Single Sign-On (SSO) Capabilities In Joget: OpenID Connect, SAML, Kerberos and More
Blog: Joget Unplugged
As a leading open source low-code application platform, Joget
supports the most popular single sign-on (SSO) authentication standards such as OpenID Connect, SAML and Kerberos. This article is a brief introduction to SSO, its benefits and how it works.
What Is Single Sign-on (SSO)?
Single sign-on (SSO) is the ability for users to access multiple applications or systems by using a single login. Just like how Facebook, Google or Apple accounts are increasingly used to access many different consumer services, SSO in an enterprise environment is becoming a critical requirement.
Why Is SSO Important?
Reason #1 Security and Compliance
Increased digitalization and workflow process automation mean that organizations face a proliferation of new applications. The more apps and credentials there are, the higher the risk of security threats, phishing attempts and ransomware attacks. SSO reduces these security risks and helps with regulatory compliance around authentication and data access.
Reason #2 Simplified Identity Management and Reduced Cost
SSO streamlines the onboarding, separation and management of employee credentials in an organization, which in large enterprises incurs a significant cost in terms of IT resources and potential human errors.
Reason #3 User Convenience and Usability
Remembering multiple credentials is becoming a real burden to users, and implementing SSO can save employee time resulting in increased productivity. Seamless access to applications also makes it more likely for users to readily adopt new applications and workflows.
How Is SSO Implemented?
An identity provider (IDP) is a solution that stores and manages user identities. The general SSO flow is such that a user authenticates against an identity provider, and receives a token or ticket in response. The token is then recognized by the application the user accesses, typically called a service provider (SP).
There are many authentication standards, and most identity providers support one of the popular standard authentication protocols:
#1 OpenID Connect
OpenID Connect (OIDC)
is one of the latest and most popular authentication standards. Launched in 2014, it was originally based on the design of Facebook Connect and relies on the OAuth 2.0 protocol. OpenID Connect is supported by many identity providers including Google, Microsoft and Salesforce. OpenID Connect is different from the older OpenID 1.0 and OpenID 2.0 standards which are obsolete.
Security Assertion Markup Language (SAML)
is an XML-based authentication standard with widespread support. The latest version of the specification is SAML 2.0, and it is a mature technology that was introduced in 2005. Most identity providers, including Microsoft and Google, support SAML 2.0.
is a network authentication protocol for systems within the same network. Kerberos was created by the Massachusetts Institute of Technology (MIT), and is typically supported in operating systems. Microsoft has incorporated Kerberos as the default authentication method in Windows since Windows 2000, and it is an integral component of the Windows Active Directory service.
LDAP (Lightweight Directory Access Protocol)
is a mature, open and cross platform protocol to access directory services. It is often used for authentication and storing information about users, groups and applications. Many directory servers support the LDAP protocol, including Microsoft Active Directory.
Supported SSO Standards in Joget DX
supports the most popular single sign-on (SSO) authentication standards. The dynamic plugin architecture in Joget also allows custom SSO implementations to be developed when required. The following are the SSO related Joget Marketplace plugins, tutorials and knowledge base articles:
Custom SSO Implementations
Resources to get started developing low-code apps with Joget:
Follow us for the latest news and updates: