Jump to: navigation, search

Changes


Single Sign-On

52 bytes added, 4 October
SSO has additional benefits, other than "just" reusing a central account and session. It also makes sure that no application other than the identity provider (and the browser) ever gets to see the user's credentials, and two-factor-authentication (2FA) can be enforced.
Some organizations do this by restricting every HTTPS interaction in their network, making sure that all requests carry a session cookie known by the identity provider, or otherwise redirecting the request to the identity provider (via an application gateway, reverse proxy or load balancer), so the user can login right away with their browser.
This works out well for all web applications running in the user's browser. However, many applications do not run within the user's browser, like for example demon services, or native mobile applications. But such applications often still use HTTPS to interact with other services or even their own servers, just not using a browser. This is also true for {{UBIK}}.
1,606
edits