Guide to Digital Identity — Part 4 (Single Sign-on)

When it comes to Digital Identity concepts, Authentication is one of the most important. The previous articles of the Guide to Digital Identity series have included the knowledge bundle for it. In continuation, this article is dedicated to Single Sign-On (SSO), which is also an authentication concept.

What is Single Sign-on (SSO) and how it works

Single Sign-On (SSO) refers to the authentication process that allows consumers to access multiple applications with a single login credential and an active login session. The following are the two examples of the Single Sign-On environments:

  • Employees access numerous applications daily; they don’t need to create and remember separate credentials for each application; they can log in once and access various applications used in the organization. Example: HR Portal, Resource Portal, Organizational Account, etc.
  1. On the Identity Provider page, the consumer enters the login credentials and gets logged into the a.com application.
  2. Later, the consumer lands on the b.com to log in, clicking the login link redirects the consumer to the Identity Provider page.
  3. Since the consumer is already logged in on the Identity Profile, the consumer gets automatically logged into the b.com application.
  • Identity Provider: The service provider receives the consumer authentication status from the Identity Provider. In the SSO ecosystem, the IDP is considered a Master.

Types of SSO

Web/Mobile SSO: The Single Sign-on capability on the browser/mobile level across applications. In this, typically, the same organization owns the Identity and Services; thus, the SSO can be established with methods like session sharing or cookies.

When should you use SSO for Websites/Apps

The following are a few example use cases, where SSO is extremely useful to fulfill your business requirements:

  • As an organization, you have employees and independent contractors who need to access your application(s). However, the access rights and identity source of both the roles are different. Employee details are stored in on-premises IAM, and contractor details are stored in a separate source. Thus, at present, your application has multiple identity sources for the authentication and authorization processes.
  • As an organization, you want to use external well-known identity providers to access your application to save a lot of your consumers’ time and provide a seamless user experience. For example — Login with Facebook, Login with Google, etc.

How SSO benefits your business

Reduces Password Fatigue: Remembering one password instead of many makes consumers’ lives easier. As a result, consumers tend to set up strong passwords.

  • Any change in account or credentials requires modification once, and SSO enables the use of updated information across linked applications. Thus, reducing the IT efforts involved in the maintenance.
  • In the case of enterprises, when the employee leaves, revoking the access of one account revokes access from all the SSO linked applications.

CyberSecurity innovator and author. Developer at heart. Co-founder/CTO of @LoginRadius, 🇮🇳 learn more — https://guptadeepak.com