Definition
- Allow user to log in one application and then automatically signed into other appplications, regardless of the platform, or domain.
- User do not need to remember separate sets of credentials for each application
Component
Service Provider (SP)
Identity Provider (IdP)
- Your own website that stores user email-password pair in a DB.
- LDAP: For enterprises that handle employee database using LDAP
- AD (Active Directory): For companies that handle users using Windows AD
- Others: Auth, Okta
Example
- When a user wants to log into an SSO-enabled application (SP), the latter redirects the request to the company's IdP (i.e., ADFS)
- The IdP confirms the user's identity and access level and sends a SAML response and assertion to the service provider, allowing the user to log in.