Single Sign-On (SSO) lets users access multiple applications with the same credentials. Users also have the option of logging in once and accessing services without having to re-enter the authentication factors every time. Additional functions such as MFA and adaptive authentication can be added and then used by all services that have SSO functionality.
Modern Single Sign-On is based on «federation protocols» such as SAML or OIDC – these also known as «federated login» or «federated SSO».
The Nevis Identity Suite offers the most comprehensive support for modern and earlier variants of single sign-on mechanisms. Our customers can cover all their application scenarios with a single platform and seamlessly migrate to the latest single sign-on standards as part of an evolutionary approach.
Single Sign-on for Hybrid Solutions
Older applications do not support modern identity protocols such as SAML and OpenID Connect.
How can single sign-on support be guaranteed for these applications?
One solution could be to route all incoming data traffic to these applications through an access gateway first (e.g. our nevisProxy). This first requests the user to identify themself and only then allows them to access the secured application. A good access gateway will be compatible with many back-end applications, meaning that they can be connected behind the access gateway without any modifications and new programming. The access gateway ‘translates’ the authentication language, so to speak, into that of the back-end application:
Nevis can also secure web applications that do not provide native support for SAML or OpenID Connect. This is often necessary since companies that are migrating to the cloud must support local applications and legacy applications that require alternative authentication mechanisms. These include:
Federated Single Sign-On
Federated SSO describes the setup of a trustworthy connection between different companies and third-party providers – in this way exchanging identities and authenticating users across all domains. If two domains are connected, users can authenticate themselves on one domain and then access resources in the other domain without having to log in separately.
We talk about federated SSO if one of the three most important federation protocols is used to implement Single Sign-On functionality:
We describe social logins as Single Sign-On mechanisms that are provided by companies such as Google or Facebook. From a technical perspective, these are «federated login mechanisms».
Social login is a special form of SSO in which social network identities are used as authentication. The best-known social logins are:
Technically speaking, social logins are often based on the OpenID Connect protocol. They offer users a simple method of logging into an application without having to create a separate account and password for the app.
The Nevis Identity Suite can be configured to suit your requirements and you can easily add social logins to your login screens. Google, Facebook, Apple and Microsoft are currently supported.
User Account Linking
This function allows the end user to link their basic account with multiple additional identity providers. In this case, two existing user profiles are combined into a single profile. When the accounts are linked, a primary and a secondary account must be specified. As a result, a user can authenticate themself from each of their accounts and will still be recognised by all the linked apps.
This makes it possible to log into every identity provider with creating a separate profile for each one. Users can also use their existing profile to set up a passwordless login.
Identity management applications from Nevis boost the security and productivity of companies. They also contribute significantly to reducing internal costs and expenditure on security.
SSO reduces the number of passwords required and makes life easier for your end users. They no longer have to remember dozens of passwords and are no longer tempted, for the sake of convenience, to use one password for multiple portals. Always remember: passwords are no longer a major obstacle for today’s cybercriminals.
We all know how tiresome it was having to use a different password for every user account. With SSO, it will now be possible to authenticate yourself conveniently once for different web portals. Ease of use is a key factor that influences customer loyalty – and SSO has a major role to play in making your offering attractive to customers.
Single sign-on gives your employees rapid access to all the information they need for their work – so they have more time to look after the things that really matter.
The fewer passwords in circulation, the less time your IT helpdesk must spend dealing with password problems. This will save you more time and money than you might have thought possible!