Single Sign-On (SSO)
Premieum Feature: SSO
Single Sign-On (SSO) is an authentication process that allows users to access multiple applications or systems with one set of login credentials. Some benefits of SSO include:
Security
Ensures better security of user credentials by providing a standardized and unique method of identification.
Simplified user management
A single source (identity provider) where access to applications for users in your organization is managed.
Improved user experience
Eliminate credential management fatigue.
The two main protocols used for SSO are:
Didomi only supports SSO based on SAML 2.0 standard protocol.
SAML (Security Assertion Markup Language) is an open standard for exchanging authentication and authorization data between parties. SAML is extensively used by enterprises and governments for sharing identity data in a highly-secured manner.
The service provider and the identity provider build a trusted relationship, where the user identity is transferred using signed SAML messages instead of passwords. Data is transferred in XML structure, through HTTP or SOAP mechanisms.
OAuth 2.0 is an industry-standard authorization framework that enables a third-party application to access limited user data from another service. The authorization server provides the client app with an access token on a specific list of resources. The client app will then use this token to access the authorized resources.
Social Login, for example, is a use case that utilizes the OAuth 2.0 protocol. It consists of reusing the existing credentials from a social network like Google, Microsoft, etc... The user can sign into their social network account without the need to go through the creation flow to simplify registration and logins.
For your convenience, Didomi has compiled the following table to compare the differences between SAML and OAuth 2.0 (e.g. Social Login):
Use case
Used for authentication into a workspace. System administrators can enforce and control authentication means of their users (e.g. multi-factor authentication).
Used by individual users to login with their social network account.
Security
Based on signed SAML messages which is more secure than the OAuth 2.0 social login.
SAML responses are digitally signed. They detect data manipulation in transit and can be encrypted if transport encryption (HTTPS) is insufficient.
Based on HTTP/HTTPS redirects only.
Purpose
SAML is a matter of both authentication and authorization. It verifies a user's identity and permissions in order to grant or deny the access to a given application.
Social login is a matter of authorization. It controls authorization to a protected resource such as an application or a set of files
Last updated