Glossary
October 18, 2023

Single Sign-On (SSO): Simplifying The User Experience

Adding single sign-on to your website or application is an excellent way to streamline the signup and login process for your users. In this article, we’ll cover the basics of SSO and provide resources on how you can implement SSO today.

Skip to the Docs: Set Up and Configure SSO

What is Single Sign-On (SSO)?

Single Sign-On (SSO) is an authentication process that allows users to access multiple services or applications with a single set of credentials (username and password). Instead of remembering numerous passwords, you have one gateway to all your digital destinations, making it a convenient option for both organizations and individual users.

If you’ve ever logged in to a website using Google or Facebook, you have used SSO.

The Technical Side of SSO

In simple terms, SSO establishes a trusted relationship between different platforms and services. When a user logs in once, a token is generated. This token is then used to grant access to other systems without requiring the user to log in again. The SSO solution verifies the token for each new service, bypassing the need for repeated logins.

Benefits of SSO

  1. Enhanced User Experience: No one enjoys the hassle of logging into different platforms individually. SSO simplifies this by requiring just one login.
  2. Increased Productivity: Less time spent logging in means more time focusing on core tasks.
  3. Lowered Security Risks: With fewer passwords, the chances of employing weak passwords or storing them insecurely are reduced.

Drawbacks and Concerns

The primary concern with SSO is that it can create a single point of failure. If someone gains unauthorized access to the SSO account, they could gain access to all linked services.

To address these concerns, consider pairing SSO with MFA to create an extra layer of security. We also recommend regular security audits to track account activity and detect anomalies that could point to a security breach.

SSO Best Practices

Only add a few providers: Adding more than 1 or 2 providers can make it difficult for users to remember which option they used. This can cause them to accidentally create more than one account for your service, especially if they have used different email addresses with different providers.

Offer an email option: Consider including a "standard" option like email/password or email magic links so users can use an email address. Many users may not have an account with your chosen SSO providers or may not want to associate their provider account with your service.

Be clear with your SSO provider: Remember that an SSO provider can revoke your application status at their discretion. If this happens, you retain all of your user information on Userfront, but your users cannot sign on using the SSO provider. To avoid this, clearly describe your service to both the provider and your users, including what your service does and how the information you collect is used. Also, take care not to violate the SSO provider's terms and conditions.

Adding SSO with Userfront

Userfront offers SSO support on all of our plans — including the free tier. We currently support SSO with:

  • Apple
  • Azure
  • Facebook
  • GitHub
  • Google
  • LinkedIn
  • Okta

For more information on adding SSO to your application with Userfront, continue here:

Related

SOC 2 Compliance: What You Need to Know

SOC 2 is a framework specifically designed to ensure that service providers handle data securely, addressing three key areas: security, availability, and confidentiality. This framework is crucial for organizations that store or process customer information, particularly those in the SaaS industry.
September 4, 2024
By 
Darin Evangelista
Glossary

Machine-to-Machine Authentication: JWTs vs API Keys

This guide explores how Userfront handles M2M authentication, providing an in-depth look at the options available, including JSON Web Tokens (JWTs) and API keys, and how they can be tailored to meet specific security requirements.
August 28, 2024
By 
Darin Evangelista
Glossary

Tenants All the Way Down: How Userfront Handles Access Management

This blog post explores various approaches to access management, focusing on the flexibility provided by tenants, child tenants, and multi-tenancy.
July 24, 2024
By 
Darin Evangelista
Glossary