Single Sign-On (SSO)
Customer SSO lets your customers, citizens, partners and contractors log in just once and then transparently authenticate to all the digital services and applications they have been granted rights to – eliminating the need for multiple logins or credentials.
Embed SSO into your application from Ubisecure services running as IDaaS, in your Cloud or from an On-Premise deployment.
No more multiple registrations and accounts to manage. Improve the customer experience and reduce credential management support costs.
Supports all the identity standards – OpenID Connect, OAuth 2.0, SAML.
Supports dozens of identity providers, enterprise use identity directories, and MFA form factors.
Reduce the number of identity credentials you expect your customers (and your IT admins) to manage
Embed Ubisecure Single Sign-On into your applications to gain greater security, customer engagement and user experience.
No need to break user engagement by having them authenticate to every application or service – authenticate just once.
Allow initial customer registration and login using existing social, professional, enterprise or verified digital identities. Use frictionless Multi-Factor Authentication (MFA) and get back to breach protection basics with better username and password management.
Available as Identity-as-a-Service (IDaaS), deployed to your own Cloud or On-Premise at your own datacenter
Ubisecure Customer SSO (Single Sign-On) allows a customer, partner or contractor to log into one application or one network domain, and then will be logged in automatically to other associated applications or domains. Give users a single identity and one set of credentials for all your applications.
Identity Provider (IdP) Support
Ubisecure’s Authentication Adapter microservice provides your applications with out-of-the-box support for delegated authentication from many Identity Providers, and fast addition of any standards-based identity credential including SAML, OpenID, OAuth 2.0, OpenID Connect OIDC, Mobile Connect, WS-Federation.
- Social
- Business
- Verified Digital Identities
- Federated Networks
The Identity Broker Engine
The Identity Broker Engine enables the smart exchange of user attributes to offer Zero Trust networking while respecting user privacy. The core functioning includes:
- Normalising data from different providers to simplify application integration – e.g. bank sends date of birth in mm/DD/yyyy format and mobile operator yyyy-mm-dd.
- Masking user data according to minimum information disclosure principles – e.g., bank sends date of birth in full, and the Identity Platform can send to the integrated application that the user is “over 18”.
- Providing pseudonymization – only send a token that the user is the same as last time with no other user identifiable information.
- Providing anonymization – ensure the user is real and has the required permissions (roles and attributes) but send a unique token each time to prevent tracking or collusion between recipients.
- Directory mapping – using a unique identifier sent by a third-party identity provider to find a user in a local database.
- External service queries – using a unique identifier sent by a third-party identity provider to find a user in a local database by resolving a common attribute through a commercial or in-house web service.
The Engine is used to efficiently integrate data sources such as AD, LDAP or SQL, so the user identity-related data can be retrieved and utilised on a per-session basis. The result is an individual identity profile, specific to each connected application or outbound federation link. The identity attributes of the user are collected and modified so that they will match the access and authorisation requirements of the application that the user is trying to access. Naturally, only those attributes needed for functioning and authorized by the user are shared.
If the user moves to another application and needs a different set of identity attributes, the Engine will automatically create a correct user profile. The Engine allows for a creation of an environment where privacy-by-design principles are followed by allowing the applications to receive the exact and minimum amount of personal data and where needed, anonymising attributes.
Improve Security, Eliminate Support Costs
With reduced login credentials to remember, users will have less impact on support help desks. With less password fatigue, users will expose passwords less.
Centralised Policy
Benefit from a centralised policy management that delivers the right identity attributes to internal or external applications ensuring compliance to privacy regulations. Centrally control who has access to which resources or applications in your ecosystem – down to domain, specific resources, applications and digital services.
Grano implemented Ubisecure Customer Single Sign-On in their document management service, SokoPro, averaging 17,000 daily logins. Find out what challenges the solution has solved and the benefits for all users.
What does single sign-on (SSO) mean?
How can single sign-on (SSO) increase sales?
How does a single sign-on (SSO) system save you money?
How to get the best user experience from your single sign-on (SSO) system
What is “logging” in SSO (single sign-on)?
What is Federation?
Resources
LIVE EXAMPLE
Single Page Applications (SPAs)
How to enable JavaScript SPAs to use OpenID Connect 1.0 for authentication, and then how to access OAuth 2.0 protected APIs. Both apps can be integrated with Ubisecure SSO.
>> Read More
USE CASE SUMMARY
Customer SSO Login
An overview of Customer Single Sign-On, with some of the information from this page. A useful reference for the less-technically-minded.
>> Read More