Single sign-on software (SSO for short) allows end users to log in once after which access is automatically granted to multiple applications and resources in the network. When single sign-on is used to link accounts, the end user will only have to remember one password.
Logging in to different places with 1 profile
Single Sign On (SSO) is a way to have 1 profile, while having the possibility to log in at different places with 1 username and password. An example of a place where your single profile might exist is in the Active Directory of your Microsoft environment.
So the Active Directory is a database with persons who each have a profile to which attributes are linked. An example of an attribute is the first name, last name, function group, … . When one speaks of an Azure Active Directory, it simply means that the data of persons resides in the cloud application of Azure. As you already notice, the profile data can come from anywhere
The advantages of single sign-on
With so many different credentials to remember, it’s no surprise that users often resort to using the same password across multiple accounts, creating a significant security risk. This is where single sign-on (SSO) for e-Learning comes in. This comes with a bunch of advantages such as:
- Simplicity for the end user
- The end user is more productive
- Provides the opportunity to tighten the only remaining login procedure and make the network more secure
- It can reduce costs related to managing multiple user accounts and passwords or dealing with password-related help desk calls.
Attributes VS Claims
On a person’s profile in an Active Directory, there are attributes. This is information about that person. This can be a mail address, an ID, what position that person has, …. .
When data is exchanged between two platforms, the attribute exchanged is a claim.
Technologies supported in FLOWSPARKS
Within FLOWSPARKS, we support two techniques as standard:
OAuth (Open Authorization)
You probably recognize it: you want to log in to a website and are given the choice of logging in with an account from another Web site, such as Facebook or Microsoft. Then that other site, for example Facebook, handles authentication. The website you visit logs you in at the time they received permission through Facebook. So Facebook has made a federation with the Web site you want to log in to.
Another example is that when you open your browser and log in to a website, you automatically stay logged in the following times if you open the same website or application through that browser. This is because each time you open your browser, it receives an access token. This access token is only valid for a certain period of time. Within that time you can log in an unlimited number of times. When it expires, you have to log in again.
The underlying technique is OAuth and has the following advantages:
- No login code is used, but an access token is used.
- The token has a limited shelf life; a new token must be requested each time.
- When changing or deleting an account, this takes effect immediately when the token is renewed.
- The token is requested by means of a Client ID, which is issued once.
We deploy this standard in FLOWSPARKS for both SSO via OpenID and SSO via LTI 1.3.
SAML 2.0 (Security Assertion Markup Language)
SAML is a system that helps you access applications you need. It is the link between the identification provider and service provider. As a user, you log in once (SSO) to the identity provider (for example, Azure AD) and then the identity provider can pass all your information to the service provider when you try to access those services. The service provider verifies with the identity provider that you are who you say you are. Both systems communicate with SAML and therefore you, the user, only have to log in once.
In addition, SAML has the following advantages:
- You no longer need to remember multiple usernames and passwords.
- If someone leaves employment and you ensure that the employee can no longer log in to the IT environment within the company, this also applies immediately to all cloud and Web services.
- When people change their password, it also changes in the cloud and web services.
Which standard is better?
All modern Active Directories support both. OpenID is more complex and offers a higher level of security. But SAML is easier to set-up and is often the preferred choice.
Are you looking to implement digital learning within your organization?
Is your organization looking to implement a SaaS learning platform that is conform with the latest security requirements? Request your free demo here to see what FLOWSPARKS can do for you.