Single sign on is a process of authentication where user can access multiple applications and portals with one set of credentials. With SSO a user logs in with a single ID and password to gain access to a connected system. Single sign on must internally store the credentials for initial authentication and then translate them to the credential required for the different mechanisms.
SSO services uses security assertion mark-up language (SAML 2.0) which is an XML standard that facilitates the exchange of user authentication and authorization of data across secure domains. SAML simplifies the authentication and authorization process for the user, an identity provider and a service provider. When the user attempts to access an application, the service provider will send a request to identity provider for authentication.
Benefits of single sign on
SSO reduces risk for access to third party sites (user passwords not stored externally). It also alleviate password fatigue from different user name and password combinations. Reduces IT cost due to lower number of IT help desk calls about password. Reduces time spent re-entering password for the same identity.
pCloudy SSO integration architecture
Sequence of events for integration of SAML 2.0 Authentication
- The user attempts to reach a web application at a service provider (SP i.e pCloudy Set Up).
- The service provider generates a SAML request and redirects the user to the IdP’s SSO URL with the generated request.
- The IdP authenticates the user and generates a SAML response.
- The user is redirected back to the SP with the SAML response.
- The SP verifies the SAML response.
- The user is successfully logged-in to the SP’s web application.
Note: pCloudy has included this feature in Enterprise set up Private Cloud and On-Premise Cloud.
SAML assertion is the XML document that the identity provider sends to the service provider, that contains user authorization. There are Three types of SAML assertion:
Authentication assertion – It proves identification of the user and provide the time the user logged in and what method of authentication they used.
Attribute assertion – It passes the SAML attributes to the service provider. SAML attributes are specific pieces of data that provide information about the user.
Authorization decision assertion – It says if the user is authorized to use the services or if the identity provider denied the request due to password failure or lack of rights of the service.
SSO solves the problem of managing the increasing number of users across an ecosystem of application and services. It is a step forward in the optimization of pCloudy integrated architecture.