Lesson 7
7 min read

Components in Single Sign-On

What is the role of the components in SSO and which are belonging to the consumer and the provider

Carlo Belloni
Project Manager and SEO Specialist at Kisi
Components in SSO

Intro

What are the components involved in single sign-on? In this article we go through them differentiating between the ones related to consumer and the ones owned by the provider

What is Single Sign-On?

Single sign-on (SSO) can be defined as a user authentication service that simplifies identity management. It allows users to access multiple applications and websites with only one set of login credentials. 

SSO relies on a trusted third party to verify users and can be used by both individuals and organizations to manage multiple usernames and passwords. 

The Components In Single Sign-on

Single sign-on comprises two parts which consist of a consumer and producer component. Business data is both provided or consumed within a single sign-on environment. This process is initiated when the consumer component makes a call to an individual or company's web server on behalf of the user. In this case, the website server will take the role of the producer component.

In a basic web SSO service, an agent module on the application server retrieves the specific authentication credentials for an individual user from a dedicated SSO policy server. The service also authenticates the end-user for all the applications the user has rights to and eliminates future password prompts for individual applications during the same session.

MicroStrategy Web is a great example of a website server that utilizes single sign-on, thereby allowing users to access MicroStrategy Web without having to log in.

The consumer component passes on a combination of information for identifying the user like the user's login credentials or the session ID. When MicroStrategy Web receives the information, it handles the user request, using the forwarded information.

To sum it all up, there are multiple single sign-on services you can use. All of them are user authentication services that act as an intermediary on behalf of the end-user. It provides an access token that authorizes the sharing of specific account information. 

When a user then attempts to access an application from the service provider, the service provider sends a request to the identity provider for authentication. The service provider then verifies the authentication and logs the user in.

The Consumer Components

The consumer component in SSO can refer to a browser, portal, any 3rd-party application or even an identity management application. Every time a user connects to a web server through a browser, portal or application, it may require authentication if the server has not verified the user yet. 

For example, if users want to access MicroStrategy Web, they start a session and authentication occurs either by retrieving their credentials and passing it on in the URL to MicroStrategy Web or by connecting to the server that already has access to previously stored login credentials.

Google, LinkedIn, Twitter, and Facebook all offer SSO services that allow people to log into a third-party application with their social media login details. In this case, Google, LinkedIn, Twitter and Facebook would be the provider component and the third-party applications would act as consumer components.

The Provider Component

Whenever a user requests data through a consumer component, like a third-party application, from a provider component, like Google, the provider component must authenticate certain information in order to authorize the user. Authentication or authorization occurs in different ways, depending on the provider component’s security settings and setup.

Authentication may involve communications between the user, an identity provider that maintains a user directory, and a service provider. It can also be achieved through a ticket-granting ticket (TGT) which fetches service tickets for other applications the user wants to access, without requiring the user to re-enter credentials.

Software products and services for enterprise single sign-on (eSSO) are likened to password managers with both server and client components. These components enable users to log in to target applications by replaying their credentials. 

As a rule of thumb, the login details almost always consist of a username and password. The target applications usually do not need to be modified in order to be compatible with enterprise single sign-on software. 

All in all, it is not that hard to understand how to use an SSO. With only 2 basic components at play and an abundance of different SSO’s to choose from, you will easily find an SSO solution that works for you or your company.

Starting a new project?
Physical Security Technology Guide
Join over 10,000 workplace leaders who use our guide to make more informed decisions about their physical security.
Kisi Twitter
Kisi Instagram
Kisi Facebook