Skip to main content

Federated SSO

Overview

Federated Single Sign-On (SSO) enables seamless access to third-party applications through trust relationships and standardized protocols for managing and mapping user identities. In this setup, the LoginRadius Identity Platform serves as an Identity Provider (IdP).

Key Features

  • Seamless Integration: Easily connect with third-party applications.
  • Comprehensive Protocol Support: Supports SAML, JWT, OAuth 2.0, and OpenID Connect.
  • Centralized Authentication: Enhances security by managing access control in a unified environment.
  • Scalability: Supports growing enterprise needs by facilitating authentication across multiple applications.

Role of LoginRadius as IdP

LoginRadius authenticates and stores customer identities, facilitating secure access to systems, applications, and file servers based on configuration.

Common Use Cases

Federated SSO is widely adopted across industries for various scenarios. Here are some key use cases:

  1. Enterprise Resource Management:
    Employees can use a single login to access internal tools like HR platforms, project management systems, and intranet portals.
  2. Customer Portals:
    It simplifies customers' access to multiple services within a business ecosystem, such as financial tools, e-commerce accounts, or utility dashboards.
  3. Third-Party Integrations:
    Enables seamless access to partner or vendor platforms (e.g., Salesforce, Freshdesk) without requiring separate credentials.
  4. Educational Institutions:
    Students, faculty, and staff can access learning management systems, libraries, and administrative services with one set of credentials.
  5. Healthcare Systems:
    Streamlines authentication for patients and providers across multiple healthcare apps, including scheduling, telehealth, and billing systems.
  6. B2B Collaborations:
    Simplifies secure access for partners and contractors to shared resources and tools within a controlled environment.

Integration Capabilities

The LoginRadius Identity Platform offers pre-configured templates for easy Federated SSO setup. These templates streamline integration and enhance the user experience by enabling one-time authentication for multiple applications.

Supported Integrations:

  • Salesforce
  • Freshdesk
  • Zendesk

For detailed integration instructions, refer to the Pre-Built Connections Document.

Supported Federated SSO Protocols

For businesses requiring integration with an Identity provider not listed in the default options, LoginRadius supports the following configurations

1. SAML (Security Assertion Markup Language)

SAML is an open standard that enables secure authentication and authorization data exchange between an Identity Provider (IdP) and a Service Provider (SP). It is widely used for single sign-on across web-based applications and enterprise environments.

  • Support: SAML 1.1 and SAML 2.0.
  • Flows: Offers both IDP-initiated and SP-initiated.
  • Customization: Assertions, keys, and endpoints are fully configurable via the Admin Console.

2. JWT (JSON Web Token)

JWT is a compact, URL-safe token format that securely transmits information between parties. It is often used for authentication and authorization in web and API-based applications.

  • Generates encrypted, JSON-formatted tokens.
  • Customizable encryption methods to suit Service Provider requirements.

3. OAuth 2.0

OAuth 2.0 is an authorization framework that enables secure, delegated access to resources without exposing user credentials. It is widely used in API authentication and third-party application access scenarios.

  • Operates as an OAuth 2.0 Identity Provider or delegates authentication to another IDP.
  • Fully configurable via the Admin Console.

4. OpenID Connect

OpenID Connect (OIDC) is an identity layer built on top of OAuth 2.0 that enables secure authentication and user identity verification. It provides a simple, standardized way to authenticate users across different platforms and services.

  • Facilitates integration of OpenID clients with LoginRadius APIs using OpenID Connect standards.