Within FLOWSPARKS, we support two techniques as standard:
OAuth (Open Authorization)
You probably recognize it: you want to log in to a website and are given the choice of logging in with an account from another Web site, such as Facebook or Microsoft. Then that other site, for example Facebook, handles authentication. The website you visit logs you in at the time they received permission through Facebook. So Facebook has made a federation with the Web site you want to log in to.
Another example is that when you open your browser and log in to a website, you automatically stay logged in the following times if you open the same website or application through that browser. This is because each time you open your browser, it receives an access token. This access token is only valid for a certain period of time. Within that time you can log in an unlimited number of times. When it expires, you have to log in again.
The underlying technique is OAuth and has the following advantages:
- No login code is used, but an access token is used.
- The token has a limited shelf life; a new token must be requested each time.
- When changing or deleting an account, this takes effect immediately when the token is renewed.
- The token is requested by means of a Client ID, which is issued once.
We deploy this standard in FLOWSPARKS for both SSO via OpenID and SSO via LTI 1.3.
SAML 2.0 (Security Assertion Markup Language)
SAML is a system that helps you access applications you need. It is the link between the identification provider and service provider. As a user, you log in once (SSO) to the identity provider (for example, Azure AD) and then the identity provider can pass all your information to the service provider when you try to access those services. The service provider verifies with the identity provider that you are who you say you are. Both systems communicate with SAML and therefore you, the user, only have to log in once.
In addition, SAML has the following advantages:
- You no longer need to remember multiple usernames and passwords.
- If someone leaves employment and you ensure that the employee can no longer log in to the IT environment within the company, this also applies immediately to all cloud and Web services.
- When people change their password, it also changes in the cloud and web services.