Graphic Airlock Secure Acces Hub

Single sign-On (SSO) and identity federation

A gift for your users

Single Sign-On (SSO) means that the user gets access to all desired services with a single login. While SSO may look simple from the outside, it is often based on multifaceted processes. This may result from different applications with many internally or externally managed user bases or from a high heterogeneity of the supported technologies. The great advantage of the Secure Access Hub is that Airlock always has these requirements under control and leaves the user unaware of the internal complexity.

Decoupling authentication from identity propagation

Airlock ’s flexible SSO solution consistently decouples user authentication from identity propagation (see figure). The authentication technology is therefore independent of the standards with which users are represented to applications (identity propagation). It makes no difference whether a service understands OpenID Connect 1.0 or SAML 2.0, requires a Kerberos ticket or can only handle a BasicAuth header.

This consistent decoupling allows for many possible access scenarios. An authenticated user can be represented to each application in a compatible way without the need of a new login for the technology of the target application – a genuine ‘single sign-on’. Since Airlock adapts to the application, and not the other way around, rolling out a new authentication medium for legacy applications is like child's play.

Cross-domain SSO and identity federation

SSO is not limited to the internal IT infrastructure. Airlock supports cross-domain SSO with the common federation standards SAML 2.0, OAuth 2.0 and OpenID Connect 1.0. Thanks to these standards, popular cloud applications, such as Salesforce, Office 365 or Google Docs, can be seamlessly integrated into a company’s in-house SSO architecture.

A distinction is generally drawn between an identity provider and a service provider or relying party. The identity provider authenticates users and provides them with a ‘ticket’ for access to the services of the service provider. The Secure Access Hub can adopt both roles in these protocols. It is important for the role of the identity provider that various means of user authentication are available, since not every user should be authenticated in the same way for every application. With Airlock you can draw on the full range of authentication methods.

Airlock application portal

There is a lot of technology and complexity under the hood of a company-wide SSO. However, this should not affect the user. Once successfully signed in, the Airlock application portal presents users with an attractive overview of the applications available. The portal can be adapted to CI/CD templates and users enjoy direct access to self-service options that they can use to manage their user data and authentication options.

Single sign-On highlights

  • Cross-domain SSO and identity federation

  • Cloud SSO (e.g. Salesforce, Office 365, Google Docs)
  • SAML 2.0 as identity and service provider
  • OAuth 2.0 and OpenID Connect 1.0 as authorisation server and relying party

Ready for excellent IT security?

Contact us now.
Ergon Informatik AG+41 44 268 87 00

Information for you

-Our whitepaper-

IT-security solutions

Digitalisation is presenting businesses with new challenges which go far beyond information technology. This primarily relates to an aspect which is becoming increasingly important: IT security.

Read our whitepaper to find out how IT-Security will become the pioneer of degitalization.

Request free of charge

Accelerate digitisation

To stay technically viable in this digital transformation, you must increasingly switch to hybrid cloud environments. This requires new security approaches as well as coordinated identity and access management.

Find out more in our whitepaper in collaboration with Deloitte, eperi and SHE.

Request free of charge

OWASP Top 10 for API Security

OWASP has created a new Top10 list for API Security. The top 10 listed reflect a broad consensus on what the most important API security issues are at the moment.

In our whitepaper you will learn how our Airlock API addresses the OWASP Top 10.

Request free of charge