Single Sign-On (SSO) is an aspect of Identity and Access Management (IAM) that enables users to authenticate themselves with only one set of credentials – generally a set of username and password – securely with several websites and applications, by signing in only once. The website or application (that the user is trying to access) relies on a trusted third party with Single-Sign-On solutions to verify that users are actually who they say they are.
Authentication Without Single-Sign-On
Every website has its own user database and credentials. Without a Single-Sign-On solution, this is what happens when you try to log-in to an app or website:
1. If the website finds, upon checking, that you are already authenticated, it gives you access.
2. If you aren’t, the website will prompt you to log in and check your username and password against user database.
3. The site transfers authentication verification data after you log in as you browse the website, verifying that you have already been authenticated each time you visit a new page.
The Functioning of Single-Sign-On
A relationship of trust between domains (websites) underlies an SSO authentication (e.g., PeopleSoft SSO). When you log in to an app or website having Single-Sign-On:
1. If you are already authenticated by the SSO solution, then you are allowed access.
2. It takes you to the SSO solution if you haven’t already been authenticated.
3. For enterprise access, you enter the username/password.
4. The SSO solution asks your company’s Identity Provider or authentication system for authentication. They search and notify the SSO solution of your identity.
5. The SSO solution transfers the authentication information of the website and returns you to that domain.
6. After signing in and moving through the web, the site continues to transfer authentication verification data verifying that you are authenticated each time you go to a new tab.
The SSO website verifies the identity of users with an ID provider. Each new website checks when the user is trying to access it with the SSO solution. Because the user has already been authenticated, without needing more login, it verifies the user’s identity on the new platform.
The Constituents of a True SSO System
Understanding the difference between Single-Sign-On and password vaulting, which is also known as SSO, is crucial. You may retain the same username and password. Still, you must enter it each time you switch to another application or website with password vaulting.
For example, with PeopleSoft SSO, you can access all company-approved applications and websites after you have logged in through the SSO solution without having to log in again. This involves both cloud apps and on-premise apps, which are mostly accessible through a Single-Sign-On portal (also known as a login portal) from PeopleSoft. Single-Sign-On solutions use a term called federation in order to include federated SSO.
What Is Federated SSO?
Federation-based SSO solutions allow true single sign-on by leveraging the company’s Identity Provider (IdP). The identity provider typically serves as the authentication server and stores the identity and details of the user, such as the username, password, domains to which the user has access, and also what activities on each site or within each app the user is allowed to do. Verification of all actions that the user is authorized to perform is known as authorization. Either the SSO solution is merged into the true SSO Identity Provider, or the user is authenticated using the Identity Provider (IdP).