Single Sign-On (SSO) Capabilities In Joget: OpenID Connect, SAML, Kerberos and More

Single Sign-On (SSO) Capabilities In Joget: OpenID Connect, SAML, Kerberos and More

As a leading open source low-code application platform, Joget supports the most popular single sign-on (SSO) authentication standards such as OpenID Connect, SAML and Kerberos. This article is a brief introduction to SSO, its benefits and how it works.

What Is Single Sign-on (SSO)?
Single sign-on (SSO) is the ability for users to access multiple applications or systems by using a single login. Just like how Facebook, Google or Apple accounts are increasingly used to access many different consumer services, SSO in an enterprise environment is becoming a critical requirement.

Why Is SSO Important?
Reason #1 Security and Compliance
Increased digitalization and workflow process automation mean that organizations face a proliferation of new applications. The more apps and credentials there are, the higher the risk of security threats, phishing attempts and ransomware attacks. SSO reduces these security risks and helps with regulatory compliance around authentication and data access.

Reason #2 Simplified Identity Management and Reduced Cost
SSO streamlines the onboarding, separation and management of employee credentials in an organization, which in large enterprises incurs a significant cost in terms of IT resources and potential human errors. 

Reason #3 User Convenience and Usability
Remembering multiple credentials is becoming a real burden to users, and implementing SSO can save employee time resulting in increased productivity. Seamless access to applications also makes it more likely for users to readily adopt new applications and workflows.

How Is SSO Implemented?
An identity provider (IDP) is a solution that stores and manages user identities. The general SSO flow is such that a user authenticates against an identity provider, and receives a token or ticket in response. The token is then recognized by the application the user accesses, typically called a service provider (SP).

Over the past decades, on-premise solutions (often called user directory services) such as Microsoft Active Directory and OpenLDAP have been the core identity providers in enterprises, along with newer solutions like Red Hat SSO and its open source counterpart Keycloak. With the rise of cloud technology, Identity-as-a-Service (IDaaS) hosted solutions have emerged with platforms like Azure Active Directory, Google Cloud Identity, Amazon Cognito, Okta, OneLogin, and many others.

There are many authentication standards, and most identity providers support one of the popular standard authentication protocols:

#1 OpenID Connect
OpenID Connect (OIDC)

OpenID Connect (OIDC) is one of the latest and most popular authentication standards. Launched in 2014, it was originally based on the design of Facebook Connect and relies on the OAuth 2.0 protocol. OpenID Connect is supported by many identity providers including Google, Microsoft and Salesforce. OpenID Connect is different from the older OpenID 1.0 and OpenID 2.0 standards which are obsolete.

#2 SAML
Security Assertion Markup Language (SAML) is an XML-based authentication standard with widespread support. The latest version of the specification is SAML 2.0, and it is a mature technology that was introduced in 2005. Most identity providers, including Microsoft and Google, support SAML 2.0.

#3 Kerberos
Kerberos is a network authentication protocol for systems within the same network. Kerberos was created by the Massachusetts Institute of Technology (MIT), and is typically supported in operating systems. Microsoft has incorporated Kerberos as the default authentication method in Windows since Windows 2000, and it is an integral component of the Windows Active Directory service.

#4 LDAP
LDAP (Lightweight Directory Access Protocol) is a mature, open and cross platform protocol to access directory services. It is often used for authentication and storing information about users, groups and applications. Many directory servers support the LDAP protocol, including Microsoft Active Directory.

Supported SSO Standards in Joget DX
Joget supports the most popular single sign-on (SSO) authentication standards. The dynamic plugin architecture in Joget also allows custom SSO implementations to be developed when required. The following are the SSO related Joget Marketplace plugins, tutorials and knowledge base articles:

OpenID Connect
SAML
Kerberos
LDAP
Custom SSO Implementations

Get Started
Resources to get started developing low-code apps with Joget:

Follow us for the latest news and updates:

 

Comments

Popular Posts

How to Solve Your Enterprise App Performance Problems

No-Code, Low-Code and Pro-Code: Why Flexibility is Essential for Digital Transformation

DISINI™ Vehicle Inspection & Insurance App

Blockchain Made Simple: No-Code Apps with Hyperledger Fabric and Joget

Security in Low-Code Applications: Cybersecurity Features and Best Practices for the Joget Open Source Platform