SSO – Single Sign On (1 of 2)
SSO – Single Sign On
is a technology that allows users to access multiple applications or services with one set of credentials.
- It relies on a trusted third party called “Identity Provider” – IdP
- Identity Provider: authenticates users and generates tokens to access other applications
- Service Providers (SPs): use the tokens generated by the IdP
- Tokens can use the following formats and protocols: SAML, OAuth, OpenID Connect, JWT
- SLO – Single Logout : (in SPs) is possible in some of the protocols
- Pros: Reduction in the number of passwords to know
- Pros: Reduce the risk of phishing, credential stuffing, and password breaches
- Cons: IdP should have high availability. All SPs rely on it
- Cons: Complex integration of new SPs
- Examples: Auth0, Azure Active Directory, Okta, CyberArk, OneLogin, JumpCloud