Saturday, 8 August 2015

Single Sign on

In brief, Single sign on allows users to access multiple services with single login.

Why single sign on?
Suppose there is a company ABC, which provides number of applications like HRPortal, Payroll, Travel, 24*7 Education etc., Before single sign on, if an employee wants to access any application he has to login with his credentials.
Problems with this approach
a.   From Administrators perspective: Suppose employee X left the company, admin has to find out all the applications, that employee X can access and deactivate employee X credentials one by one.
b.   From Employee perspective: Let us assume there is separate credential for each application. For N number of applications, employee has to remember n number of usernames and passwords, which is very difficult.

Single sign on solves this problem, by taking user credentials once, provides access to all systems without being prompted to log in again at each of them.

There are 3 main components in single sign-on system. 
Service Provider: Service provider is the one, which hosts applications.

Identity Provider: An identity provider is a trusted provider that enables you to use single sign-on to access other websites.

Database: Which stores user/employee credentials.

For example, You can use Salesforce as an identity provider, then define one or more service providers, so your users can access other applications directly from Salesforce using single sign-on.

In simple scenario,
1.   User requests a service from service provider
2.   Service provider starts the authentication process and redirects the request to the registered Identity provider
3.   Identity Provider requests user credentials.
4.   Identity provider checks user credentials against company database.
5.   Identity provider returns SAML response to user.
6.   Service provider provides access to the user.

The work-flow may little vary from enterprise to enterprise.

Many companies provide single sign on implementations. Go through following wiki article for more details.

Referred Articles





Prevoius                                                 Next                                                 Home

No comments:

Post a Comment