1.5. Single Sign-On
Single Sign-On (SSO) is one of the ways of authentication that enables users to use one set of login credentials to securely access multiple applications.
In addition to being much simpler and more convenient for users, SSO is widely considered to be more secure. The full list of the advantages of using SSO are the following:
- Reduces password fatigue. Remembering one password instead of many makes users’ lives easier. As a tangential benefit, it gives users a greater incentive to come up with strong passwords.
- Streamlines the user experience. SSO saves time and effort because users do not have to repeatedly log into, and since the repeated logins are no longer required, customers can enjoy a modern digital experience.
- Relieves admin and support team workloads. It saves admin and support team time by reducing the number of tickets sent to the support regarding access issues such as misplaced or forgotten passwords.
- Simplifies username and password management. When changes of personnel take place, SSO reduces both IT effort and opportunities for mistakes. Employees leaving the organization relinquish their login privileges.
- Improves network and application security. SSO can uniquely identify a user, and it, therefore, complies with the most demanding safety standards. Information provided by SSO moves encrypted across the network.
Additionally, the tech requirements listed below should be met in order to set the Single Sign-On functionality successfully:
- User management. The user is needed to be added to Fluix in advance by the admin to be able to login in using SSO.
- Corporate domain integration. The company’s domain needs to be specified in Fluix and it should match the email domain of the users for the particular company. Let’s say, the domain that was specified by Admin in Fluix is readdle.com, therefore, the emails of the users who are going to login to Fluix account using SSO should be corresponding with this domain, e.g. email@example.com, firstname.lastname@example.org, etc.
- Multi-accounts restriction. In case there are some users who have different email domains within the same company account (e.g., email@example.com, firstname.lastname@example.org, email@example.com) the company Admin will need to select only one email domain that will be used for the SSO. Other users having different email domains will not be able to login in using SSO.
- SAML authentication standard. The identity provider, which specifies the user name, is required to return the NameID value of the user email address in Fluix. There could be also another attribute that may contain the email address, though, a custom attribute name will be needed to be configured on the company’s end in Fluix settings.
- Identity Provider Compatibility. Any identity provider for authentication (Okta, Auth0, Microsoft AD, etc) can be used in Fluix, and any of them are compatible with our system.
- Verification certificate. The certificate file that will be added on the company’s end needs to contain the public key so that Fluix could verify sign-in requests and the SAML response sent to Fluix in order to make sure that SSO assertion was received from a particular company’s account and wasn’t modified during transmission.
Learn how the Single Sign-On functionality works and the way it can be implemented for your account in the article about Security Settings.