SSO (Пользовательская версия)/en: различия между версиями

Материал из SmartPlayer
(Новая страница: «== '''Procedure''' == Outlined below is a step-by-step guide to utilizing SSO. This guideline is executable only under the condition that the client's system administrator has set up the SSO integration:<br> * ''First, the user needs to navigate to the authentication page of our SmartPlayer website'' [https://cms.smartplayer.org/#/login?lang=ru SmartPlayer] * ''Next, click on the "Login via SSO" button."'' * ''What the user sees next hinges on the SSO funct...»)
(Новая страница: «== '''Final Outcome''' == The user can interact with our features without the need to create a separate account, instead utilizing an already established account. In doing so, they avoid spending unnecessary time, creating "useless duplicates" of their email, and enhance the security of their personal data.»)
 
Строка 52: Строка 52:
* ''Now, you're free to explore and utilize the functionalities of the SmartPlayer personal cabinet.''
* ''Now, you're free to explore and utilize the functionalities of the SmartPlayer personal cabinet.''
[[File:Карта процесса SSO.png|thumb|center|SSO Access Process Map |800px]]
[[File:Карта процесса SSO.png|thumb|center|SSO Access Process Map |800px]]
<div lang="ru" dir="ltr" class="mw-content-ltr">
== '''Final Outcome''' ==
== '''Итоговый результат''' ==
The user can interact with our features without the need to create a separate account, instead utilizing an already established account. In doing so, they avoid spending unnecessary time, creating "useless duplicates" of their email, and enhance the security of their personal data.
Пользователь может работать с нашим функционалом не создавая отдельную учетную запись, а использую уже созданный аккаунт. Таким образом он избежит траты лишнего времени, создания "бесполезных дублей" своего e-mail и усилит безопасность персональных данных.
</div>

Текущая версия от 15:17, 10 августа 2023

General Information

Location and display of the "SSO" button on the main page of the site

Most companies aim to enhance and simplify interactions with their product. Every user desires software that offers a wide range of capabilities, meets all their needs, and is understandable even without specialized knowledge.

Для облегчения жизни пользователя, команда To make the user experience more convenient, the SmartPlayer team has introduced a feature called "SSO" or "Same sign-on".

This feature allows users to use their email (corporate or personal) to operate within our SmartPlayer system. This means they don't need to create a separate email to work within our system.

Before using this feature, it needs to be set up. The setup should be carried out by a system administrator from the user's side and our team.

Benefits of SSO Integration

  • Time-Saving

People often use more than one corporate application, and they need to authenticate on each service. In simpler terms, they need to enter a username and password to access their account. This process can be time-consuming. SSO is designed to streamline the user verification process for corporate applications and simplifies access to protected resources.

  • Resource Optimization

Individuals try to remember numerous passwords for various services. Corporate users can easily forget their credentials due to the sheer volume. The consequence of this is frequent password recovery or reset requests, which increase the workload on IT departments. Implementing SSO significantly reduces the number of forgotten passwords, thereby allowing resources to be allocated elsewhere, optimizing the use of support services for other tasks.

  • Enhanced Security

By reducing the number of passwords each user has, SSO facilitates user access audits and ensures robust access control to all data types. This, in turn, reduces the risk of security incidents for which passwords are created. Ultimately, this helps organizations better adhere to data security protocols.

  • Improved User Experience

SSO is used to provide end users with a straightforward and hassle-free system login. It also offers user account management and parameter settings. This approach simplifies the user's life by requiring fewer passwords, while still ensuring secure access to the application and its functionalities.

Terminology

Here are the basic terms you need to understand to get a grasp on how SSO works. They are described in a simple, understandable manner, with examples:

SSO (Same sign-on): This is a feature that allows a user to log into one application or website and automatically gain access to other applications or sites without the need to re-enter their credentials.

SAML (Security Assertion Markup Language): This is a standard language for exchanging authentication and authorization data between different systems. It allows one system to confirm your identity to another system without needing to re-enter your username and password.

ADFS: This is a service that allows companies and organizations to grant their employees access to various online resources (e.g., websites or apps) using the same credentials they use to log into their work computer.

Now let's put them in simpler examples:

SSO - Imagine having a key that unlocks the door to your house, garage, office, and mailbox. Instead of carrying a bunch of keys for each door, you have just one key that works with all locks.

SAML - Think of wanting to enter an exclusive club. You don't have a personal pass, but you're a member of another club that has a deal with this exclusive one. When you arrive, you show your badge from the first club, and the security of the exclusive club calls your original club to verify your identity. After confirmation, the security lets you in. Here, your badge acts somewhat like a SAML assertion, and the two clubs are different systems or applications.

ADFS-Every time you come to work, you have to show your pass to the security guard to get inside. This pass proves that you work for the company. Now, imagine that your company has a special agreement with several other buildings or offices, and you can show your pass at the entrance of any of them, and they'll let you in.

Additionally, it's worth reminding about the term "Authentication"- this is the procedure of verifying a user's identity by checking the data they provided, such as username and password. This process ensures that the user is indeed who they claim to be.

Operating Principle

In simple terms, SSO (Single Sign-On) is a unified login system that utilizes consistent data in the form of a username and password.
The single sign-on operates on the following principle:

  1. Our server initiates an authentication request
  2. This request is sent via a route/path defined by the SAML protocol.
  3. Upon reaching the endpoint, the request arrives at the user's ADFS server, where a response is generated.
  4. The response, carrying user data, is relayed back to our server using the SAML protocol.
  5. Using the received data, our server directs the user to the SmartPlayer personal account.
  6. Simultaneously, this user's details are recorded in the SmartPlayer database.
Visualization of the login process by SSO

Procedure

Outlined below is a step-by-step guide to utilizing SSO. This guideline is executable only under the condition that the client's system administrator has set up the SSO integration:

  • First, the user needs to navigate to the authentication page of our SmartPlayer website SmartPlayer
  • Next, click on the "Login via SSO" button."
  • What the user sees next hinges on the SSO functionality settings.
It could either be:

- A form prompting the input of personal details - username and password.
- An immediate redirection to the website's main page due to a system that saves and auto-fills data (username and password).

The following steps are specific to the first scenario where the user manually enters all the details.
  • After filling out personal information and pressing the "Login" button, you'll be redirected to the account's personal cabinet.
  • Now, you're free to explore and utilize the functionalities of the SmartPlayer personal cabinet.
SSO Access Process Map

Final Outcome

The user can interact with our features without the need to create a separate account, instead utilizing an already established account. In doing so, they avoid spending unnecessary time, creating "useless duplicates" of their email, and enhance the security of their personal data.