Single Sign-On (SSO) Capabilities In Joget: OpenID Connect, SAML, Kerberos and More
As a leading open source low-code application platform, Joget supports the most popular single sign-on (SSO) authentication standards such as OpenID Connect, SAML and Kerberos. This article is a brief introduction to SSO, its benefits and how it works.
What Is Single Sign-on (SSO)?
Single sign-on (SSO) is the ability for users to access multiple applications or systems by using a single login. Just like how Facebook, Google or Apple accounts are increasingly used to access many different consumer services, SSO in an enterprise environment is becoming a critical requirement.
Why Is SSO Important?
Reason #1 Security and Compliance
Increased digitalization and workflow process automation mean that organizations face a proliferation of new applications. The more apps and credentials there are, the higher the risk of security threats, phishing attempts and ransomware attacks. SSO reduces these security risks and helps with regulatory compliance around authentication and data access.
Reason #2 Simplified Identity Management and Reduced Cost
SSO streamlines the onboarding, separation and management of employee credentials in an organization, which in large enterprises incurs a significant cost in terms of IT resources and potential human errors.
Reason #3 User Convenience and Usability
Remembering multiple credentials is becoming a real burden to users, and implementing SSO can save employee time resulting in increased productivity. Seamless access to applications also makes it more likely for users to readily adopt new applications and workflows.
How Is SSO Implemented?
An identity provider (IDP) is a solution that stores and manages user identities. The general SSO flow is such that a user authenticates against an identity provider, and receives a token or ticket in response. The token is then recognized by the application the user accesses, typically called a service provider (SP).
Over the past decades, on-premise solutions (often called user directory services) such as Microsoft Active Directory and OpenLDAP have been the core identity providers in enterprises, along with newer solutions like Red Hat SSO and its open source counterpart Keycloak. With the rise of cloud technology, Identity-as-a-Service (IDaaS) hosted solutions have emerged with platforms like Azure Active Directory, Google Cloud Identity, Amazon Cognito, Okta, OneLogin, and many others.
There are many authentication standards, and most identity providers support one of the popular standard authentication protocols:
#1 OpenID Connect
OpenID Connect (OIDC) is one of the latest and most popular authentication standards. Launched in 2014, it was originally based on the design of Facebook Connect and relies on the OAuth 2.0 protocol. OpenID Connect is supported by many identity providers including Google, Microsoft and Salesforce. OpenID Connect is different from the older OpenID 1.0 and OpenID 2.0 standards which are obsolete.
Security Assertion Markup Language (SAML) is an XML-based authentication standard with widespread support. The latest version of the specification is SAML 2.0, and it is a mature technology that was introduced in 2005. Most identity providers, including Microsoft and Google, support SAML 2.0.
Kerberos is a network authentication protocol for systems within the same network. Kerberos was created by the Massachusetts Institute of Technology (MIT), and is typically supported in operating systems. Microsoft has incorporated Kerberos as the default authentication method in Windows since Windows 2000, and it is an integral component of the Windows Active Directory service.
LDAP (Lightweight Directory Access Protocol) is a mature, open and cross platform protocol to access directory services. It is often used for authentication and storing information about users, groups and applications. Many directory servers support the LDAP protocol, including Microsoft Active Directory.
Supported SSO Standards in Joget DX
Joget supports the most popular single sign-on (SSO) authentication standards. The dynamic plugin architecture in Joget also allows custom SSO implementations to be developed when required. The following are the SSO related Joget Marketplace plugins, tutorials and knowledge base articles:
- SAML Directory Manager Plugin
- Joget SSO with Keycloak using SAML
- Joget SSO with Azure Active Directory using SAML
- Joget SharePoint SSO Integration
Custom SSO Implementations
Resources to get started developing low-code apps with Joget:
- Get Started — On-premise, on-demand, public/private cloud, cloud native, and more.
- Joget DX Video Tutorials — Quick overview and build your first app.
- Joget DX Knowledge Base — User and developer reference, samples and other documentation.
- Community Q&A — Ask questions, get answers, and help others.
- Language Translations — Translations for more than 20 languages.
- Joget Academy — Self-paced online learning and certification.
- Joget Marketplace — Download ready made apps, plugins, templates and more.
- Joget Events — Upcoming and past Joget events & webinars.
- Joget Press — Joget press releases.
- Joget Reviews — Joget reviews and customer testimonials.