Adding single sign-on to your website or application is an excellent way to streamline the signup and login process for your users. In this article, we’ll cover the basics of SSO and provide resources on how you can implement SSO today.
Skip to the Docs: Set Up and Configure SSO
What is Single Sign-On (SSO)?
Single Sign-On (SSO) is an authentication process that allows users to access multiple services or applications with a single set of credentials (username and password). Instead of remembering numerous passwords, you have one gateway to all your digital destinations, making it a convenient option for both organizations and individual users.
If you’ve ever logged in to a website using Google or Facebook, you have used SSO.
The Technical Side of SSO
In simple terms, SSO establishes a trusted relationship between different platforms and services. When a user logs in once, a token is generated. This token is then used to grant access to other systems without requiring the user to log in again. The SSO solution verifies the token for each new service, bypassing the need for repeated logins.
Benefits of SSO
- Enhanced User Experience: No one enjoys the hassle of logging into different platforms individually. SSO simplifies this by requiring just one login.
- Increased Productivity: Less time spent logging in means more time focusing on core tasks.
- Lowered Security Risks: With fewer passwords, the chances of employing weak passwords or storing them insecurely are reduced.
Drawbacks and Concerns
The primary concern with SSO is that it can create a single point of failure. If someone gains unauthorized access to the SSO account, they could gain access to all linked services.
To address these concerns, consider pairing SSO with MFA to create an extra layer of security. We also recommend regular security audits to track account activity and detect anomalies that could point to a security breach.
SSO Best Practices
Only add a few providers: Adding more than 1 or 2 providers can make it difficult for users to remember which option they used. This can cause them to accidentally create more than one account for your service, especially if they have used different email addresses with different providers.
Offer an email option: Consider including a "standard" option like email/password or email magic links so users can use an email address. Many users may not have an account with your chosen SSO providers or may not want to associate their provider account with your service.
Be clear with your SSO provider: Remember that an SSO provider can revoke your application status at their discretion. If this happens, you retain all of your user information on Userfront, but your users cannot sign on using the SSO provider. To avoid this, clearly describe your service to both the provider and your users, including what your service does and how the information you collect is used. Also, take care not to violate the SSO provider's terms and conditions.
Adding SSO with Userfront
Userfront offers SSO support on all of our plans — including the free tier. We currently support SSO with:
- Apple
- Azure
- GitHub
- Okta
For more information on adding SSO to your application with Userfront, continue here: