How Does Single-Sign-On (SSO) Work?

I’m KIndson the Genius and in this short explanation, I would teach you how Single-Sign On (SSO) work.
We would cover the following:

1. What is Single Sign-On

Single Sign-On is a technology that allows a user to log in using a single login page and afterwards have access to different applications and services automatically without having to enter their usernames and passwords repeatedly.

It is normally used in organizations where there is a plethora of applications and services that employees need to use for their daily activities. In this case, for many enterprises, the user logs into his computer using his active directory account and then when he accessed relevant applications in the company’s intranet, he is logged in automatically and does not need to enter his credentials.


2. How SSO Work (A Beginner’s Explanation)

User login credentials are maintained in a central server (maybe active directory or any other server). This server is called Identity Provider (IdP).
Other applications and services are connected with this IdP.

So what happens is that when you tries to use any of the application connected with the IdP, then that application checks with the IdP to make sure that you are authorized to access the application.
If you are authorized, then that application receives an access token that allows you to access the data you want.



3. Steps of Single Sign-On

The steps in single sign-on isĀ  illustrated in Figure 1.


  1. Client tries to access a secure service. If he already have an access token for the service, then token is added to the request. Then go to step 10
  2. Service connect with IdP to authenticate client
  3. IdP request for user login credentials
  4. Client displays login page to user
  5. User enters login credentials
  6. Client sends the credentials to the IdP which verifies the credentials
  7. If credentials are valid, then Identity Token (IdT) is sent to the Authentication Server (AS). Else return to step 3
  8. AS creates access token and sends back to the client
  9. Client tries to access the secure service using the access token
  10. Service grant client access to the secure service

At this point, the SSO is successfully completed.