Single Sign On (SSO)

What is Single Sign On (SSO)? How does it work in Salesforce?

Single Sign On by the name it is could be easily understood that single credentials to access multiple applications. It is a session service plus an authentication service which gives user to use single login credentials(example - username and password) to enter multiple web  applications. There are two terms that are mostly used in SSO first is Identity Provider and second Service Provider :-

Identity Provider - It is abbreviated as IdP, It provides authentication as a service to a user. It manages and maintains Identity information while providing authentication services to different applications within a distributed network.Service Provider - It is abbreviated as SP, It is basically a website which host the web application.

In this Single sign on scenario user already logged in to IdP and through IdP he or she access the secure service provider(SP) resource. You can make Salesforce as IdP and through it user can get to multiple web resource.

There are basically two protocols for achieving SSO(Single Sign On) in salesforce :-

SAML 2.0(Security Assertion Markup Language) - It is XML-based protocol for performing SSO into salesforce from an Identity Provider. You can also transfer user data between IdP and SP using this protocol.OAuth 2.0 - This specification means a delegation protocol that is useful for transferring authorization decisions throughout a network of web-enabled applications and APIs.

Popular Salesforce Blogs