Single Sign-On (SSO)
Only a single login: fast access to all platforms with Single Sign-On
What is Single Sign-On?
Single Sign-On (SSO) refers to the process of “one-time login” and “Stay logged in”. With the help of SSO, the user gets access to services, applications or resources via a one-time authentication process. Thus, Single Sign-On creates an identity of the user across all systems. In the process, various credentials and different authentication procedures are replaced by a uniform and unique login. This ensures that switching between applications runs smoothly and remains so until Single Sign-Off.
One-time registration, access all digital channels and use all services comfortably.
Stay logged in for more customer convenience
User deduplication allows you to link several accounts of one person to a unique digital identity
One-time authentication: Single Sign-On explained with an example.
ADVANTAGES & BENEFITS OF SINGLE SIGN-ON
Comfort
With Single Sign-On, the user gets a uniform login across to all the channels and does not have to remember different login data, which is quite common at present. With a single login, the user can thus reach all systems of the company. Additionally, digital identities can be managed centrally, which significantly reduces the workload for administrators.
Time saving
Besides the high and time-consuming logins, the numerous credentials also require various password updates from time to time or often lengthy “password forgotten” activities. With Single Sign-On, the user avoids the tedious password processes for many different accounts and, after only one login, gains access to the systems.
Security
With cidaas, the user can choose one of the 12 different authentication methods and thus avoids the passwords which the BSI considers insecure. In case of a password as the authentication method, the Single Sign-On significantly reduces the frequency of input and thus the risk of attack by cyber criminals. Furthermore, a user is more likely to remember a “strong” password and thus tends to choose a simple combination of characters less often.
How exactly does a Single Sign-On work?
If a user needs different applications, which in turn have different accesses, numerous access data are required. The user must therefore remember login data for all applications he wants to access.
With the help of an Identity and Access Management (IAM) system, a created identity can be used for different applications. Each access request is checked against the IAM system to ensure that the user is authenticated and authorized to access the resource. Functionally it looks as follows
The user accesses the desired digital service. The service communicates with the IAM system to check whether a valid token is available. In case of a valid token, the user is taken to the login page. After successful login, the IAM system issues a new valid token to the application Provided that the token is valid, the user is granted access to the resources authorized for him. A smooth Single-Sign-On procedure works with the help of the standards: Open ID Connect, OAuth2 and SAML.
Use Case Business Domain for Single Sign-On
Business to Consumer/ Customer
Inspire customers with smooth access to applications or services. Customers can move through all the digital services provided by a company, such as portals and online shops, without registering.
For example, customers can also register and stay registered directly via popular social login providers:
Impress your customers with modern authentication, single sign-on and an excellent user experience on your platform.
Business to Business
To make it as convenient as possible for B2B customers or partners to access their own systems, Single Sign-On is also used here. Thus, in addition to remaining logged in, different identity providers, e.g. those of the customer or partner, can be integrated very easily.
Business to Employee
With the SSO feature, the deployment and management of employees can be simplified. Since an employee has a unique digital identity, authorisations are managed centrally for all systems. This creates transparency and less administrative work. With a single log-in, employees can move between the different systems without the need to log in. Best of all, the onboarding and offboarding of employees is also simplified. Because only one single account needs to be activated/deactivated instead of maintaining numerous individual accounts.
Secure, convenient and cost-saving login due to Single Sign-On
Financial service provider
Financial service provider
More comfort and security for your customers, less effort for your administration.
Education
Education
No time-consuming, cost-intensive administrative activities, in managing the access of your students and staff.
E-Commerce
E-Commerce
Unique customer experience – the unique log-in allows customers to move around omnichannel comfortably and to recognize them, no matter which channel they use.
Recreational providers
Recreational providers
More recreational enjoyment for your customers. Comprehensive identity from ticket purchase and entry to enjoyment of additional services.
Industry
Industry
Various applications, systems or services can be controlled quickly, easily and safely.
Further industries
Further industries
Single Sign-On is also a helpful feature for numerous other industries to increase convenience and minimize time consumption.
Frequently Asked Questions
How can an SSO be terminated?
The user remains permanently logged in unless a time barrier is activated and automatically logs out the user after a certain period of inactivity.
How secure is a Single Sign-On?
With the help of an Identity and Access Management Tool and the use of modern standards such as Open ID Connect, OAuth2 and SAML, the Single Sign-On feature offers ideal protection for your digital services.
cidaas – Cloud Identity & Access Management (Cloud IAM)
- Focus on user-friendly management of digital identities in any form
- Unique and secure user experience with modern 2 Factor-Authentication
- General Data Protection Regulation Act-compliant and customisable consent management