TABLE OF CONTENTS
- Explanation of term
- Configuration
- System behavior
- How our customers use this
- More articles on this topic
Explanation of term
Single Sign-on ("SSO") is an authentication method where users only need credentials for one system. Users are then automatically logged in to all other connected systems and do not need to enter a username and password when logging in.
Advantages
- Users cannot log into d.vinci from unauthorized computers, which increases security.
Mobile work is possible via VPN. - Users cannot lose their d.vinci login credentials or share them with third parties.
- Users cannot lock themselves out of d.vinci due to incorrect password entry and do not need to ask administrators to reset the password.
SAML
We use SAML 2.0 to enable the use of Single Sign-on. SAML (Security Assertion Markup Language) is an XML framework for exchanging authentication and authorization information and was developed as an open standard.
Identity-Provider and Service-Provider
At the core of a Single Sign-on network is an application for managing identities, the so-called Identity Provider (IdP). The Identity Provider is used to link applications that should benefit from the single sign-on feature. Such applications are called Service Providers.
Configuration
Requirements
In this context, our software acts as a Service Provider and offers a connection to an Identity Provider.
- A third-party software is required as the Identity Provider.
- The Identity Provider must support SAML 2.0.
- Examples of Identity Providers successfully used by d.vinci customers include onelogin, Microsoft Active Directory Federation Services (AD FS), and the open-source solution Shibboleth.
Configuration examples
How to set up Single Sign-on depends on the Identity Provider used in your company. The setup is usually done by your IT department.
System behavior
- User login
Logging into d.vinci with Single Sign-on is simple: users open d.vinci in their browser and click the Single Sign-on button. Since they are already logged in on their work computer, d.vinci opens immediately. - Logging out of d.vinci
If users want to log out, they can do so as usual via the Logout button in their user menu.
How our customers use this
To avoid password loss, login errors, and similar issues, almost all customers who generally have the option of Single Sign-on in their company use it for d.vinci as well.