SSO - Getting started
  • 18 Nov 2021
  • 2 Minutes to read
  • Contributors
  • Dark
    Light
  • PDF

SSO - Getting started

  • Dark
    Light
  • PDF

Overview

Single Sign-On or SSO as the term suggests, allows for user authentication and access to multiple applications or websites with a single login event.

A user logging into an application or website with the SSO feature enabled would be able to log on to other applications listed by the Service provider, without the user having to key-in their login credential every single time for each of the applications.


How it works

Most websites or applications in this context, Document360 are termed as Service providers have a dedicated secure database for user information and their credential. But for applications or services that provide Single Sign-On feature an external entity, the Identity Provider or IdP is brought in, to ease the user experience in accessing the application.

Here’s a sequential rundown on how the Single Sign-on (SSO) feature operates

  1. The user visits the intended service provider or application domain sign-in page
  2. Redirection takes place to the Identity Provider (IdP) login page
  3. The user signs-in with correct credentials
  4. IdP domain matches the user information and sends an Access token or ID token to Service Provider
  5. The validation of the access/Id token with user information is successful on the Service provider’s end
  6. A trust relationship is established between the IdP and Service provider

As the authentication is successful the user is now authorized to access SSO enabled applications within the service provider without the whole process of Signing in for each instance


Identity Provider or IdP

An external entity that stores and manages the identity information of users; the IdP also authenticates the users by facilitating the Single Sign-On (SSO) feature. Identity Provider handles the credentials that users use to log in to web applications, file servers, systems, and other digital services. Any single entity stored by the IdP is referred to as a ‘principal’.

Here are some IdP you can configure with Document360

  • Okta
  • Azure AD
  • Google
  • Auth0

SSO Standards on Document360

Single Sign-On feature is established with two broad standard protocols adopted by Document360.

1. SAML 2.0

Using Okta as IdP

  1. Okta configuration as IdP for SAML
  2. Okta to Document360 SAML configuration

Using Azure AD as IdP

  1. Configuring SAML SSO with Azure AD

Using Google as IdP

  1. Configuring SAML SSO with Google

2. OpenId Connect

Using Okta as IdP

  1. Okta configuration as IdP for OpenID
  2. Okta to Document360 OpenID configuration

Using Auth0 as IdP

  1. Configuring OpenID SSO with Auth0

Was this article helpful?