Understanding Single Sign-On (SSO)
Consider how often you need to provide your credentials to access various services such as your company’s network, your webmail, your cloud apps and your favorite web application Now consider that all these services can ask a central authentication service for your identity and let you in. This is the main idea behind Single Sign-On (SSO) and Federated Identity Management (FID).
The term Single Sign-On refers to the ability of accessing multiple resources with a single login operation. All you need to do is to provide your credentials to an Identity Provider (IdP) once and then let the Service Provider (SP) to request your identity each time you need to authenticate yourself. So you have to provide your username and password a single time to the Identity Provider, and the gain access to various services (such as sTrainCenter) without the need to provide again your username and password. Your Identity is stored and managed by the Identity Provider and when you wish to login to a Service Provider, instead of providing your credentials, the Service Provider trusts the Identity Provider to validate your credentials and send back your authorization token which will let you in. Federated Identity Management (FID) is in fact the consept of storing and managing your identity in a single location, the Identity Provider.
sTrainCenter is powered with SSO services and can act as a Service Provider (SP) through SAML 2.0 (Secure Assertion Markup Language) which allows exchanging of authorization data between sTrainCenter (SP) and the Identity Provider (IdP).
sTrainCenter supports a variety of Identity Providers such as:
- Active Directory through ADFS 2.0