SSO - Single Sign-On
Passwords are a mess!
Especially when you need to memorize that one password that you have used on a particular website 😥
But no worries SSO will hold your hand and help you to surf over this digital ocean effortlessly 😎
But what is SSO?
Single Sign-On (SSO) is an authentication process.
Users can access multiple applications or websites using only a single login credentials.
There are 3 main components:
1. Identity Provider (IdP)
-Authenticates user identities and provides tokens to prove their identities to others.
-When a user tries to access a service, the service redirects the user to the IdP.
-The IdP asks the user to log in and validates the credentials.
-Once validated, it sends a token back to the service provider.
2. Service Provider (SP)
-Provides the end service (like a dashboard, tool, or app) the user wants to use.
-When a user tries to access the service, the SP receives a token from the IdP.
-The SP validates the token and grants access to the service.
3. Identity Broker
-Sits between the IdP and multiple SPs to translate the authentication credentials.
-It is helpful in scenarios where multiple IdPs or SPs use different standards.
-The Identity Broker receives the token from the IdP and translates it into a format that the SP can understand, or vice versa.
The Workflow
-Initial Request: The user accesses one of the service providers for the first time. This service provider redirects the user to the Identity Provider (IdP).
-Authentication: The IdP prompts the user for credentials. After verifying them, the IdP generates a token.
-Token Issued: The IdP sends this token back. The service provider validates the token and grants the user access to the service.
Next Access: The system reuses the same token or session when the user attempts to access another service within the SSO scope. This way, the user doesn’t have to log in again.
Pros
- Easier for users.
- Centralizes account management.
- Reduces password fatigue.
Cons
- If the IdP is compromised, multiple services are at risk.
- Complexity in setup and maintenance.
SSO sounds simple, but the reality is different
Feel free to add anything I missed 😊🌱
