An Introduction to SSO
Companies choosing cloud-based enterprise solutions are increasing at an exponential rate. This has resulted in the widespread use of identity and access management tools by enterprises. The need for simplified password management with single sign-on (SSO) solutions has expanded as well.
What Is SSO?
Single Sign-On (SSO) is a group of technologies that allows a login system, the Identity Provider or IdP, to act as a federated identity authority to one or more services, the Service Provider (SP). In the context of REACH CMS, the CMS system is the SP, whereas the client provides an IdP to act as the identity authority.
SSO confers the following benefits:
- Clients can centrally control which of their users have access to REACH CMS
- Clients can maintain their audit records regarding system utilization
- Clients maintain autonomy and ownership over user access rights
- The clients’ end users will not need to maintain separate credentials to access REACH CMS
- SSO maintains better security as the client’s end users will not need to maintain separate credentials and fewer avenues for social engineering attacks
REACH Solution Overview
SSO enables users to access all their cloud-based enterprise solutions by using only one set of login credentials to access all applications configured with the IdP. REACH has a wide compatibility for all major identity providers that support SAML 2.0 (Security Assertion Markup Language).
REACH integrates with SAML2-based Identity Providers, including but not limited to ADFS, Azure Active Directory (AAD), OKTA, and Shibboleth. Once SAML2-based SSO is configured, we will provide the client with a unique URL that to log in to the REACH system. Alternately, end-users may enter their username (typically their email address), and the REACH system will automatically initiate SSO-mediated login. REACH also integrates with LDAP via a SAML2-based integration.
Specific to University and Colleges partners, REACH is a member of Incommon.