How does SSO work?

  • Profile Image
    Asked on October 27, 2020 at 12:27 AM

    SSO works based upon a trust relationship set up between an application, known as the service provider, and an identity provider, like One Login. This trust relationship is often based upon a certificate that is exchanged between the identity provider and the service provider. 

    The login flow usually looks like this:

    1. A user browses to the application or website they want access to, aka, the Service Provider.
    2. The Service Provider sends a token that contains some information about the user, like their email address, to the SSO system, aka, the Identity Provider, as part of a request to authenticate the user.
    3. The Identity Provider first checks to see whether the user has already been authenticated, in which case it will grant the user access to the Service Provider application and skip to step 5.
    4. If the user hasn’t logged in, they will be prompted to do so by providing the credentials required by the Identity Provider. This could simply be a username and password or it might include some other form of authentication like a OTP.
    5. Once the Identity Provider validates the credentials provided, it will send a token back to the Service Provider confirming a successful authentication.
    6. This token is passed through the user’s browser to the Service Provider.
    7. The token that is received by the Service Provider is validated according to the trust relationship that was set up between the Service Provider and the Identity Provider during the initial configuration.
    8. The user is granted access to the Service Provider MyAARPMedicare Login