SSO (Single Sign-On) is a centralized authentication mechanism in which the client application fully delegates authentication to a trustworthy external service.
This has two main advantages:
- The client application (for example, Fluid Topics) delegates the verification of the user's password to the SSO mechanism.
- In an ecosystem of applications sharing the same SSO mechanism, the user is invited to authenticate only the first time. For future logins, they can authenticate almost instantaneously without any need to re-enter a password.
The complete SSO authentication process is as follows:
- The user's browser is redirected to the SSO login page.
- Once authenticated, the user is redirected back to a Fluid Topics callback page by the SSO mechanism.
- Fluid Topics handles security verifications to ensure that the values given by the SSO are trustworthy.
- Fluid Topics informs the authentication window that the user is now authenticated.
- The original window is updated and indicates that the user is recognized.
It is possible to implement the following SSO authentication workflow:
- OpenID Connect
- SAML 2.0
- JSON Web Token
With an SSO realm, users in the Sign In page can sign in with SSO by selecting the configured icon, or by entering credentials:
- It is possible to have multiple SSO realms configured, and each appears with its own configurable icon in the Sign In page.
- Fluid Topics supports Just-in-Time (JIT) provisioning.
- Fluid Topics does not support SAML Single Logout (SLO).
- Fluid Topics does not support System for cross-domain identity management (SCIM) 2.0.