Configuring and maintaining access to multiple applications for internal users can quickly become complicated.
Facilitating access to our applications while respecting security rules is essential at OpenAirlines.
That’s why all the applications of our platform can be accessed through Single Sign-On (SSO).
What is it exactly, and what are the benefits? We will explain everything to you!
What is Single Sign-On?
Single Sign-On (SSO) is a method that allows a user to access several services (often web applications) through a single authentication. For example, at OpenAirlines, we use this process to enable our customers to access SkyBreathe® using their internal credentials.
A few industry standards define SSO, but the two main ones are SAML and OpenID connect.
- SAML is based on XML message exchange. It is older and more mature than OpenID connect (SAML 2.0 became a standard in 2005) but is also more verbose and less easy to set up and use. It is widely supported, even by older systems.
- OpenID connect is a newer standard based on OAuth2.0 that relies on JSON Web Token (JWT) exchanges. Although it lacks some features of SAML, OpenID connect is more flexible and, overall, more adapted to basic web and mobile authentication.
How does SSO work at OpenAirlines?
At OpenAirlines, we can use any of the standards previously presented, although we mostly use SAML to implement SSO simply because our customers use it more often.
We rely on an Identity and Access Management System (IAM) platform to handle most of our security configuration.
This solution allows us to handle role mapping between our customers and SkyBreathe® much more dynamically.
Here is a high-level diagram of what happens when a user successfully logs into SkyBreathe®:
On top of the usual benefits (such as not having to remember yet another password), SSO brings a lot of flexibility to our customers because they can adjust their permissions autonomously without requiring any action from us.
Benefits of Single Sign-On
- It simplifies User Account Deployment. A unified access management system takes advantage of a central directory to provision, de-provision, and manage users’ roles.
- It increases usability for employees and IT productivity. Remembering only one password doesn’t require IT assistance as often, and it reduces password fatigue for end-users.
- It increases software adoption rate. The employee only needs to use their everyday credentials to access new solutions from the web, their mobile, or through the internal app portal.
- It mitigates security risks. It can be combined with multi-factor authentication (MFA) and any strong password rules adopted by end-users IT service.
- It improves security capabilities. A lot of well-established secured protocols are available with SSO (SAML, JWT, OpenID Connect, OAuth).
The benefits of SSO are numerous. That’s why small companies to large enterprises might consider SSO a must-have, and a majority of our customers have decided to connect our products through SSO. With the adoption of SSO, it has become much easier to support customer IT teams to set up user authentication and access our tools.
References
https://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html
LEARN MORE
Want to learn about fuel efficiency?
Discover our article "Implement an eco-flying solution: what are the roadblocks and how to deal with them?"
FOLLOW US
