Overview

LoginRadius SSO encompasses two features that allow you to streamline and unify your userbase across all of your properties. Please see below for details as to what each section offers.

Web & Mobile SSO

Web SSO

Web Single Sign-On also referred to as LoginRadius SSO is a method of Browser-Based Session Management which utilizes browser storage mechanisms (sessionStorage, localStorage, Cookies) in order to maintain the user's session across your properties. This storage is stored on a centralized LoginRadius managed domain and can be accessed via our provided JavaScript Single Sign-On APIs or directly via a JSONP call. This session is seamlessly integrated into our standard Customer Identity and Access Managment scripts.

Mobile Single Sign-On

Mobile SSO allows you to unify a users session across multiple apps that are serviced by a single LoginRadius account. This works by storing the LoginRadius access token in a shared session, either shared preferences in Android or keychain in iOS which allows you to identify a currently active session and access the current sessions user data to initialize your user account in each linked app.

• iOS SSO Document
• Android SSO Document

Federated SSO

Leverage external identity data held by partners using industry-standard Single Sign-On (SSO) protocols allowing your customers to gain access to your web properties without authentication barriers. LoginRadius acts as both Identity Provider and Service Provider. LoginRadius supports all of the major industry SSO protocols.

LoginRadius acts as an IdP which stores and authenticates the identities end-users use to log in to customer systems, applications, files servers, and more depending upon the configuration. Below is the flow diagrams showing the role of LoginRadius as an Identity provider:

LoginRadius acts as a service provider that provides services to the end-user. LoginRadius does not authenticate users but instead requests authentication from a third-party identity provider. LoginRadius depends upon the identity providers to verify the identity of a user, and if needed then verify certain attributes about the user that are managed by the identity provider. Please see Custom Identity Provider Overview for more information. Below is the flow diagrams showing the role of LoginRadius as a service provider:

SAML

LoginRadius supports both SAML 1.1 and SAML 2.0 flows to support LoginRadius acting as either an Identity Provider (IDP) or as a Service Provider (SP). LoginRadius supports both IDP initiated and SP-initiated SAML flows. The LoginRadius Admin Console allows for full self-service of your SAML configurations, allowing you to customize the assertions, keys, and endpoints to match any SAML provider requirements.

• SAML Specs Document
• LoginRadius SAML Docs

JWT

JSON Web Token or JWT is a commonly used Single Sign-On protocol which is used widely in B2C apps and is covered in RFC 7519. This protocol allows you to generate a JSON formatted, encrypted token. In LoginRadius, this can be generated either via API or be requested directly through the Login and Social Login interface responses. This token is then passed to the Third-Party Service Provider and consumed. The data that would be extracted can be mapped on the LoginRadius Admin Console, you can also customize the encryption method of the token based on the requirements of the Service Provider that would be consuming the token.

• JWT RFC 7519
• LoginRadius JWT Document

OAuth

OAuth 2.0 is an authorization framework that allows you to delegate your authentication process to a Third-Party service in order to obtain data access based on a set of requested scopes. LoginRadius can function as either an OAuth 2.0 Identity Provider or as a Service Provider that delegates the authentication process to an IDP that supports the OAuth Framework. The OAuth 2.0 specs are covered in RFC 6749. These specs cover the various requirements and standardized process that OAuth encompasses. From authorizing the SP that is requesting the authentication, to requesting authorization from the end user, to generate the access token which is used to request the scoped data from the IDP after the authentication has been completed.

• OAuth 2.0 RFC 6749
• LoginRadius OAuth Documentation

OpenID Connect

OpenID Connect or (OIDC) is an authentication layer on top of the OAuth 2.0 framework that is standardized by the OpenID Foundation. LoginRadius provides a way to integrate your OpenID Connect client with our APIs by following the standards specified in the OpenID Connect specs. These specs cover the various requirements and standardized process that OpenID Connect encompasses.

• OpenID Connect specs
• LoginRadius OpenID Connect Documentation

Custom Identity Providers

If you're looking to add an Identity Provider that's not already listed in the LoginRadius Admin Console, The Custom Identity Providers section contains documentation on setting up custom providers along with specific details on configuring some of the more popular ones.