Skip to main content

Single Sign On

Single Sign-On (SSO) refers to the authentication process that allows your customers to access multiple applications with a single set of login credentials and an active login session.

In the SSO ecosystem:

  • Service Provider (SP): The user visits this application for service. In the SSO ecosystem, the SP is considered a Slave.
  • Identity Provider (IdP): The service provider receives the user authentication status from the IDP, which is considered a master in the SSO ecosystem.

When using the LoginRadius Identity Platform, you can implement SSO and SLO across multiple websites by designating these websites as Service Providers, with LoginRadius serving as the Identity Provider. If you need to integrate an alternative Identity Provider instead of LoginRadius, please refer to the custom IDP documentation for guidance.

Use Cases of SSO in Business

SSO streamlines authentication, allowing users to log in once and securely access multiple applications across different ecosystems. This reduces password fatigue, improves user experience, and enhances security.

  • Seamless User Access: SSO enables users to move between different applications without repeated logins, ensuring a smooth and integrated experience.
  • Improved Productivity: By eliminating the need for multiple credentials, SSO enhances efficiency for both individual users and organizations, reducing time lost to login issues and password resets.
  • Secure Third-Party and Partner Integrations: Federated SSO facilitates secure authentication across external platforms, ensuring seamless business-to-business (B2B) and business-to-consumer (B2C) interactions without compromising security.
  • Unified Identity Management: Centralized authentication allows organizations to enforce security policies across all applications, simplifying identity and access management.
  • Cross-Device and Cross-Platform Continuity: Users can start a session on one device and continue it on another without reauthentication, providing a consistent and convenient experience across web, mobile, and desktop applications. For example, an employee logs in once to access HR portals, resource management tools, and project tracking systems like Jira.
  • Collaboration with External Partners: Federated SSO enables businesses to integrate securely with partner systems without redundant authentication. For example, It Allows employees to access partner-provided SaaS tools like Salesforce or Asana using their enterprise credentials.
  • Unified Authentication Simplifies access for developers working across multiple internal and external platforms. For example, a developer authenticates once to access all company SaaS applications, ensuring alignment with organizational IAM policies.

SSO Workflow in LoginRadius

The following steps illustrate the SSO workflow when implemented with the LoginRadius Identity Platform:

  1. When users visit site A (Service Provider), they access the site and click the login link, redirecting them to the Identity Provider (IDP).
  2. Authentication at the IDP: At the IDP, the user enters their credentials and is authenticated. A session is established, and the user is logged into Site A.
  3. Whenever the same user visits Site B (Service Provider) and clicks the login link, they are redirected to the IDP.
  4. Since the user’s session is still active, the IDP recognizes it and logs the user into Site B without requiring re-authentication.

This workflow highlights how LoginRadius simplifies SSO by centralizing authentication, ensuring secure and seamless access across multiple Service Providers.

Types of SSO Supported by LoginRadius

  1. Web SSO simplifies browser-based session management by utilizing browser storage mechanisms like cookies, sessionStorage, or localStorage. LoginRadius IDX manages authentication through a centralized domain, which shares the session securely with authorized web applications. This ensures a seamless user experience across the web ecosystem. For more details on Web SSO, refer to our documentation here.

  2. Mobile SSO leverages shared storage, such as shared preferences on Android or keychain storage on iOS, to store the LoginRadius access token. This enables linked mobile apps to access an active session, ensuring continuity as users move between mobile apps in the same ecosystem. When a Single Sign-on is required between two or more mobile apps, LoginRadius Identity Platform acts as an Identity Provider. For more details on Mobile SSO, refer to our documentation here.

  3. Federated SSO supports authentication across multiple applications where LoginRadius acts as an Identity Provider or a Service Provider. This is especially useful in integrating third-party applications using standard protocols like SAML, OAuth, OpenID Connect (OIDC), and JWT. Identity providers can be organizational partners who issue and hold digital identities/tokens/tickets. With LoginRadius Federated SSO, your business can leverage that identity and make authentication seamless for your customers.

  4. QR Code/Cross-Device SSO synchronizes sessions across multiple devices, such as smartphones, tablets, and desktops. For example, if a user logs in on their smartphone, they can seamlessly continue their session on their laptop without needing to log in again. This provides a consistent and uninterrupted experience. For more details on Cross-Device SSO, refer to our documentation here.

  5. Custom Identity Providers (BYOI) allow organizations to configure bespoke application login solutions. This is ideal for scenarios where the available range of social login providers does not meet specific customer needs, and Custom Identity providers are frequently implemented in such cases.

