Single Sign-On

Definition

Single Sign-On (SSO) is a system that lets people use the same login details for multiple platforms. Instead of reentering and reconfirming a user’s identity for numerous websites, an SSO platform confirms the user’s identity and sends the verification to the service provider.  

SSO minimizes the number of usernames and passwords per user and saves time for both the user and the service provider. An example you are probably familiar with is Google, which enables you to use the same details for all its services, including YouTube, Gmail, and Chrome.

It’s useful for community builders because you can let anyone with an account for your business register without creating new login details. For example, an e-commerce store can let people sign up for their community using the details they enter when shopping.

The main benefit is that not having to register for a new account removes one of the barriers to joining your community. This may improve acquisition.

Here are a few basic SSO terms to know:

Service provider

  • A service provider is a website or application where users may be required to enter a username and password. Examples include websites like online bank accounts or social media sites. 

Identity provider

  • The identity provider is the SSO platform that authenticates users to confirm a user’s real identity. The identity provider will ask users to log in periodically depending on how much time has passed since their last login. 

Tokens

  • Tokens are digital pieces of information that inform the service provider that the user has been authenticated. The token is passed between the identity and the service provider to confirm the user’s identity. Tokens are secure because they do not include the user’s password or personal information. Tokens may have a digital signature to prove they come from a trusted source. 

What is SSO, and how does it work? 

When a user signs into an SSO service, it creates a token that the user’s identity has been authenticated. The token is then stored in the user’s browser, like a temporary ID card.

When a user signs into a service provider, like an online bank account, the service provider communicates with the SSO service to verify the user’s identity. The SSO identity provider passes the user’s token to the service provider to confirm the user’s identity. If the user has not signed on in a while, then the user will be asked by the SSO service provider to sign in.  

What are the benefits of a single sign-on?

The most significant benefit to using a single sign-on is saving time. Users can access their applications faster since they no longer have to worry about keeping track of dozens of usernames and passwords. 

Password management is simplified and more secure. Since SSO streamlines password management, there are fewer opportunities for a user’s passwords and information to be compromised. There are also fewer phishing attempts. 

Single sign-on also saves time for the help desk and IT teams. They no longer have to spend as much time assisting users with lost passwords. 

Also, administrators can manage multi-factor authentication and password complexity much easier. 

Is SSO secure?

SSO can be very secure. It simplifies the management of usernames and passwords for both the users and the administrators. Using an identity provider is much safer than keeping a notes document of numerous usernames and passwords. 

Also, an identity provider does not reveal a user’s personal information when authenticating a user. Instead, it sends a verification token that the user’s identity has been authenticated. 

However, if a user desires an additional level of security for a specific application, it might make sense to have an additional authentication method. For example, users can use a more secure network or request the SSO identity provider for two-factor authentication. 

Learn more about Tribe’s SSO support here.