Single Signon

Single signon (SSO) is an authentication scheme that allows a user to log in with a single ID and password to any of several related, yet independent, software systems.

Passport is the authenticator service used in Motionite. Users and services both verify their identity with the service which in turn issues a security token to the requestor. This token is then passed between client and server to verify the identity of the user. In this way, a single token can be used to verify the identity of the user across many sites and services.

Example

As a concrete example, a user may visit the MView website. To be able to use the site they need to login, so they click the Login button. This redirects them to the Login page of Passport. The user would enter their credentials and, if successful, be redirected back to MView with the access token. MView has no need to store any sensitive data like passwords or any personal data. While using MView the user may wish to jump across and view the Fetch statuses. The user can simply type in the URL of the Fetch website, or use the button convieniently positioned in MView. Fetch will recognise the presence of the access token and not require the user to login again. Using his technique, the user can easily jump between the websites without the need to login constanly. Additionally, the access token will not expire for a period of time allowing the user to shutdown websites, browsers, or computers, and be able to access the websites later on without having to login again.

Benefits

Benefits of using single sign-on include: (source: Wikipedia https://en.wikipedia.org/wiki/Single_sign-on#Benefits)

  • Mitigate risk for access to 3rd-party sites (user passwords not stored or managed externally)
  • Reduce password fatigue from different username and password combinations
  • Reduce time spent re-entering passwords for the same identity
  • Reduce IT costs due to lower number of IT help desk calls about passwords
  • SSO shares centralized authentication servers that all other applications and systems use for authentication purposes and combines this with techniques to ensure that users do not have to actively enter their credentials more than once.

Passport is based on the open source product called IdentityServer4.