TABLE OF CONTENTS
- Explanation of terms
- Configuration
- Behavior in the system
- How our customers use this
- More articles on this topic
Explanation of terms
Single sign on is a login process in which users only need credentials for one system. Users will then be automatically logged in to all other linked systems as well and will not need to enter username and password when logging in.
SAML
We use SAML 2.0. to enable the use of single sign on. SAML (Security Assertion Markup Language) is an XML framework for exchanging authentication and authorization information, and has been developed as an open standard.
Identity-Provider and Service-Provider
At the center of a single sign on network is an application for managing identities, called an Identity Provider (IdP). The identity provider is used to link applications that are to benefit from single sign on. Such applications are called service providers.
Configuration
Prerequisites for the d.vinci Applicant Management
In this context, d.vinci applicant management is a service provider and offers a connection option for the identity provider.
- A third-party software is required as the identity provider.
- The identity provider must support SAML 2.0
- Successfully used by d.vinci customers are e.g. onelogin, the Microsoft Active Directory Federation Services (AD FS), or also the open source solution Shibboleth.
Setup
How you can set up single sign on differs according to the identity provider you use in your company. The setup usually has to be done by your IT department.
Some examples
- Setting up single sign on (using "Azure Active Directory" as an example)
- Setting up single sign on (using "ADFS" as an example)
Behavior in the system
Logging into d.vinci with single sign on is simple: users call up d.vinci in the browser and press the Single Sign on button. Since they are already logged in to the work computer, d.vinci opens directly.
Advantages
- Users cannot log into d.vinci from foreign computers, which increases security.
Per VPN, mobile working is also possible. - Users cannot lose or pass on the access data to d.vinci to third parties.
- Users cannot lock themselves out of d.vinci by entering the wrong password and therefore do not need to ask administrators to reset the password.
How our customers use this
To avoid password loss, incorrect logins and the like, almost all customers who generally have the option of single sign on in the company also use this for d.vinci.