SSO (Single Sign-On) Login
Customer SSO Login

Give customers and partners one digital identity for simplified SSO login to all your connected digital services and applications

Ubisecure SSO lets your customers, partners and contractors log in just once and then transparently authenticate to all the digital services and applications they have been granted rights to – eliminating the need for multiple logins or credentials.

SSO Identity Providers - Ubisecure

Single Sign-On

Embed SSO into your application from Ubisecure services running as IDaaS, in your Cloud or from an On-Premise deployment.

Reduce churn

No more multiple registrations and accounts to manage. Improve the customer experience and reduce credential management support costs.

Compliance services

Supports all the identity standards – OpenID Connect, OAuth 2.0, SAML.

Multifactor Authentication

Supports dozens of identity providers, enterprise use identity directories, and MFA form factors.

Reduce the number of identity credentials you expect your customers (and your IT admins) to manage

Embed Ubisecure Single Sign-On into your applications to gain greater security, customer engagement and user experience.

No need to break user engagement by having them authenticate to every application or service – authenticate just once.

Allow initial customer registration and login using existing social, professional, enterprise or verified digital identities. Use frictionless Multi-Factor Authentication (MFA) and get back to breach protection basics with better username and password management.

Available as Identity-as-a-Service (IDaaS), deployed to your own Cloud or On-Premise at your own datacenter

SSO Single Sign-On

Ubisecure Customer SSO (Single Sign-On) allows a customer, partner or contractor to log into one application or one network domain, and then will be logged in automatically to other associated applications or domains. Give users a single identity and one set of credentials for all your applications.

>> Learn more about SSO deployed as IDaaS

Identity Provider (IdP) Support

Ubisecure’s Authentication Adapter microservice provides your applications with out-of-the-box support for delegated authentication from many Identity Providers, and fast addition of any standards-based identity credential including SAML, OpenID, OAuth 2.0, OpenID Connect, Mobile Connect, WS-Federation.

  • Social
  • Business
  • Verified Digital Identities
  • Federated Networks
  • Social Digital Identities
  • Professional Digital Identities
  • Verified Digital Identities
  • Federated Digital Identities

The Identity Broker Engine

The Identity Broker Engine enables the smart exchange of user attributes to offer Zero Trust networking while respecting user privacy. The core functioning includes:

  • Normalising data from different providers to simplify application integration – e.g. bank sends date of birth in mm/DD/yyyy format and mobile operator yyyy-mm-dd.
  • Masking user data according to minimum information disclosure principles – e.g., bank sends date of birth in full, and the Identity Platform can send to the integrated application that the user is “over 18”.
  • Providing pseudonymization – only send a token that the user is the same as last time with no other user identifiable information.
  • Providing anonymization – ensure the user is real and has the required permissions (roles and attributes) but send a unique token each time to prevent tracking or collusion between recipients.
  • Directory mapping – using a unique identifier sent by a third-party identity provider to find a user in a local database.
  • External service queries – using a unique identifier sent by a third-party identity provider to find a user in a local database by resolving a common attribute through a commercial or in-house web service.

The Engine is used to efficiently integrate data sources such as AD, LDAP or SQL, so the user identity-related data can be retrieved and utilised on a per-session basis. The result is an individual identity profile, specific to each connected application or outbound federation link. The identity attributes of the user are collected and modified so that they will match the access and authorisation requirements of the application that the user is trying to access. Naturally, only those attributes needed for functioning and authorized by the user are shared.

If the user moves to another application and needs a different set of identity attributes, the Engine will automatically create a correct user profile. The Engine allows for a creation of an environment where privacy-by-design principles are followed by allowing the applications to receive the exact and minimum amount of personal data and where needed, anonymising attributes.

SSO - reduce credentials

Improve Security, Eliminate Support Costs

With reduced login credentials to remember, users will have less impact on support help desks. With less password fatigue, users will expose passwords less.

SSO Centralised Policy Access Management

Centralised Policy

Benefit from a centralised policy management that delivers the right identity attributes to internal or external applications ensuring compliance to privacy regulations. Centrally control who has access to which resources or applications in your ecosystem – down to domain, specific resources, applications and digital services.

 

Grano implemented Ubisecure Customer Single Sign-On in their document management service, SokoPro, averaging 17,000 daily logins. Find out what challenges the solution has solved and the benefits for all users.

>> Read Case Study

Resources

AWARD – TELIA WINS WITH UBISECURE

Ubisecure wins….

Winner EIC 2019 Best Consumer Project

>> Read More

LIVE EXAMPLE

Single Page Applications (SPAs)

How to enable JavaScript SPAs to use OpenID Connect 1.0 for authentication, and then how to access OAuth 2.0 protected APIs. Both apps can be integrated with Ubisecure SSO.

>> Read More

USE CASE SUMMARY

Customer SSO Login

An overview of Customer Single Sign-On, with some of the information from this page. A useful reference for the less-technically-minded.

>> Read More

Ready to get started?