Single Sign-On (SSO)
Customer SSO is an easy way to let your customers, citizens, partners and contractors log in just once and then transparently authenticate to all the digital services and applications they have been granted rights to – eliminating the need for multiple logins or credentials.
Easily enable SSO across all your applications, whether in the cloud, on-premises, or a hybrid of both.
No more multiple registrations and accounts to manage. Improve the customer experience and reduce credential management support costs.
Supports all the identity standards – OpenID Connect, OAuth, CIBA, SAML.
Supports dozens of reusable / portable identity providers, enterprise identity directories, MFA form factors and passwordless.
Reduce the number of identity credentials you expect your customers (and your IT admins) to manage
Single Login
Maintain seamless customer journeys with transparent logins across all application and services – authenticate the customer just once.
BYOI
Use any Identity Provider imaginable. From enterprise user directories to the millions of reusable identities across the BYOI ecosystem.
Security
With less password fatigue, users will expose or reuse passwords less. Centralised authentication control maintains consistent best practices and use of MFA or Passwordless.
User Experience
Frictionless and flexible login and authentication options. Engaging with applications will be made faster, easier and more secure.
Eliminate Support Desk Costs
With less login credentials to forget, users will have less impact on support help desks.
Centralised Policy
Deliver the right identity attributes to internal or external applications ensuring compliance to privacy regulations. Centrally control access to resources or applications.
SSO delivered as Identity-as-a-Service (IDaaS), On-Premises at your own datacenter, or a Hybrid of both
Ubisecure Customer SSO (Single Sign-On) allows a customer, partner or contractor to log into one application or one network domain, and then will be logged in automatically to other associated applications or domains. Give users a single identity and one set of credentials for all your applications, whether mobile, web, enterprise or legacy.
Identity Provider (IdP) Support
Ubisecure’s Authentication Adapter microservice provides your applications with out-of-the-box support for delegated authentication from many Identity Providers, and fast addition of any standards-based identity credential including SAML, OpenID, OAuth 2.0, OpenID Connect OIDC, Mobile Connect, WS-Federation.
- Social
- Business
- Verified Digital Identities
- Federated Networks
The Identity Broker Engine
The Identity Broker Engine enables the smart exchange of user attributes to offer Zero Trust networking while respecting user privacy. The core functioning includes:
Normalising data
from different providers to simplify application integration – e.g. bank sends date of birth in mm/DD/yyyy format and mobile operator yyyy-mm-dd.
Masking user data
according to minimum information disclosure principles – e.g., bank sends date of birth in full, and the Identity Platform can send to the integrated application that the user is “over 18”.
Providing pseudonymization
only send a token that the user is the same as last time with no other user identifiable information.
Providing anonymisation
ensure the user is real and has the required permissions (roles and attributes) but send a unique token each time to prevent tracking or collusion between recipients.
Directory mapping
using a unique identifier sent by a third-party identity provider to find a user in a local database.
External service queries
using a unique identifier sent by a third-party identity provider to find a user in a local database by resolving a common attribute through a commercial or in-house web service.
The Identity Broker Engine is used to efficiently integrate data sources such as AD, LDAP or SQL, so the user identity-related data can be retrieved and utilised on a per-session basis. The result is an individual identity profile, specific to each connected application or outbound federation link.
The identity attributes of the user are collected and modified so that they will match the access and authorisation requirements of the application that the user is trying to access. Only those attributes needed for functioning and authorised by the user are shared.
If the user moves to another application and needs a different set of identity attributes, the Identity Broker Engine will automatically create a correct user profile. The Identity Broker Engine allows for a creation of an environment where privacy-by-design principles are followed by allowing the applications to receive the exact and minimum amount of personal data and where needed, anonymising attributes.
Grano implemented Ubisecure Customer Single Sign-On in their document management service, SokoPro, averaging 17,000 daily logins. Find out what challenges the solution has solved and the benefits for all users.
The SSO Video Series with Keith Uber
ℹ What is SSO?
ℹ User experience and SSO
ℹ How can SSO reduce costs?
ℹ How can SSO increase sales?
ℹ The importance of logging in SSO
ℹ Why are identity standards important?
ℹ What is identity federation?
Resources
LIVE EXAMPLE
Single Page Applications (SPAs)
How to enable JavaScript SPAs to use OpenID Connect 1.0 for authentication, and then how to access OAuth 2.0 protected APIs. Both apps can be integrated with Ubisecure SSO.
>> Read More
USE CASE SUMMARY
Customer SSO Login
An overview of Customer Single Sign-On, with some of the information from this page. A useful reference for the less-technically-minded.
>> Read More