But we can also use the claims stated in the SSO token to evaluate the user's rights within {{UBIK}} itself, without any 3rd party system involved, if required.
= Architecture and flow (OIDC) =
[[FileImage:UBIK SSO Architecture.png|thumb]]
# The user logs in to the SSO environment at the Identity Provider, using their web browser. If the login was successful, the browser redirects the user back to the app.
# Using a back channel without user interface, the app now fetches the actual SSO token from the Identity Provider.
* [[Integrate_UBIK_in_an_SSO_Environment|How to integrate {{UBIK}} in an SSO environment]]
[[Category:Pages with broken file links|Single Sign-On]]
[[Category:SSO|Single Sign-On]]