An overview on Single-Sign-On
After reading this article you will know:
- What is Single-Sign-On and how does it work
- How to configure SSO in Quixy
Single sign-on (SSO) is an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials. It asks the users to enter the credentials to log in to an application only once.
SSO operates on the basis of a trust relationship established between an application, known as the service provider, and an identity provider, such as Azure (Microsoft IP). This trust relationship is frequently founded on the exchange of a certificate between the identity supplier and the service provider. This certificate can be used to sign identity information transmitted from the identity provider to the service provider, ensuring that it comes from a trusted source. In SSO, this identity data is represented by tokens, which contain identifying information about the user, such as an email address or a username.
The login flow usually looks like this:
- A user browses to the application or website they want access to, aka, the Service Provider.
- The Service Provider sends a token that contains some information about the user, like their email address, to the SSO system, aka, the Identity Provider, as part of a request to authenticate the user.
- The Identity Provider first checks to see whether the user has already been authenticated, in which case it will grant the user access to the Service Provider application and skip to step 5.
- If the user hasn’t logged in, they will be prompted to do so by providing the credentials required by the Identity Provider. This could simply be a username and password or it might include some other form of authentication like a One-Time Password (OTP).
- Once the Identity Provider validates the credentials provided, it will send a token back to the Service Provider confirming a successful authentication.
- This token is passed through the user’s browser to the Service Provider.
- The token that is received by the Service Provider is validated according to the trust relationship that was set up between the Service Provider and the Identity Provider during the initial configuration.
- The user is granted access to the Service Provider.
How to configure SSO?
- Click Admin Menu > Preferences > Single Sign On(SSO)
- On Single Sign On page, Select the identity provider among Azure, Okta, and Auth0 which you use for your organization to configure SSO.
- Select the provider Type between OIDC and SAML.
Note: Every field has a statement which helps you to understand what kind of information that need to be filled in the respective fields
- The options shown in the image below are same for any type of identity provider that you select and each option has a proper description which will guide you on what kind of information that need to be filled in the fields.