Many times you might have come across scenarios in enterprise systems where you login to one system which is connected to other systems in organizations (e.g. you login to your company’s desktop machine, and you want to login to HR systems like attendance system, learning and training system, expense system, corporate help desk and many other related systems).
How much painful it would be if you want to login to multiple systems and every time you need to key in your login credentials, or every system maintains its own login mechanism and credentials.
This pain can be avoided by using Single sign-on (SSO).
What is Single Sign-on (SSO)
Single sign-on (SSO) is a method of access control of multiple related systems. With this a user logs in with a single ID and password to gain access to a connected system or systems without using different usernames or passwords, or seamlessly sign on at each system.
Single authentication provides access to multiple applications by passing the authentication token seamlessly to configured applications as Single Sign-On.
similarly, single sign-off is the method in which a single action of signing out terminates access to multiple software systems.
Single sign-on internally store the credentials used for initial authentication of system and translate them to the credentials required for the different mechanisms.
Single Sign-on using Azure Active Directory
Azure Active Directory supports two modes for single sign-on, as follows
- Federation based
- Password based
Both modes provide a single sign-on experience for the user but differ
on the credentials used to sign in to the SaaS application.
Users authenticate to Azure Active Directory using their organizational account credentials to access the application. For this method, trust need to be configured between AAD and the SaaS application.
SaaS application redirects users to sign in using an application endpoint from AAD, it supports the WS-Federation, SAML-P, and OAuth protocols and provides the expected sign-in and sign-out endpoints, also certificate needs to be uploaded to the SaaS application.
you can refer Microsoft Azure documentation here
It uses the username and password from the third-party SaaS application to sign in the user, the user authenticates to the SaaS application using his or her credentials for the application, not AAD.
The credentials for the user are encrypted and securely stored in Azure AD, browser extension retrieves the credentials from Azure AD and presents them to the application for the user.
You can refer Microsoft Azure documentation related to configuration here
Health and Parenting Inspiring Stories Technology Microsoft Azure SharePoint O365