SSO Configuration
Single Sign-On (SSO) is an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials. Many protocols and standards are available when identifying and working with the SSO. These include:
SAML, OAuth, OIDC, Kerberos, and Smart Card Authentication.
SAML
SAML is an open standard that encodes text into machine language and enables the exchange of identification information. It has become one of the core standards for SSO and is used to help application providers ensure their authentication requests are appropriate. In addition, SAML 2.0 is specifically optimized for use in web applications, enabling the transmission of information through a web browser.
Here, the Identity and Service Provider plays a vital role as they are the central management system for authentication.
Identity Provider(IDP): A centralized management system or repository responsible for authenticating the user and passing the details to the Service Provider.
Service Provider(SP): The owner of the Applications whose services the user will use. It trusts the IDP and uses it for authenticating.
The SSO functionality is applicable from version 7.3 and above.
SSO Flow
Initially, the user requests a SAML SSO to access the Service Provider’s (SP) service. Next, the SP asks the IDP for authentication, where the IDP checks the user’s existence and replies to the SP. The communication between the SP and IDP takes place in the SAML data format.
Authentication Flow
- The Service Provider (SP) initiates the sign-in flow when the user tries to access or sign-in directly on the service provider’s site. If the user has an inactive session with the SP, the user will get redirected to the IDP for authentication. Thus, the user will get redirected to the SP on successful login.
- The Identity Provider (IDP) initiates the sign-in flow when the user goes to the IDP and views a list of SPs he has to access. Thus, on choosing an SP from that list, the user will get redirected to that SP.
This section provides the following tabs:
- Identity Providers: You can create and manage multiple Identity Providers of which one will be the primary and the rest secondary.
- User Imports: You can import users from the configured servers.
- SSO Preference: You can set the preferences for SSO.