What is Single Sign-On?
Single Sign On (SSO) refers to the process of ” one-time login” and ” Stay logged in”. With the help of SSO, the user gets access to services, applications or resources via a one-time authentication process. Thus, Single Sign-On creates an identity of the user across all systems. In the process, various credentials and different authentication procedures are replaced by a uniform and unique login. This ensures that switching between applications runs smoothly and remains so until Single Sign-Off.
One-time authentication: Single Sign-On explained with an example.
ADVANTAGES & BENEFITS OF SINGLE SIGN-ON
With Single Sign-On, the user gets a uniform login across to all the channels and does not have to remember different login data, which is quite common at present. With a single login, the user can thus reach all systems of the company. Additionally, digital identities can be managed centrally, which significantly reduces the workload for administrators.
Besides the high and time-consuming logins, the numerous credentials also require various password updates from time to time or often lengthy "password forgotten" activities. With Single Sign-On, the user avoids the tedious password processes for many different accounts and, after only one login, gains access to the systems.
With cidaas, the user can choose one of the 12 different authentication methods and thus avoids the passwords which the BSI considers insecure. In case of a password as the authentication method, the Single Sign-On significantly reduces the frequency of input and thus the risk of attack by cyber criminals. Furthermore, a user is more likely to remember a "strong" password and thus tends to choose a simple combination of characters less often.
How exactly does a Single Sign-On work?
If a user needs different applications, which in turn have different accesses, numerous access data are required. The user must therefore remember login data for all applications he wants to access.
With the help of an Identity and Access Management (IAM) system, a created identity can be used for different applications. Each access request is checked against the IAM system to ensure that the user is authenticated and authorized to access the resource. Functionally it looks as follows
The user accesses the desired digital service. The service communicates with the IAM system to check whether a valid token is available. In case of a valid token, the user is taken to the login page. After successful login, the IAM system issues a new valid token to the application Provided that the token is valid, the user is granted access to the resources authorized for him. A smooth Single-Sign-On procedure works with the help of the standards: Open ID Connect, OAuth2 and SAML.
Use Case Business Domain for Single Sign-On
To make it as convenient as possible for B2B customers or partners to access their own systems, Single Sign-On is also used here. Different identity providers, e.g. those of the customer, can be integrated very easily.
Business to Consumer/ Customer
Inspire customers with smooth access to applications or services. Customers can move through all the digital services provided by a company, such as portals and online shops, without registering.
For example, customers can also use popular social media providers such as
to be authenticated instead of creating another account for a service
Business to employee
With the SSO feature, the deployment and management of employees can be simplified. Rather than tracking credentials for each individual service, employees can log in once and gain access to all authorized services. And the best part is that it also simplifies the onboarding as well as the off-boarding of employees. Only a single account needs to be activated/deactivated, instead of numerous individual accounts.
Secure, convenient and cost-saving login due to Single Sign-On
Financial service provider
Financial service provider
More comfort and security for your customers, less effort for your administration.
No time-consuming, cost-intensive administrative activities, in managing the access of your students and staff.
Unique customer experience - the unique log-in allows customers to move around omnichannel comfortably and to recognize them, no matter which channel they use.
More recreational enjoyment for your customers. Comprehensive identity from ticket purchase and entry to enjoyment of additional services.
Various applications, systems or services can be controlled quickly, easily and safely.
Single Sign-On is also a helpful feature for numerous other industries to increase convenience and minimize time consumption.
The user remains permanently logged in unless a time barrier is activated and automatically logs out the user after a certain period of inactivity.
With the help of an Identity and Access Management Tool and the use of modern standards such as Open ID Connect, OAuth2 and SAML, the Single Sign-On feature offers ideal protection for your digital services.
cidaas – Cloud Identity & Access Management (Cloud IAM)
- Focus on user-friendly management of digital identities in any form
- Unique and secure user experience with modern 2 Factor-Authentication
- General Data Protection Regulation Act-compliant and customisable consent management