Single Sign-On (SSO) for Document360 Knowledge Base

It is a Monday morning, and your workday has just begun. You fire up your mean machine, and it asks you for the login password. You type it in mindlessly as a task of habit. And then it happens. An error pops up saying, ‘The password you’ve entered is incorrect.’ It’s got your attention now, and you re-type the password, paying more attention to what you’re doing. You click ‘Enter’ and wait for the system to log you in. Alas, that’s not what happens. You get the same error again. You’re sure that’s the correct password, yet you don’t know what’s causing the error. SO you try to sign in to another work application, and this time you succeed. Isn’t it annoying when a task as simple as logging in to your account takes so much of your energy and time? Great user experience is all about reducing the number of steps a user has to take to perform a specific action. What if there’s a way that you only need to sign in once with an application, and that automatically signs you in to all other apps that you use?

What is SSO?

As the name suggests, Single Sign-On or SSO allows users to access multiple applications with a single login event. A user logging into an application with SSO enabled will also be able to log on to other applications that an organization has without inputting the login credentials each time they want to access any of those applications. SSO is often used in a business context when user logins are assigned and managed by an internal IT team. Any organization using SaaS applications can benefit from the use of SSO. Let’s consider an example. Let’s say you want to enter a bar. At the entrance, you’d be asked to produce an ID to verify your age and identity. After entering, if the bartender asks for your ID each time they have to serve you a drink, you’d become quickly frustrated with the repeated checks and will try to think of ways to circumvent this step by trying to steal/sneak in your drinks. However, most bars/restaurants will check your ID only once and then serve you food/drinks unconditionally over the time you’re inside the establishment. This is precisely how an SSO system works; instead of typing in your identity each time you want to access an application/service, you have to verify it once with an application. That will automatically gain you access to all other applications that the organization has.

How does it work?

Most applications like Document360 (also called Service Providers) have a dedicated secure database where user information and credentials are stored. But for services that provide SSO, an external entity – the Identity Provider (IdP) is brought in to ease the user experience. The IdP here is essentially a third-party application that will do the user verification for your application. Here’s how it works:

• You visit the required application or service provider sign-in page
• Redirection takes place to the IdP login page
• You enter and log in with your credentials
• User validation is initiated

A trust relationship is established between the IdP and your service once the login is successful Once the authentication is successful, you can access all SSO-enabled applications within the service provider domain without signing in for each instance.

The IdP

The Identity Provider handles and authenticates credentials that users use to log in to an application, file server, or service. The IdP facilitates Single Sign-On with two standard protocols adopted by the service providers.

SSO Standards

1.SAML 2.0

The SAML is an open standard protocol that enables SSO for applications like Document360. AUthentication via the SAML involves three entities: 1.The Identity Provider – IdP 2.The Service Provider – Document360 3.The user or agent Once the users are authenticated via the IdP, the IdP generates a SAML Assertion which is sent to the Service Provider. As the Service Provider holds a trust relationship with the IdP, the user is authenticated to log in, and SSO is achieved. Since the IdP already vets the user, the user can now use SSO and access other Service Provider apps.

2.OpenID Connect

OpenID Connect (OIDC) is an open standard that is built on the OAuth2.0 protocol. This gives OpenID an additional layer of security. OpenID also involves the same three entities as mentioned above: The third-party Identity Provider – IdP The Service Provider – Document360 The end-user The IdP authenticates the end-user, then sends an access token back to Document360. Now, Document360 retrieves user info from the token passed on, and an SSO session is established between Document360 and the Identity Provider. Now that the credentials are verified and authentication complete, the user gains access to Document360 and other apps without providing credentials for each instance.

Why do you need SSO?

Single Sign-On is beneficial not only for employers but also for the users. Employees nowadays use multiple apps to solve their use cases, which means they have to log in and switch between multiple apps and websites. SSO can solve this by addressing the enterprise fragmentation problem.

1.User benefits:

– Convenience

Users need to remember only one set of credentials. Connecting your site to Google user login is an excellent way to ensure that even sporadic users can remember their credentials; they can log in to Google to access all business applications via SSO.

– Speed

With SSO, users don’t have to type in their credentials each time they want to access an application/service. New users can also sign up quickly as Google would already have done the email verification and data collection.

2.Business benefits:

– More sign-ups

SSO is easy and convenient and offers the least resistance path. This enables new customers to sign up quickly without much of a hassle by relying on a known brand like Google to authenticate and store their details. This way, they won’t have to worry about providing their information to your unknown brand, and hence trust is increased, leading to more conversions.

-Reduced backend work

Having to remember multiple login credentials may lead to users forgetting them. In which case, the backend operations team has to reset the password and set new credentials. While reducing hack risk is essential, not having to reset user passwords is a whole lot of burden reduced. With SSO, all the authentication is taken care of by the IdP, and users only have to remember one password.

– Better security

Without multiple login credentials hosted on your site, hackers have a much lower chance of hitting your application. You’re also less likely to have a handful of users with weak passwords poking holes in your overall security system. Check out this head-to-head comparison between Document360 and its Alternatives. You can also read more about how Document360 compares to its competition.

SSO in Document360 Knowledge Base

Take a look at this short video to understand all about Document360 Enterprise SSO implementation. Adopting SSO can make life easier for you and your clients. SSO also helps you lower your IT costs by saving the time spent on password resets. With that in mind, we now have SSO enabled for your Document360 knowledge base, and you can configure multiple user logins via the SSO by opting for the SAML or OIDC standard. To set up SSO for your account, you can get started here.