OpenID Connect Single Sign-On (SSO)
One flexible login for all your users and apps
Provision of Single Sign-On (SSO) to applications is a major duty of the Connect2id server. The enterprise enjoys the benefits of centralised login, but is also able to establish distinct login channels and experiences, depending on user, device or application type:
Highly-available login for web, native (desktop) as well as mobile apps.
Handle internal (on-premise) as well as external and third-party applications.
- The authentication pipeline can be tailored to match the exact security requirements for each category of users (employees, contractors, partners and customers / consumers).
The ID token provides a unified method for signing users into applications (relying parties). ID tokens are compact, JSON-based and URL-safe, and can be protected by a range of cryptographic algorithms, such as HMAC, RSA and EC signatures. They are also vastly easier to consume, compared to SAML. OpenID Connect has done a great job in this regard.
Rich session management
The Connect2id server comes with a built-in session store, able to handle millions of concurrent sessions, and providing a comprehensive web API to manage and monitor them.
Users can have multiple concurrent login sessions, across multiple devices.
Each user session can have a specific authentication level (LoA) to match the application’s security requirements. For instance, an admin or financial application could require a session with strong two-factor authentication, while password-based authentication could be sufficient for less sensitive applications.
- Active user sessions can be queried and managed via a secure web API, to check who is online and to collect various metrics.