{"id":999961552,"date":"2022-07-08T16:45:42","date_gmt":"2022-07-08T11:15:42","guid":{"rendered":"https:\/\/f60host.com\/support\/?p=999961552"},"modified":"2022-07-08T16:45:42","modified_gmt":"2022-07-08T11:15:42","slug":"single-sign-on-how-does-sso-work","status":"publish","type":"post","link":"https:\/\/f60host.com\/support\/single-sign-on-how-does-sso-work\/","title":{"rendered":"What is Single Sign-On? How Does SSO Work?"},"content":{"rendered":"\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/f60host.com\/support\/wp-content\/uploads\/2022\/07\/Single-Sign-On.png\" alt=\"Single Sign-On\" class=\"wp-image-999961557\" title=\"Single Sign-On\"\/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">What is Single Sign-On?<\/h2>\n\n\n\n<p>Single Sign-On is an authentication solution that allows users to safely authenticate with numerous applications and websites using a <strong>single set of credentials<\/strong>. To make managing a variety of <strong>usernames and passwords<\/strong> easier, SSO can be used by individuals, smaller businesses, and enterprises.<\/p>\n\n\n\n<p>A user repository, such as a Lightweight <strong>Directory Access Protocol (LDAP)<\/strong> directory, is used to authenticate users in a basic online <a href=\"https:\/\/f60host.com\/directory-as-a-service-providers.php\">SSO service<\/a>. An interface module on the application server receives the unique authentication credentials for a given user from a specialized SSO policy server. <\/p>\n\n\n\n<p>The service authenticates the user for each application to which they have been granted access and removes subsequent password requests for each application throughout the same session.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How Does SSO work?<\/h2>\n\n\n\n<p>SSO operates on the basis of a trust relationship established between an application, known as the service provider, and an identity provider, such as <strong>F60Host<\/strong>. <\/p>\n\n\n\n<p>A certificate that is exchanged between the identity provider and the service provider frequently serves as the foundation for this trust relationship. <\/p>\n\n\n\n<p>In order for the service provider to know that the identity information is coming from a reliable source, this certificate can be used to <strong>sign identity information<\/strong> that is being transferred from the identity provider to the service provider. <\/p>\n\n\n\n<p>In Single Sign-On, this identity data is represented by tokens that include identifying details about the person, such as their <span style=\"text-decoration: underline;\">email address or username<\/span>.<\/p>\n\n\n\n<p>What is an SSO Token?<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Types of SSO configurations<\/h3>\n\n\n\n<p>Several SSO services make use of protocols like <strong>Kerberos <\/strong>and <strong>Security Assertion Markup Language (SAML)<\/strong>.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Kerberos<\/h4>\n\n\n\n<p>Once the user credentials are given in a Kerberos-based configuration, a <strong>ticket-granting ticket (TGT)<\/strong> is generated. Without requesting credentials again, the TGT retrieves service tickets for any additional apps the user desires to access.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">SAML<\/h4>\n\n\n\n<p>SAML is a standard for <strong>extensible markup language<\/strong> (XML) that makes it easier to send user authentication and authorization information between secure domains. The user, an identity provider that manages a user directory, and a service provider all communicate as part of <strong>SAML-based SSO services<\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">What is an SSO Token?<\/h3>\n\n\n\n<p>SSO token is a collection of data or information that is transmitted between systems during the SSO procedure. The information might be as basic as the user&#8217;s email address and details about the system that is sending the token. For the token receiver to be able to confirm that the token is coming from a reliable source, tokens must be digitally signed. During the initial configuration process, the certificate that is used for this digital signature is transferred.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The Benefits and Drawbacks of SSO<\/h2>\n\n\n\n<table>\n<tbody>\n<tr>\n<td>Less passwords and usernames need to be managed and remembered by users for each application.<\/td>\n<td>\n<div>\n<div>It does not handle specific security requirements that each application sign-on might have.<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr>\n<td>There is no need to reenter passwords, which streamlines the process of logging on and using programmes.<\/td>\n<td>\n<div>\n<div>Users are locked out of the numerous systems connected to the SSO if availability is lost.<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr>\n<td>It reduces the likelihood of phishing.<\/td>\n<td>\n<div>\n<div>Unauthorized users may have access to multiple applications if they succeed in getting in.<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<div>\n<div>It results in fewer issues or complaints regarding passwords for IT help desks.<\/div>\n<\/div>\n<\/td>\n<td>&nbsp;<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n<p>Know more about the <a href=\"https:\/\/f60host.com\/support\/benefits-of-single-sign-on\/\">Benefits of Single Sign-On<\/a> in detail<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The most renowned Single Sign-On providers<\/h2>\n\n\n\n<p>There are numerous well-known <strong>SSO vendors<\/strong>. Single Sign-On is an additional service that some companies offer. Some SSO providers are as follows:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/jumpcloud.com\/\" target=\"_blank\" rel=\"noopener\">JumpCloud<\/a> combines access control and device management, with SSO offered as a core feature of this cloud-based alternative to Microsoft Active Directory and Okta.<\/li><li>Rippling allows users to sign in to cloud applications from numerous devices.<\/li><li>Avatier Identity Anywhere is an<strong> Single Sign-On<\/strong> solution for Docker-based platforms.<\/li><li>OneLogin is a cloud-based identity and access management (IAM) software that supports SSO.<\/li><li>Okta is a tool with Single Sign-On capabilities. Okta is largely used by business users and also supports 2FA.<\/li><\/ul>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>What is Single Sign-On? Single Sign-On is an authentication solution that allows users to safely<span class=\"excerpt-hellip\"> [\u2026]<\/span><\/p>\n","protected":false},"author":1,"featured_media":999961557,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[63],"tags":[64,65],"class_list":["post-999961552","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-jumpcloud","tag-sso-provider","tag-what-is-single-sign-on"],"_links":{"self":[{"href":"https:\/\/f60host.com\/support\/wp-json\/wp\/v2\/posts\/999961552","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/f60host.com\/support\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/f60host.com\/support\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/f60host.com\/support\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/f60host.com\/support\/wp-json\/wp\/v2\/comments?post=999961552"}],"version-history":[{"count":0,"href":"https:\/\/f60host.com\/support\/wp-json\/wp\/v2\/posts\/999961552\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/f60host.com\/support\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/f60host.com\/support\/wp-json\/wp\/v2\/media?parent=999961552"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/f60host.com\/support\/wp-json\/wp\/v2\/categories?post=999961552"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/f60host.com\/support\/wp-json\/wp\/v2\/tags?post=999961552"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}