Single Sign-On
  • 28 Jan 2025
  • 2 Minutes to read
  • Contributors
  • Dark
    Light
  • PDF

Single Sign-On

  • Dark
    Light
  • PDF

Article summary

Overview

Single Sign-On (SSO) is an authentication protocol that allows you to access multiple modules and services in the Syniti Knowledge Platform (SKP) with a single set of login credentials (such as a username and password) configured with your organization’s Identity Provider (IdP). With SSO, once you log in to the SKP, you are automatically authenticated to different modules and services within the SKP without needing to log in again.

Configuring SSO in the SKP provides the following benefits:

  • Improved User Experience: Using your existing credentials configured with your organization’s IdP, you can access the SKP, its modules, and services, reducing multiple logins and speeding up onboarding new users while eliminating the need for multiple usernames and passwords.

  • Enhanced Security: SSO centralizes the authentication process, enabling consistent and robust security policies like strong password requirements and multi-factor authentication using the IdP, while also improving monitoring and auditing to detect and respond to suspicious activities effectively.

  • Better Governance: With SSO, it's easier to track who has accessed or modified data in different modules of the SKP, supporting better data governance practices.

  • Reduced IT Support: IT teams manage fewer individual user accounts and their access, allowing them to focus on critical tasks, while users collaborate and share resources more easily across different SKP modules without separate login requirements.

  • Simplified User Management: Central management of user accounts ensures automatic access updates to the SKP based on the user status, while role-based security settings consistently enforce appropriate permissions across all applications.

How SSO Works in the SKP

When a user tries to access the SKP using SSO, the following processes occur:

  1. User Initiates Access: The user attempts to access the SKP’s login page to access a module.

  2. Redirection to IdP: If not already authenticated, the SKP redirects the user to the IdP-initiated sign-on page, which manages user identities and credentials.

  3. User Authenticates: The user logs in to the IdP with their credentials.

  4. IdP Verifies Credentials: The IdP verifies the credentials and creates an authentication token or API token if they are correct.

  5. Token Sent to the SKP: The IdP sends the authentication or API token to the SKP.

  6. SKP Validates Token: The SKP validates and ensures the token is genuine and issued by the configured IdP.

  7. User Granted Access: After validation, the user is granted access to the SKP, its modules, or services without needing to log in again.

SSO Components

The following components are involved in configuring SSO:

  • IdP: The client that authenticates the user and issues authentication or API tokens. Examples include Okta, Microsoft Entra ID, and PingFederate.

  • Service Provider: The module or service in the SKP that the user wants to access.

  • Authentication or API Token: A secure token issued by the IdP through a Metadata URL that verifies the user's identity. Common token formats include SAML assertions, OAuth tokens, and JSON Web Tokens (JWTs).

Supported SSO Protocols

You can establish the SSO feature using the following two SSO protocols with the SKP:

  • Security Assertion Markup Language (SAML) 2.0

  • OpenID Connect (OIDC)

Refer to SAML or OpenID Connect for more information on setting up SSO based on your organization’s protocol.

Identity Provider (IdP)

An Identity Provider (IdP) is a component of your organization's Identity and Access Management system. It authenticates users and issues authentication tokens, ensuring that users attempting to access resources or services of the integrated applications are who they claim to be. The following IdPs are supported to configure with the SKP, but not limited to:

  • Microsoft Entra ID, formerly Azure Active Directory

  • Okta

  • PingFederate

  • SiteMinder

Note

Any identity provider using the SAML 2.0 or OIDC protocol is also supported.

Use Cases


What's Next
Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Eddy AI, facilitating knowledge discovery through conversational intelligence