Single Sign-On (SSO) is a mechanism that allows users to authenticate once and then access multiple applications or services without having to sign in again.
In the context of SSO, there are certain components and configurations that need to be set up. Here are the two methods used by Kyckr:
- Sign in URL: This is the URL that users are redirected to in order to initiate the SSO process. In the case of Microsoft Azure AD, the sign-in URL might look like this: https://login.microsoftonline.com/425c0e0a-e4cd-4a0d-9438-4406edc52bc6/saml2. When users access this URL, they will be redirected to the Azure AD login page where they can authenticate their login.
- Customer-generated X509 Signing Certificate: In order to establish trust between the identity provider (IdP) and the service provider (SP), a digital certificate is required. This certificate is used to sign the SAML assertions and verify their authenticity. In the case of Microsoft Azure AD, the customer generates an X509 signing certificate specifically for the purpose of federated SSO. This certificate would have a subject name indicating that it is intended for use with Azure AD.