SSO Structure
What is SSO?
Single sign-on (SSO) is a technology which combines several different application login screens into one. With SSO, a user only has to enter their login credentials (username, password, etc.) one time on a single page to access all of their SaaS applications.
SSO is often used in a business context, when user applications are assigned and managed by an internal IT team. Remote workers who use SaaS applications also benefit from using SSO.
Imagine if customers who had already been admitted to a bar were asked to show their identification card to prove their age each time they attempted to purchase additional alcoholic beverages. Some customers would quickly become frustrated with the continual checks and might even attempt to circumvent these measures by sneaking in their own beverages.
However, most establishments will only check a customer’s identification once, and then serve the customer several drinks over the course of an evening. This is somewhat like an SSO system: instead of establishing their identity over and over, a user establishes their identity once and can then access several different services.
What are the advantages of SSO?
In general, SSO authentication works as follows:
- A user logs into one of the trusted applications — or into a central portal connecting all the trusted applications (such as an employee portal or college student web site) — using SSO log in credentials.
- When the user is successfully authenticated, the SSO solution generates a session authentication token containing specific information about the user’s identity — a username, email address, etc. This token is stored with the user’s web browser, or on the SSO or IAM server.
- When the user attempts to access another of the trusted applications, the application checks with the SSO or IAM server to determine if user is already authenticated for the session. If so, the SSO solution validates the user by signing the authentication token with a digital certificate, and the user is granted access to the application. If not, the user is prompted to reenter log in credentials.
Can JWT be used for SSO?
JSON web token (JWT) is a technique that can be used for single sign-on (SSO) between a custom application and another application. In this case JWT can be used for SSO to an Aha! Roadmaps ideas portal so that users of your web application can login to the portal and submit ideas using their application credentials.
