Single Sign On (SSO)

Single sign on is an authentication process that allows a user to access multiple applications with one set of login credentials. That means once you log in you do not have to login repeatedly for every application link to the system. Single sign on is platform independent and helps in providing a better user experience.

SAML 2.0

SSO services uses security assertion mark-up language (SAML 2.0) which is an XML standard that facilitates the exchange of user authentication and authorization of data across secure domains. SAML simplifies the authentication and authorization process for the user, an identity provider and a service provider. When the user attempts to access an application, the service provider will send a request to identity provider for authentication.

Benefits of single sign on

SSO reduces risk for access to third party sites (user passwords not stored externally). It also alleviate password fatigue from different user name and password combinations. Reduces IT cost due to lower number of IT help desk calls about password. Reduces time spent re-entering password for the same identity.

pCloudy has included this feature in the on premise device cloud. This makes it easier for the app testers as they can sign in into different applications with one set of credentials. Single sign on helps testers save time and effort by a more simplified authentication process.

pCloudy SSO integration architecture

Sequence of events for integration of SAML 2.0 Authentication

  • The user attempts to reach a web application at a service provider (SP i.e pCloudy Set Up).
  • The service provider generates a SAML request and redirects the user to the IdP's SSO URL with the generated request.
  • The IdP authenticates the user and generates a SAML response.
  • The user is redirected back to the SP with the SAML response.
  • The SP verifies the SAML response.
  • The user is successfully logged-in to the SP's web application.
Single-Sign-On SAML assertion

SAML assertion is the XML document that the identity provider sends to the service provider, that contains user authorization. There are Three types of SAML assertion:

Authentication assertion - It proves identification of the user and provide the time the user logged in and what method of authentication they used.

Attribute assertion - It passes the SAML attributes to the service provider. SAML attributes are specific pieces of data that provide information about the user.

Authorization decision assertion - It says if the user is authorized to use the services or if the identity provider denied the request due to password failure or lack of rights of the service.

SSO solves the problem of managing the increasing number of users across an ecosystem of application and services. It is a step forward in the optimization of pCloudy integrated architecture.