Also why is it sometimes called a federated ID? Does it have to be an email address or could any value work?

  • Observer1199@lemmy.ml
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    SSO allows users to use a single set of credentials to access multiple systems within a single organization (a single domain)

    Instead having a seperate login for a website or an app you (or whoever) set up an SSO connection between the service provider’s SSO platform and your SSO platform aka IdP. When trying to log into that website or app it redirects you to authenticate with your SSO platform. This way you sign in with your IdP (e.g. Azure, Ping, Okta, etc) credentials instead of having a seperate set of credentials for each site. If you’ve already logged into your IdP recently the site your logging into can detect that and you won’t need to enter your password.

    I believe the above example would be federated SSO because it’s between your organisation and one or more other organisations or vendors.

    Email is the most common but it can be lots of things (depending on what SSO platforms being used and how they are configured).