Inhoud x
      Single Sign-On (SSO)
      • 24 Aug 2023
      • Afdrukken
      • Pdf
      Inhoud

      Single Sign-On (SSO)

      • Bijgewerkt op 24 Aug 2023
      • Afdrukken
      • Pdf
      Article Summary

      Feel free to contact Paragin for further explanation and/or support with the SSO functionality!

      Description

      Single Sign-On or SSO is a login method where you have direct access to all underlying applications after one secure login session. So instead of logging in separately for all applications, access can be granted for each application by logging in once.

      It is possible to set up an SSO connection in MyPortfolio so that users can log in to their participant or administrator account in MyPortfolio via an external Identity Provider (IdP). An IdP stores and manages the digital identities. Think of an IdP as a guest list, but for digital and cloud-hosted applications.

      Paragin uses RemindoConnect to support the many different products and IdPs. This is a middleware application that stores IdP configurations.

      If a user clicks on logging in via SSO, the IdP passes on attributes of the user logged in there. These attributes include a user name, user ID, e-mail address, etc.

      The attribute with which a unique user can be identified is set as a 'match attribute'; preferably this is a readable attribute such as an email address or username.

      In MyPortfolio, this match attribute is set for each user in the RemindoConnect code field. Depending on the language settings of the MyPortfolio environment, the naming of this field may differ.

      If a user logs in via an IdP, MyPortfolio searches for the user accounts with the matching match attribute. If one account is found, the user will be logged in immediately, if there are several accounts with the same match attribute, the user can choose which account to log in to.

      It happens that the match attributes are unknown, but that an SSO connection is desired. If the registration module is enabled in MyPortfolio, a user who is not recognized will be given the option to register himself. When logging in, the match attribute is saved and from now on this user will be able to log in automatically via the SSO connection. Due to security, it is only possible for participant accounts to register themselves.

      For further settings, see the articles below:

      Step-by-step plan for setting up SSO via SURFconext

      Step-by-step plan to set up SSO via Entree Federation

      Step-by-Step Setup SSO via SAML / ADFS (Generic)

      Disclaimer: This text was automatically translated from the Dutch version.

      What's Next