Before answering the question at hand, you should know that you’ve probably used SSO already. Any time you’ve signed up for or logged into a product using a Google or Facebook or other social account, you’ve been using SSO.
SSO stands for "Single Sign-On", and it's a method of authentication that allows you to use one single account to access multiple applications. With SSO, you don't have to remember different usernames and passwords for every site or application you use. Instead, you only need to authenticate yourself once, and then you can access all your authorized apps without having to log in again.
So instead of using a variety credentials to prove who you are to whichever website or service you’re logging into, you’re instead saying, “Hey website, I already have a Google account, go ask them who I am.”
So, how does SSO actually work?
An SSO Example
Let’s take as an example using a Google account to log into and use Asana. When a user goes to the login page for Asana, they’ll see something like what you see below, an authentication screen with a “Continue with Google” button.
When the user clicks that button, they are brought in the browser to the consent screen made by Google. Here, Google is asking the user which account they would like to use (if they are already logged into their Google account), and if they consent to letting Asana find out who they are from Google.
If the user clicks their account and consents, then Google sends the user back to Asana with a token. From there, Asana uses that token to fetch available information from Google, like the user’s name or email. Then, once that information is returned, Asana can display or use that information.
In the future, that user can then go to the Asana login screen again, click the “Continue with Google” button, and rather than needing to grant consent with Google again, Google can send the user back to Asana with another token and Asana can perform another fetch for information.
There are several benefits to using SSO. For one thing, it can save the user a lot of time and effort. With SSO, they don't have to remember multiple usernames and passwords, so they can log in to your applications more quickly and easily. It also helps with security, since you only have to remember one set of login credentials, which allows you to more easily set up additional security features.
But the implementation of SSO can change and become more advanced in an enterprise setting. In a typical enterprise setting the company would be using their own internal identity provider rather than an OAuth SSO flow to an external source like Google or Facebook. We’ll be diving more into this difference and more in a future post!
The goal at PropelAuth is to make sure you don’t have to think about things like SSO and other authentication topics, so you can keep working on the things that matter most to you and your products. But, if you’re curious to learn more, we’re happy to provide a look into how it all ticks. If you have any other questions about authentication, or have something you’d like us to cover in the future, send us a message at firstname.lastname@example.org