Single Sign-On (SSO) for Portal
SSO is an authentication service that allows a user to use single login to access multiple applications. SSO uses Security Assertion Markup language (SAML) for exchanging authentication between the applications.
Security Assertion Markup Language (SAML) is an open-standard for exchanging authentication and authorization data between two parties ie., Service Provider (SP) and Indentity Provider (IdP).
Service Provider agrees to trust the Identity Provider for authenticating the user. Identity Provider generates authenticating assertion for the user and communicate that with Service Provider.
The most important use case that SAML addresses is web browsers single sign-on (SSO). Single sign-on can be established between different domains.
How SSO works?
SSO involves three parties
- Service Provider (Ex: Zoho)
- Identity Provider (Ex: OneLogin, Google etc.,)
Let’s look at the SSO workflow,
- User requests a service from the Service Provider.
- Service Provider requests authentication assertion from the Identity Provider.
- Based on the assertion, Service Provider makes decision to the user’s request.
To whom does this fit?
Merchants who maintain user accounts on his end and still require Zoho Subscriptions’ customer portal for billing.
Let us consider, a merchant has an online book store (say, www.zylker.com). He maintains user accounts on his end. The user has to login to www.zylker.com to make a purchase. To ease the work, the merchant decides to use Zoho Subscriptions’ customer portal for billing and payments. I.e., to make payment, update credit card and verify past transactions.
- www.zylker.com is to maintain his account and checkout
- www.subscriptions.zoho.com/portal/zylker is for billing and payments.
But wait, should the user login to both the accounts?
That’s right. User needs to login both the servers. (Annoying, huh?)
Thus, the merchant's requirement is, 1. Customer will be using both the accounts. 2. Customer who logs in to www.zylker.com, will be automatically logged in to www.subscriptions.zoho.com/portal/zylker (Zoho Subscriptions' Portal)
Well, enabling SSO between two systems can do that.
How to enable SSO for my Zoho Subscriptions portal ?
I. Decide your IdP : Identity Provider is the one who authenticates and authorizes user to perform an action. It can be,
- Third party vendor (Ex: Google, OneLogin)
- Your own application
II. Just write to firstname.lastname@example.org with the following information
- Login URL
- Logout URL
- Password reset URL
- X.509 certificate
- Encryption algorithm (Ex: RSA, SHA1)
and sit back, we will enable SSO for your account.