In this article, we briefly talk about Single Sign-On and how it works in general. If you are looking for specific information about SSO at Freshworks or configuration related guides for supported protocols, please refer to the below articles:
- SSO for Freshworks
- SAML - Support Guide
- OAuth2 - Support Guide
- Open ID Connect (OIDC) - Support Guide
- JSON Web Token (JWT) - Support Guide
What is Single Sign On (SSO)?
Single Sign On (SSO) is a system that lets users securely authenticate multiple cloud applications by logging in only once in a managed authentication system. This managed authentication system is also referred to as Identity Provider (IdP) and the cloud applications that rely on the data provided by Identity Provider are called as Service Providers (SP). Some of the Identity Providers are ADFS, OneLogin, Okta, Auth0, and G-Suite.
How does authentication work without SSO?
Without SSO, each application is required to manage the users' credentials in its own database and require the user to authenticate for each of these applications. In this scenario, the user is required to remember the username and password that they have configured for that application and use that every time he/she needs to access that application.
For security reasons, users are suggested to use different passwords for each application and also require the password strength to be high so that it cannot be easily guessed by hackers. Over a period of time, it gets cumbersome and hard to remember so many passwords for all the applications the user has access to.
How does authentication work with SSO?
With SSO, the user's credentials are managed in one Identity Provider (IdP) and this IdP securely exchanges user information with registered applications (Service Provider) without the user having to enter their username & password credentials.
When the user is trying to gain entry to the application (SP), the SP initiates an authentication request to the IdP to authenticate the user and post successful authentication, send the user authentication information to the requesting SP in a secure manner. SP - then uses this information to log the user in and lets the user access the application.
How do IdP and SP securely exchange information?
Authentication requests and information is exchanged between SP and IdP via secure and standard protocols such as SAML / OAuth. The applications requesting authentication information are pre-registered with the Identity Provider and use secure signing protocols such as OAuth2 / SAML 2.0, to establish trust between these two parties while exchanging information about the user, user's profile and the authentication information.
To learn more about how SSO can be configured for Freshworks Suite of applications, refer to the following article: