How does Single Sign-On (SSO) with IDPs work?
IDPs are often used for SSO. Primarily, SSO provides advantages in terms of convenience and security for users. Instead of being confronted with a multitude of different credentials in everyday digital life, the widespread use of SSO dramatically reduces the number of login details required. These limited login details can be better secured with strong passwords and multi-level login procedures. If, on the other hand, users have to manage many different logins themselves, many tend to repeatedly use the same passwords and/or simple passwords – both of which have a negative impact on IT security.
On the technical side, there are also security advantages to using SSO. With SSOs, the authentication factors are only transmitted once. This reduces the attack surface for cyberattacks or phishing attempts aimed at capturing the login data.
What are the solutions for SSO?
Portal
The portal solution allows users to log in centrally to access the various applications and services available via that portal. For example, logging in to an Internet service to use e-mail, calendar, cloud storage and other products. In portal solutions, successful authentication with one service is transferred between all available services via cookies, for example.
Ticketing
Ticketing systems such as Kerberos rely on a trusted authority (Ticket Granting Ticket) for central ticket allocation. Once users have successfully logged in to this authority, further login tickets can be automatically created and sent for each associated service without the need for re-authentication.
Local
Local SSO solutions are mostly used on clients that are accessed regularly in the workplace. Here, the logins for applications and services are centrally and cryptographically protected and stored on the client or a connected network. After successful login on the SSO client, the credentials are activated. SSO clients are integrated in web browsers, for example, as password managers.
