Single Sign on (SSO)

What is it?

Single Sign-On (SSO) is a service that allows you to log into apps or websites with one set of login credentials. Instead of having separate accounts for each of different apps or websites, you can log in with the same set of login credentials.

SSO can be applied to Paragin's products. This allows, for example, a student to log in with his or her school account to take a test in Remindo.

IdPs

SurfConext, Entree Federation and Microsoft Azure are the 3 best known parties, but it is also possible to connect with another IdP (Identity Provider) using the SAML 2.0 protocol. An IdP stores and manages digital identities.

To support the many different products and IdPs, Paragin uses RemindoConnect. This is a middleware application where IdP configurations are stored.

When a user logs in via SSO, the IdP passes on attributes of that user. Examples include a username, ID or e-mail address. The attribute used to identify a unique user is set as a "match attribute. The value of this attribute must be specified in the Paragin user account.

If a user logs in via an IdP, the set match attribute is included underwater. Within the linked environment, it then searches for a user account with that exact value specified in the field for the match attribute.

If one account is found the user will be logged in directly to it, if there are multiple accounts with the same match attribute the user can choose which account to log in to.

Disclaimer: This text was automatically translated from the Dutch version.