Single Sign-On (SSO) is a powerful authentication solution that enables users to access multiple applications with a single login. It eliminates the need for users to remember multiple passwords while improving security and efficiency. Leading SSO solutions, such as My1Login, ensure that users experience a seamless authentication process, without any manual login steps. Instead, authentication happens automatically when they attempt to access an application. However, behind the scenes, SSO involves a series of interactions between identity providers, applications and authentication protocols. In this article, we’ll explore how SSO works from both an administrative and user perspective.
How SSO Works for Users
For users, a well-designed SSO system is completely seamless. They should not have to manually authenticate with an SSO provider or enter credentials multiple times. Instead, once logged into their corporate directory (e.g., Microsoft Entra ID or Active Directory), users gain automatic access to all authorised applications.
What Users See
- Log in Once – Users sign in to their corporate system as usual at the start of the workday.
- Access Apps Instantly – When they open an application, access is granted automatically without needing to enter a password.
- No Extra Steps – There are no repeated login prompts or additional authentication screens for approved apps.
- Seamless Experience – Everything happens in the background, allowing users to focus on their work without thinking about authentication.
What happens in the background
- User Requests Access – The user tries to open an application, such as a web portal or cloud-based service.
- Automatic Authentication Check – The application detects that authentication is required and redirects the request to My1Login’s SSO platform.
- SSO Validation – If the user is already authenticated with My1Login (via the corporate directory), My1Login generates a secure token containing their identity and permissions.
- Token Exchange – The token, or credentials where required, are sent back to the requesting application.
- Access Granted – The application verifies the token’s authenticity and grants the user access without requiring any credentials.
The entire process occurs within seconds, making authentication effortless while maintaining strong security.
How SSO Works for Administrators
While the user experience is frictionless, setting up and managing an SSO system requires administrative configuration. My1Login’s SSO solution integrates with identity providers (e.g., Microsoft Entra ID, Active Directory) and supports authentication via identity protocols (SAML, OIDC) or stored credentials (usernames and passwords).
1. Initial Authentication Setup
- Administrators need to configure SSO integration with their organisation’s identity provider. This process involves:
- Connecting My1Login to the corporate directory.
- Configuring authentication protocols (SAML/OIDC) or enabling credential-based authentication for legacy applications.
- Defining user roles, permissions, and access policies.
2. Authentication Flow
When an application requires authentication, the following steps take place:
- Identity Protocol Authentication (SAML/OIDC): For modern cloud applications using SAML or OIDC, the process follows these steps:
- User is Redirected to My1Login – When the application detects that authentication is required, it sends the user to My1Login’s authentication service.
- Token Generation – My1Login verifies the user's identity and creates a secure authentication token.
- Token Exchange – The generated token is sent back to the application, confirming authentication.
- Application Grants Access – The application verifies the token and allows access without requiring credentials.
- Credential-Based Authentication: For applications that require username/password authentication, My1Login handles authentication by:
- Secure Credential Storage – User credentials are encrypted using zero-knowledge encryption, ensuring that even My1Login cannot access them.
- Automated Login Process – When a user requests access, My1Login automatically inputs the stored credentials and signs the user in.
- OTP Automation (if required) – My1Login can also automate One-Time Passcodes (OTPs), streamlining authentication for multi-factor login requirements.
3. Policy Enforcement & Security
Administrators can define policies to strengthen security, including:
- Role-Based Access Control (RBAC) – Ensuring users only access applications relevant to their job role.
- Multi-Factor Authentication (MFA) Enforcement – Adding an extra layer of step-up or MFA authentication security where required for more sensitive or critical applications
- Session Timeout & Access Restrictions – Preventing unauthorised access by limiting session durations and setting IP-based restrictions.
4. Application Discovery & Integration
My1Login enables administrators to:
- Discover and integrate Shadow IT applications, bringing them into the SSO environment.
- Simplify application onboarding by auto-detecting credentials and streamlining access control.
For users, SSO ensures a frictionless experience, allowing them to access their applications without needing to log in repeatedly. From an administrative perspective, My1Login’s SSO solution integrates with corporate directories and uses identity protocols or credential-based authentication to enable secure, seamless access. With features like zero-knowledge encryption, policy enforcement, and automated OTP handling, My1Login provides a robust and secure SSO experience that enhances both security and efficiency for organisations.
