Single Sign-On (SSO)

    What is SSO?

    SSO, meaning Single Sign-On, is a session or user verification process that allows someone to enter one username and password in order to access multiple applications or software. The SSO solution authenticates the user for all the applications they’ve been given access to.

    An SSO system uses security assertion markup language, which enables users to enter one set of login credentials and access multiple applications.

    How does an SSO login work?

    An SSO login credentials are unique in that they allow a user access to multiple applications without having to remember multiple passwords or worry about password resets. Here’s how an SSO login typically works:

    User Authentication

    The SSO service provider verifies the user’s identity through their user credentials, or by using other authentication methods, like biometric authentication or multi-factor authentication.

    SSO Service Verification

    When a user signs in to a protected resource or application, they’re redirected to an SSO authentication service provider.

    Token Generation

    Once a user has been authenticated, the SSO service will generate an authentication token that contains information about the user’s identity and the user’s permissions within the application.

    Token Delivery

    That authentication token is then delivered securely to the user’s browser through an HTTP redirect or by embedding it within the response page.

    Authentication Token Presentation

    The user’s SSO credentials and authentication tokens are then shared with the application or service provider they are trying to access as proof of authentication.

    Application Verification

    The applications then validate the authentication tokens by sending it to the SSO service’s servers for verification.

    Token Validation

    The SSO service then verifies the authentication tokens, ensuring they were created and issued by a trusted authority and haven’t been tampered with before they are given to the correct user identities.

    User Authorisation

    Once the token is validated, the user is granted access based on the information contained within the authentication token.

    Session Establishment

    A session is established between the user and the application, so the user access remains throughout their session and there is no need to run through the authentication protocols again.

    Session Termination

    The session will remain active until the identity provider logs out of the platform, application, or service. Once the user has logged out, the authentication token provided earlier is invalidated and the user access is revoked so that sensitive data remains secure.

    Implementing SSO solutions can simplify the authentication process for users, enhance security, and improve the user experience by reducing the need for multiple passwords.