  6. SSO Connectors are designed for third-party applications not supporting standard SSO protocols. By leveraging mechanisms like Password Delegation, LoginRadius creates a unified SSO experience for these applications, effectively bridging compatibility gaps. For more details on SSO Connectors, refer to our documentation here.

Business Use Cases of Each SSO Type

  • Web SSO: Enables seamless authentication across web applications within a controlled environment. This approach is ideal for businesses that own their domain and codebase, as it requires JavaScript and API-level integration.
    Note: Web SSO ensures users can navigate between multiple web services without requiring multiple logins. It guarantees seamless navigation across web applications in a controlled ecosystem. Example: A customer moving between an online store and its loyalty program.
  • Mobile SSO: Ensures session continuity across multiple mobile applications by leveraging shared storage mechanisms such as Android shared preferences or iOS keychain storage.
    Note: This benefits applications that require authentication consistency across companion mobile apps. This leverages shared storage mechanisms such as Android shared preferences or iOS keychain storage. Example: A user accessing their mobile banking app and companion wallet app.
  • Federated SSO: Enables authentication across multiple applications, whether internal or external, by utilizing shared authentication protocols such as SAML, OAuth, or OIDC.
    Note: This is particularly useful for businesses that manage authentication across multiple partners and SaaS providers. It simplifies identity management for users and organizations. For example, Employees can access Salesforce, Jira, and other SaaS tools with a single corporate login.
  • Cross-Device SSO: Allows users to maintain a consistent authentication session across various devices, including desktops, smartphones, and tablets.
    Note: This enhances the user experience by eliminating the need to log in repeatedly when switching devices. For example, a streaming service allows users to start watching content on one device and continue on another without logging in again.
  • Custom IDPs(BYOI): Supports businesses with unique identity management needs by enabling the integration of custom authentication solutions.
    Note: This benefits organizations requiring specialized authentication beyond standard identity providers—for example, a healthcare organization is linking its internal patient identity system with a telehealth platform.
  • SSO Connectors: These provide authentication solutions for legacy systems or applications not supporting modern SSO protocols, ensuring a unified login experience.
    Note: This is essential for businesses integrating older software with contemporary authentication methods. For example, an enterprise unifies access between its legacy resource planning software and a newly deployed mobile application.

Supported Protocols and Integrations

  • SAML (Security Assertion Markup Language) facilitates the exchange of secure authentication and authorization data between the IDP and SP.
  • OAuth (Open Authorization): Provides a secure token-based authentication and authorization method.
  • OIDC (OpenID Connect): Extends OAuth 2.0 for user authentication and profile information retrieval.
  • JWT (JSON Web Token): A compact and self-contained way of securely transmitting information between parties as a JSON object.

Prebuilt Integrations and Supported SSO Connectors

LoginRadius provides prebuilt support for various Identity Providers (IDPs), SSO Connectors, and enterprise integrations. Visit our Integrations Landing Page on the Admin console to explore available integrations and filter them based on your requirements. For more information on prebuilt integrations, refer to the following document.

Custom IDPs:

LoginRadius supports a variety of custom identity providers, allowing businesses to extend authentication capabilities.

  • Doximity: Provides authentication for healthcare professionals.
  • Alipay: Supports payment-based identity verification.
  • WeChat: Offers login capabilities through China’s popular social platform.

SSO Connectors:

These connectors bridge authentication gaps for applications not natively supporting modern SSO protocols. Here, you can find detailed documentation on this.

  • Shopify: Integrates storefront access with LoginRadius for a seamless e-commerce experience.
  • BigCommerce: Bridges authentication for enterprise-grade online stores.
  • PerfectMind: Enhances access to membership-based services like gyms and community centers.

Enterprise Integrations:

Enterprise applications can be integrated with LoginRadius for secure authentication and access management.

  • Domo: Provides business intelligence dashboard authentication.
  • MS SharePoint: Secures document collaboration and sharing.
  • Atlassian Jira: Ensures streamlined project management access.
  • Salesforce: Offers centralized login for CRM functionalities.

Managing existing SSO in LoginRadius

The Admin Console provides an intuitive interface to manage all configured SSO providers. From this interface, you can conveniently view and modify the configurations for each SSO provider as needed.

  • Federated SSO: For detailed guidance on managing existing federated SSO providers, refer to the relevant documen.
  • Custom IDP: To manage an existing custom identity provider (IDP), consult the appropriate document for step-by-step instructions.