In brief,
Single sign on allows users to access multiple services with single login.
Why single sign on?
Suppose there
is a company ABC, which provides number of applications like HRPortal, Payroll,
Travel, 24*7 Education etc., Before single sign on, if an employee wants to
access any application he has to login with his credentials.
Problems with this approach
a.
From Administrators perspective: Suppose employee X left the company,
admin has to find out all the
applications, that employee X can access and deactivate employee X credentials
one by one.
b. From
Employee perspective:
Let us assume there is separate credential for each application. For N number
of applications, employee has to remember n number of usernames and passwords,
which is very difficult.
Single sign
on solves this problem, by taking user credentials once, provides access to all
systems without being prompted to log in again at each of them.
There are 3
main components in single sign-on system.
Service Provider: Service provider is the one, which hosts
applications.
Identity Provider: An identity provider is a trusted provider that
enables you to use single sign-on to access other websites.
Database: Which stores user/employee credentials.
For example,
You can use Salesforce as an identity provider, then define one or more service
providers, so your users can access other applications directly from Salesforce
using single sign-on.
In simple
scenario,
1.
User
requests a service from service provider
2.
Service
provider starts the authentication process and redirects the request to the
registered Identity provider
3.
Identity
Provider requests user credentials.
4.
Identity
provider checks user credentials against company database.
5.
Identity
provider returns SAML response to user.
6.
Service
provider provides access to the user.
The
work-flow may little vary from enterprise to enterprise.
Many
companies provide single sign on implementations. Go through following wiki
article for more details.
Referred Articles
No comments:
Post a Comment