Fashionable single sign-on (SSO) is an authentication methodology that allows customers to securely and effectively authenticate to a wide range of IT assets resembling networks, units, servers, purposes, and providers utilizing a single set of credentials. At JumpCloud®, we confer with fashionable SSO as True Single Signal-OnTM in comparison with the standard and outdated model of internet utility SSO.
The distinction right here is that internet app SSO solely connects customers to internet apps, whereas True SSOTM permits customers to hook up with nearly any IT useful resource through SSO by a wide range of open protocols. This enables IT admins to handle identities and entry it doesn’t matter what assets dwell inside their IT ecosystem. Fashionable SSO additionally serves different functions — it improves safety together with person and IT productiveness, reduces password fatigue and administration, streamlines the person expertise, prevents Shadow IT, and extra.
On this article, we’ll dive into an outline of how single sign-on works, protocols you want to concentrate on, how to decide on the protocols you want, and the way JumpCloud’s SSO answer works.
How Does SSO Work?
Single sign-on permits customers to authenticate to numerous IT assets with one username and password mixture based mostly on a trusted relationship between every useful resource and an identification supplier (IdP). Sometimes, this relationship’s basis stems from a certificates that’s exchanged between the useful resource (or service supplier (SP)) and the IdP when configuring SSO.
The certificates’s goal is to create a belief relationship between the SP and the IdP to confirm the integrity of the data being exchanged. Through the single sign-on course of, the identification knowledge being pushed from the IdP to the SP takes the type of tokens which include figuring out bits of details about the person. These tokens may be signed with the certificates used when creating the belief relationship.
When a person indicators into an SSO supplier’s portal, the IdP tracks that the person is already authenticated, normally through a session cookie. From there, any useful resource linked through SSO will examine with the SSO supplier when a person makes an attempt to entry that useful resource. If (Learn extra…)