Single Sign On (SSO)
Single Sign-On (SSO) adds convenience to the sign on process by permitting the user to use one set of login credentials to access multiple applications.
Note: Currently we only support SAML. You'll need to confirm with your IT team to see if it is compliant with their systems before requesting SSO.
To set up SSO, ask your consultant to set up a meeting with ObservePoint's Lead Architect.
Potential dangers involved with SSO occurs when the enterprise username and password are compromised. Because only one sign-on is required, if a password is compromised this would allow access to all of the associated applications. To prevent issues like this from occurring, implementing multi/duo factor authentication is recommended.
For a technical discussion about how SSO works, see the explanation.
When the user switches between different applications, SSO authenticates that they have been given rights to access that application and allows the switch without any additional login credentials.
A user navigates to app.observepoint.com and an existing token is searched for by an authentication service created by ObservePoint. If the user has permissions for SSO, they are redirected to the enterprise login screen instead of the ObservePoint login screen. The Identity Provider (IdP) checks whether the user has permissions for SSO. After successful login, the user is brought back to the ObservePoint application.
As soon as the user is logged in, a SAML token is generated by the IdP with pertinent information and the user is redirected to the page. Each subsequent page that they visit is verified with the SAML token to identify the permissions granted to the user.