Definition
Single Sign-On
Single sign-on (SSO) allows users to authenticate on multiple systems (service providers) by delegating the actual authentication process to an external identity provider.
The user authenticates once with the identity provider and gains access to all connected services without re-entering credentials.
Protocols
Standardised Protocols
Communication between the user, the service, and the identity provider is regulated by standardised protocols.
Common choices are OpenID Connect (based on OAuth 2.0) and SAML.
OpenID Connect Flows
OpenID Connect defines multiple flows to handle different use cases.
- Authorisation Code Flow — for classic web and mobile applications.
- Implicit Flow — for web applications without a backend.
- Hybrid Flow — combination of the two; rarely used.