ADD ON: SSO (Single Sign-On)

 

What is SSO (Single Sign-On)

 

Single Sign-On (SSO) is an authentication process that allows users to access multiple applications or services with a single set of login credentials. Instead of having to remember and enter different usernames and passwords for each application, users log in once to a central authentication service and then gain access to all linked systems without needing to log in again.

 

Examples of SSO providers include: Okta, Auth0, and Microsoft Azure Active Directory (Azure AD), and many more! 

Benefits of SSO

1. Unified Access: Users can access multiple applications or services after logging in just once.

2. Improved Security: By reducing the number of passwords users need to remember and manage, SSO can lower the risk of weak or reused passwords. Centralized authentication also makes it easier to enforce strong security policies.

3. User Convenience: Simplifies the login process for users, leading to a smoother and more efficient experience.

4. Centralized Management: IT administrators can manage user access and permissions from a single point, streamlining administrative tasks and improving oversight.

5. Integration: SSO systems often integrate with various identity providers and applications, facilitating access across diverse platforms and services.

 

SAML Setup

SAML (Security Assertion Markup Language) is an open source standard for authentication. It allows an organization to use one set of credentials along multiple systems by exchanging information between IDP (Identity Providers) and SP (Service Providers).

Customer requirements:

The customer must provide the following information to Sessionboard to enable SAML 2.0 SSO:

1. Identity Provider Name - A SAML application created in the vendor identity provider.

2. x509 Certificate 

3. Issuer: Used to identify the provider’s application uniqueness

4. Domain: which domain is intended to support SSO).

5. SSO URL 

6. Test User: To confirm the login flow

Sessionboard will provide the following information to the customer:

• Assertion Consumer Service URL: This is the url that receives a POST call from the identity provider with the SAML assertion. This endpoint will use the certificate to check that.

• Issuer URL: This is an identifier of the SP.

• id: default ID from the SAML remote user directory.

• firstName: user first name, used to reference the user and associated contact in our system

• lastName: user last name, used to reference the user and associated contact in our system

• email: user email that is used to log into Sessionboard and for authentication communications (password reset, new user invitation, etc.)

• nameID: also user email

OIDC Setup 

OIDC is a protocol created by the OpenID foundation and wraps OAuth2.0. OAuth2.0 is an authorization protocol while the ultimate goal of OIDC is authentication. It works using a flow of HTTP requests between the OIDC Provider and the Relaying Party. 

The customer must provide the following information to Sessionboard to enable OIDC SSO: 

• Identity Provider Name

• Domain: Optioinal, required if SSO is for Admin

• Authorization URL

• Issuer

• Token Url

• User Info URL

• Client ID

• Client Secret:

• Scopes

Sessionboard will provide the following information to the customer:

• Callback URL 

By default Sessionboard expects the following attributes to be returned as part of the user profile:

• sub: default ID

• given_name: Its the first name.

• family_name: Its the last name.

• preferred_username:  email

 

If you are ready to set up SSO in your account please reach out to support@sessionboard.com and we will be happy to assist.