Graphic Airlock Secure Acces Hub

Single sign-On (SSO) and identity federation

A gift for your users

Single Sign-On (SSO) means that the user gets access to all desired services with a single login. While SSO may look simple from the outside, it is often based on multifaceted processes. This may result from different applications with many internally or externally managed user bases or from a high heterogeneity of the supported technologies. The great advantage of the Secure Access Hub is that Airlock always has these requirements under control and leaves the user unaware of the internal complexity.

Decoupling authentication from identity propagation

Airlock ’s flexible SSO solution consistently decouples user authentication from identity propagation (see figure). The authentication technology is therefore independent of the standards with which users are represented to applications (identity propagation). It makes no difference whether a service understands OpenID Connect 1.0 or SAML 2.0, requires a Kerberos ticket or can only handle a BasicAuth header.

This consistent decoupling allows for many possible access scenarios. An authenticated user can be represented to each application in a compatible way without the need of a new login for the technology of the target application – a genuine ‘single sign-on’. Since Airlock adapts to the application, and not the other way around, rolling out a new authentication medium for legacy applications is like child's play.

Cross-domain SSO and identity federation

SSO is not limited to the internal IT infrastructure. Airlock supports cross-domain SSO with the common federation standards SAML 2.0, OAuth 2.0 and OpenID Connect 1.0. Thanks to these standards, popular cloud applications, such as Salesforce, Office 365 or Google Docs, can be seamlessly integrated into a company’s in-house SSO architecture.

A distinction is generally drawn between an identity provider and a service provider or relying party. The identity provider authenticates users and provides them with a ‘ticket’ for access to the services of the service provider. The Secure Access Hub can adopt both roles in these protocols. It is important for the role of the identity provider that various means of user authentication are available, since not every user should be authenticated in the same way for every application. With Airlock you can draw on the full range of authentication methods.

Airlock application portal

There is a lot of technology and complexity under the hood of a company-wide SSO. However, this should not affect the user. Once successfully signed in, the Airlock application portal presents users with an attractive overview of the applications available. The portal can be adapted to CI/CD templates and users enjoy direct access to self-service options that they can use to manage their user data and authentication options.

Single sign-On highlights

  • Cross-domain SSO and identity federation
     

  • Cloud SSO (e.g. Salesforce, Office 365, Google Docs)
     
  • SAML 2.0 as identity and service provider
     
  • OAuth 2.0 and OpenID Connect 1.0 as authorisation server and relying party
     

Ready for excellent IT security?

Contact us now.
Ergon Informatik AG+41 44 268 87 00

Your Feedback

Your feedback concerns*


If you like, please leave us your contact details so that we can come back to you if necessary.