which is a widely used standard for authorization). It is designed to work well with web and mobile applications.
You have used OpenID connect in your daily life without realising it! When you use your personal google account to sign into applications like youtube you are using openid connect.
When a user logs in with OpenID Connect (OIDC), they are redirected to the OIDC provider (such as Google or Facebook), where they enter their login credentials. The provider then generates a JWT containing information about the user’s identity and access permissions, which is used to grant the user access to the requested application. You can learn more about OpenID Connect and it’s authentication flow here.
SSO using SAML
SAML(Security Asserion Markup Language) uses XML-based tokens to represent identity and access information.
SAML, compared to OIDC, is an older protocol. It has been widely used in enterprise environments for many years.
When a user logs in with SAML, they are redirected to the SAML Identity Provider( which could be an internal company server or a third-party provider). The Identity Provider authenticates the user and generates a SAML token containing information about their identity and access permissions, which is used to grant the user access to the requested application. To learn more about SAML and it’s authentication flow, click here.
Why use Single Sign On?
There are a few key benefits to using SSO in your organization and it is becoming increasingly popular. For one, it can greatly simplify the user experience by reducing the number of credentials (user ids and passwords) that users need to remember. This can reduce frustration and save time, especially for users who need to access multiple applications throughout the day.
Other benefits include :
- Enhanced security: SSO improves security by reducing the risk of password-related security breaches, such as phishing or password theft, as users only need to enter their login credentials once. This also makes it easier to enforce strong password policies and multi-factor authentication across multiple systems.
- Increased productivity: SSO improves productivity by allowing users to access multiple systems or applications quickly and easily, without needing to enter separate login credentials for each one. This saves time and reduces the need for IT support.
- Simplified IT management: SSO simplifies IT management by reducing the number of accounts and passwords that need to be managed. This makes it easier to provision and de-provision access to systems or applications. This also helps ensure compliance with security policies and regulations.
- Cost savings: SSO results in cost savings by reducing the need for IT support and training associated with managing multiple accounts and passwords. It also helps reduce the risk of security breaches, which can result in significant financial losses.
Overall, SSO can improve the user experience, enhance security, increase productivity, simplify IT management, and result in cost savings. These benefits make SSO a popular choice for organizations looking to streamline the login process and improve security.