Guide to Digital Identity — Part 4 (Single Sign-on)

What is Single Sign-on (SSO) and how it works

  • Consumers access multiple applications of the same provider; they don’t need to create and remember separate credentials for each application; they log in once and access various applications of that provider. Example: Google, Youtube, Gmail, etc.
  • Employees access numerous applications daily; they don’t need to create and remember separate credentials for each application; they can log in once and access various applications used in the organization. Example: HR Portal, Resource Portal, Organizational Account, etc.
  1. Consumer lands on the a.com to log in, clicking the login link redirects the consumer to the Identity Provider page.
  2. On the Identity Provider page, the consumer enters the login credentials and gets logged into the a.com application.
  3. Later, the consumer lands on the b.com to log in, clicking the login link redirects the consumer to the Identity Provider page.
  4. Since the consumer is already logged in on the Identity Profile, the consumer gets automatically logged into the b.com application.
  • Service Provider: The consumer visits this application for service — for example, eCommerce application. In the SSO ecosystem, the SP is considered a Slave.
  • Identity Provider: The service provider receives the consumer authentication status from the Identity Provider. In the SSO ecosystem, the IDP is considered a Master.

Types of SSO

When should you use SSO for Websites/Apps

  • As an organization, you have multiple Web and Mobile applications that need to be accessed by your employees (in office and remotely). Rather than managing Identity Information for each application, you want to store and use the identity from one source for authentication and authorization.
  • As an organization, you have employees and independent contractors who need to access your application(s). However, the access rights and identity source of both the roles are different. Employee details are stored in on-premises IAM, and contractor details are stored in a separate source. Thus, at present, your application has multiple identity sources for the authentication and authorization processes.
  • As an organization, you have multiple web and mobile applications that are used by your consumers. For the seamless user experience and quick authentication, you don’t want the consumers to create their accounts on all those applications. SSO turned out to be the best solution in such cases. For example — an Amazon account lets you log in to both e-commerce and media platforms of Amazon.
  • As an organization, you want to use external well-known identity providers to access your application to save a lot of your consumers’ time and provide a seamless user experience. For example — Login with Facebook, Login with Google, etc.

How SSO benefits your business

  • Consumers with just one password to access all their applications won’t require assistance as often.
  • Any change in account or credentials requires modification once, and SSO enables the use of updated information across linked applications. Thus, reducing the IT efforts involved in the maintenance.
  • In the case of enterprises, when the employee leaves, revoking the access of one account revokes access from all the SSO linked applications.

--

--

--

Tech Entrepreneur, CyberSecurity innovator and author. Developer at heart. Co-founder/CTO of @LoginRadius, Upcoming stuff: https://guptadeepak.com

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Why did I use WordPress for my portfolio website?

Deploy over SSH from Gitlab CI pipeline

My Path to F#

How to Use Bitwise Operators

Best Microsoft Team Integration

Trello

Azure kubernetes Service -AKS

Endpoint monitoring with Prometheus and Blackbox Exporter

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Deepak Gupta

Deepak Gupta

Tech Entrepreneur, CyberSecurity innovator and author. Developer at heart. Co-founder/CTO of @LoginRadius, Upcoming stuff: https://guptadeepak.com

More from Medium

Secure your Software Supply Chain on GCP #DevSecOps

Security — A first principles based analysis

Accelerating IOT Transformation with Cloud Networking as-a-Service

Smart elevator technology — Elevating to new levels of innovation with IoT and AI