SSO (Custom version)
General Information
Most companies aim to enhance and simplify interactions with their product. Every user desires software that offers a wide range of capabilities, meets all their needs, and is understandable even without specialized knowledge.
Для облегчения жизни пользователя, команда To make the user experience more convenient, the SmartPlayer team has introduced a feature called "SSO" or "Same sign-on".
This feature allows users to use their email (corporate or personal) to operate within our SmartPlayer system. This means they don't need to create a separate email to work within our system.
Benefits of SSO Integration
- Time-Saving
People often use more than one corporate application, and they need to authenticate on each service. In simpler terms, they need to enter a username and password to access their account. This process can be time-consuming. SSO is designed to streamline the user verification process for corporate applications and simplifies access to protected resources.
- Resource Optimization
Individuals try to remember numerous passwords for various services. Corporate users can easily forget their credentials due to the sheer volume. The consequence of this is frequent password recovery or reset requests, which increase the workload on IT departments. Implementing SSO significantly reduces the number of forgotten passwords, thereby allowing resources to be allocated elsewhere, optimizing the use of support services for other tasks.
- Enhanced Security
By reducing the number of passwords each user has, SSO facilitates user access audits and ensures robust access control to all data types. This, in turn, reduces the risk of security incidents for which passwords are created. Ultimately, this helps organizations better adhere to data security protocols.
- Improved User Experience
SSO is used to provide end users with a straightforward and hassle-free system login. It also offers user account management and parameter settings. This approach simplifies the user's life by requiring fewer passwords, while still ensuring secure access to the application and its functionalities.
Terminology
Here are the basic terms you need to understand to get a grasp on how SSO works. They are described in a simple, understandable manner, with examples:
SSO (Same sign-on): This is a feature that allows a user to log into one application or website and automatically gain access to other applications or sites without the need to re-enter their credentials.
SAML (Security Assertion Markup Language): This is a standard language for exchanging authentication and authorization data between different systems. It allows one system to confirm your identity to another system without needing to re-enter your username and password.
ADFS: This is a service that allows companies and organizations to grant their employees access to various online resources (e.g., websites or apps) using the same credentials they use to log into their work computer.
Now let's put them in simpler examples:
SSO - Imagine having a key that unlocks the door to your house, garage, office, and mailbox. Instead of carrying a bunch of keys for each door, you have just one key that works with all locks.
SAML - Think of wanting to enter an exclusive club. You don't have a personal pass, but you're a member of another club that has a deal with this exclusive one. When you arrive, you show your badge from the first club, and the security of the exclusive club calls your original club to verify your identity. After confirmation, the security lets you in. Here, your badge acts somewhat like a SAML assertion, and the two clubs are different systems or applications.
ADFS-Every time you come to work, you have to show your pass to the security guard to get inside. This pass proves that you work for the company. Now, imagine that your company has a special agreement with several other buildings or offices, and you can show your pass at the entrance of any of them, and they'll let you in.
Additionally, it's worth reminding about the term "Authentication"- this is the procedure of verifying a user's identity by checking the data they provided, such as username and password. This process ensures that the user is indeed who they claim to be.
Operating Principle
In simple terms, SSO (Single Sign-On) is a unified login system that utilizes consistent data in the form of a username and password.
The single sign-on operates on the following principle:
- Our server initiates an authentication request
- This request is sent via a route/path defined by the SAML protocol.
- Upon reaching the endpoint, the request arrives at the user's ADFS server, where a response is generated.
- The response, carrying user data, is relayed back to our server using the SAML protocol.
- Using the received data, our server directs the user to the SmartPlayer personal account.
- Simultaneously, this user's details are recorded in the SmartPlayer database.
Порядок действий
Ниже будет описаны пошаговые действия для использования SSO. Эта инструкция будет выполнима, только при условии что системный администратор со стороны клиента настроил интеграцию по SSO:
- Первоначально пользователю необходимо попасть на страницу аутентификации нашего сайта SmartPlayer
- Далее необходимо кликнуть по кнопке "Войти по SSO"
- Следующее что увидит пользователь - зависит от настроек функционала SSO.
- либо форма с заполнением персональных - логина и пароля
- либо вас сразу отправит на главную страницу сайта из-за системы сохранения и автозаполнения данных (логина и пароля).
- После заполнения персональных данных и нажатия кнопки "Вход" вас перенаправит в личный кабинет аккаунта.
- Вы можете пользоваться функционалом личного кабинета SmartPlayer
Итоговый результат
Пользователь может работать с нашим функционалом не создавая отдельную учетную запись, а использую уже созданный аккаунт. Таким образом он избежит траты лишнего времени, создания "бесполезных дублей" своего e-mail и усилит безопасность персональных данных.
