Single Sign-on (SSO) is available using SAML but has never been customer-enabled due to the limited number of assigned system users, which rarely exceeds ten, mainly less than two. Also, the card recipient will never log in.
Table of Contents
Enabling SSO in the Veonics Portal
The Configure Advanced User Options rights Permission must be enabled in the User Role to access the SSO setup tab on the User page.
Navigation
CUSTOMER must set up an SSO account with their Identity Provider. An authorized Veonics Portal user will:
-
Log in and go to the User tab
-
Select a user (left mouse click) and select the View button
-
Or, create a New user
-
-
Once in a User profile
-
Select the Edit button
-
-
Then select the Single Sign On tab.
-
From the Sign-on Tab
- Enable SSO by selecting the check box
- Enter the NameID
- Which is the login name for the Identity Provider
- The Service Provider section is automatically filled in.
- Fill in the Identity Provider section with the information supplied by the Identity Provider.
- This will require contacting the Identity Provider to get the information.
- The Identity Provider should be able to provide a URL that can be used to load the information using the Load Metadata button.
- Otherwise, manually fill in the following:
- Metadata URL:
- EntitiyID:
- Single Sign on Service
- URL:
- Binding:
- Single Logout Service
- URL:
- Binding:
- The Certificate must also be provided when entering the Identity Provider information manually. This Certificate is used for signing the requests.
- Select the Save button upon completion
What is Single Sign-On?
The simple answer is that you are using SSO when you access a website's sign-in prompt and asked; "Would you'd like to use your Company, Facebook or LinkedIn account login credentials?"
Technically, Single Sign-On (SSO) is a user authentication and access control mechanism that allows a user to log in to a website or program once and gain access to multiple applications or services without needing to log in separately for each one. In other words, SSO enables users to access multiple systems with one set of login credentials (such as a username and password).
The primary goals of SSO are convenience and enhanced security. SSO can be implemented using protocols like OAuth 2.0, OpenID Connect, SAML, etc. It's commonly used in enterprise environments to provide employees with easy access to multiple internal systems and consumer-facing applications and services that want to offer a unified and seamless user experience across their platforms.
How SSO works?
- User Authentication: When a user logs in to one application or service, the authentication information (credentials in our case) is securely stored or shared with an SSO system or identity provider (IdP).
- Access to Multiple Services: When the user tries to access another application or service within the same SSO ecosystem, the user's identity is verified by the SSO system or IdP without requiring the user to re-enter their credentials. The user is seamlessly granted access.
Benefits of Single Sign-On
- User Convenience: Users don't have to remember and enter multiple sets of credentials for different applications, simplifying their experience and reducing the need for password management.
- Improved Productivity: SSO streamlines the login process, saving time and reducing frustration for users needing multiple systems as part of their workflow.
- Enhanced Security: SSO allows for centralized authentication and access control. This can lead to better security practices, such as enforcing robust authentication methods and monitoring resource access.
- Simplified Administration: IT administrators can manage user access and permissions from a central location, making user provisioning and deprovisioning more efficient and reducing the risk of unauthorized access.
Caution
While SSO improves user convenience and security, compromising SSO credentials can grant an attacker access to multiple systems. Therefore, proper security measures and best practices should be implemented when setting up and maintaining an SSO system.
Common SSO Protocols
OAUTH and OpenID are on the roadmap for 2024 enablement.
- OAuth 2.0: OAuth 2.0 is an authorization framework that allows applications to access user data without exposing user credentials. It's commonly used for granting third-party applications limited access to a user's account.
- OpenID Connect: OpenID Connect is built on top of OAuth 2.0 and provides a standardized way for clients (like web and mobile applications) to authenticate users and obtain basic profile information about them.
- SAML (Security Assertion Markup Language): SAML is an XML-based protocol used for single sign-on (SSO) and exchanging authentication and authorization data between parties, typically an identity provider (IdP) and a service provider (SP).
- There are others like:
- LDAP (Lightweight Directory Access Protocol): While not specifically a sign-on protocol, LDAP is often used for authentication and authorization by querying and updating information in directories like Active Directory.
- CAS (Central Authentication Service): CAS is a single sign-on protocol and implementation used for web applications. It allows a user to log in once and gain access to multiple applications without needing to log in separately for each.
- Kerberos: Kerberos is a network authentication protocol that uses tickets to allow nodes communicating over a non-secure network to prove their identity to each other securely.
- JWT (JSON Web Tokens): JWT is a compact, URL-safe means of representing claims to be transferred between two parties. It's often used for authentication and authorization in token-based systems.
- FIDO (Fast Identity Online): FIDO is an open standard for strong authentication. It includes protocols like FIDO U2F and FIDO2, which enable hardware-based authentication methods like biometrics and security keys.