Single Sign-On terminology

Are you looking to set up single sign-on (SSO)? Familiarize yourself with essential terminology beforehand.

Single Sign-On (SSO)

Single Sign-On is an authentication process that allows users to access multiple applications or services with a single set of credentials, eliminating the need to log in separately for each application.

Authentication

The process of verifying the identity of a user, system, or entity to ensure that they are who they claim to be.

Authorization

Authorization is the process of granting or denying access to specific resources or functionalities based on the authenticated user’s permissions.

Session

A session represents the duration of a user’s interaction with a system or application, typically starting from the moment of login until logout.

Identity Federation

Identity Federation is the integration of authentication processes across multiple systems to enable Single Sign-On and facilitate secure access to resources.

Security Token

A security token is a piece of data generated during the authentication process, often containing user information and permissions. It is used to validate the user’s identity during subsequent requests.

Service Provider (SP)

In the context of general SSO, a Service Provider is an entity that provides services and relies on an Identity Provider for authentication. In OpenID Connect a service provider is called a relying party, though some use the terms interchangeably. It relies on the OpenID provider or identity provider for authentication.

Identity Provider (IdP)

An Identity Provider is a system that authenticates users and provides information about them to service providers during the SSO process. In OpenID Connect, an identity provider is called an OpenID provider. It authenticates users as requested by the relying party.

OpenID Connect (OIDC)

OpenID Connect is an open standard authentication protocol built on top of OAuth 2.0. With OpenID Connect, the relying party and OpenID provider can exchange information about who a user is and what they can do with a service.