Open in app

Sign in

Write

Sign in

SSO (Single sign-on)

Sharath Kumar
2 min readMar 29, 2024

--

๐—ฆ๐—ฆ๐—ข (๐—ฆ๐—ถ๐—ป๐—ด๐—น๐—ฒ ๐—ฆ๐—ถ๐—ด๐—ป-๐—ข๐—ป) ๐—ฒ๐˜…๐—ฝ๐—น๐—ฎ๐—ถ๐—ป๐—ฒ๐—ฑ.

SSO can be thought of as a master key to open all different locks. It allows a user to log in to different systems using a single set of credentials.

In a time where we are accessing more applications than ever before, this is a big help to mitigate password fatigue and streamlines user experience.

To fully understand the SSO process, ๐—น๐—ฒ๐˜โ€™๐˜€ ๐˜๐—ฎ๐—ธ๐—ฒ ๐—ฎ ๐—น๐—ผ๐—ผ๐—ธ ๐—ฎ๐˜ ๐—ต๐—ผ๐˜„ ๐—ฎ ๐˜‚๐˜€๐—ฒ๐—ฟ ๐˜„๐—ผ๐˜‚๐—น๐—ฑ ๐—น๐—ผ๐—ด ๐—ถ๐—ป๐˜๐—ผ ๐—Ÿ๐—ถ๐—ป๐—ธ๐—ฒ๐—ฑ๐—œ๐—ป ๐˜‚๐˜€๐—ถ๐—ป๐—ด ๐—š๐—ผ๐—ผ๐—ด๐—น๐—ฒ ๐—ฎ๐˜€ ๐˜๐—ต๐—ฒ ๐—ถ๐—ฑ๐—ฒ๐—ป๐˜๐—ถ๐˜๐˜† ๐—ฝ๐—ฟ๐—ผ๐˜ƒ๐—ถ๐—ฑ๐—ฒ๐—ฟ:

๐Ÿญ) ๐—จ๐˜€๐—ฒ๐—ฟ ๐—ฟ๐—ฒ๐—พ๐˜‚๐—ฒ๐˜€๐˜๐˜€ ๐—ฎ๐—ฐ๐—ฐ๐—ฒ๐˜€๐˜€
First, the user would attempt to access the Service Provider (LinkedIn). At this point, a user would be presented with login options, and in this example, they would select โ€œSign in with Googleโ€.

๐Ÿฎ) ๐—”๐˜‚๐˜๐—ต๐—ฒ๐—ป๐˜๐—ถ๐—ฐ๐—ฎ๐˜๐—ถ๐—ผ๐—ป ๐—ฟ๐—ฒ๐—พ๐˜‚๐—ฒ๐˜€๐˜
From here, the Service Provider (LinkedIn) will redirect the user to the Identity Provider (Google) with an authentication request.

๐Ÿฏ) ๐—œ๐—ฑ๐—ฃ ๐—ฐ๐—ต๐—ฒ๐—ฐ๐—ธ๐˜€ ๐—ณ๐—ผ๐—ฟ ๐—ฎ๐—ฐ๐˜๐—ถ๐˜ƒ๐—ฒ ๐˜€๐—ฒ๐˜€๐˜€๐—ถ๐—ผ๐—ป
Once the Identity Provider (Google) has received the request, it will check for an active session. If it doesnโ€™t find one, authentication will be requested.

๐Ÿฐ) ๐—จ๐˜€๐—ฒ๐—ฟ ๐˜€๐˜‚๐—ฏ๐—บ๐—ถ๐˜๐˜€ ๐—ฐ๐—ฟ๐—ฒ๐—ฑ๐—ฒ๐—ป๐˜๐—ถ๐—ฎ๐—น๐˜€
At this stage, the user will submit their login credentials (username and password) to the Identity Provider (IdP).

๐Ÿฑ) ๐—œ๐—ฑ๐—ฃ ๐˜ƒ๐—ฒ๐—ฟ๐—ถ๐—ณ๐—ถ๐—ฒ๐˜€ ๐—ฐ๐—ฟ๐—ฒ๐—ฑ๐—ฒ๐—ป๐˜๐—ถ๐—ฎ๐—น๐˜€
The Identity Provider will then verify the submitted credentials against its User Directory (database). If the credentials are correct, the IdP will create an authentication token or assertion.

๐Ÿฒ) ๐—œ๐—ฑ๐—ฃ ๐˜€๐—ฒ๐—ป๐—ฑ๐˜€ ๐˜๐—ผ๐—ธ๐—ฒ๐—ป ๐˜๐—ผ ๐—ฆ๐—ฒ๐—ฟ๐˜ƒ๐—ถ๐—ฐ๐—ฒ ๐—ฃ๐—ฟ๐—ผ๐˜ƒ๐—ถ๐—ฑ๐—ฒ๐—ฟ
Once the token or assertion has been created, the IdP sends it back to the Service Provider confirming the userโ€™s identity. The user is now authenticated and can access the Service Provier (LinkedIn).

๐Ÿณ) ๐—”๐—ฐ๐—ฐ๐—ฒ๐˜€๐˜€ ๐—ด๐—ฟ๐—ฎ๐—ป๐˜๐—ฒ๐—ฑ ๐˜‚๐˜€๐—ถ๐—ป๐—ด ๐—ฒ๐˜…๐—ถ๐˜€๐˜๐—ถ๐—ป๐—ด ๐˜€๐—ฒ๐˜€๐˜€๐—ถ๐—ผ๐—ป
Since the Identity Provider has established a session, when the user goes to access a different Service Provider (eg; GitHub), they wonโ€™t need to re-enter their credentials. Future service providers will request authentication from the Identity Provider, recognize the existing session, and grant access to the user based on the previously authenticated session.

SSO workflows like the above operate on SSO protocols, which are a set of rules that govern how the IdP and SP communicate and trust each other. Common protocols include Security Assertion Markup Language (SAML), OpenID Connect, and OAuth.

Thank you, happy reading!

Software Development
Sso
Sso Single Sign On Portal
Authentication

--

--

Sharath Kumar
Sharath Kumar

Written by Sharath Kumar

11 Followers
2 Following

Writing on topics which are interested and insightful

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams