Specops Single Sign-On
Specops Single Sign-On (SSO) allows users to securely access their organization’s applications by using Specops Authentication as the identity provider, authenticating with their existing Active Directory (AD) credentials.
When SSO has been enabled for a customer's application, users are redirected to Specops Authentication during sign-in, where their identity is verified. After successful authentication, they are redirected back to the application and automatically granted access without requiring separate credentials.
Authentication Protocols
Specops Single Sign-On supports the following industry-standard authentication protocols:
-
OpenID Connect (OIDC), an authentication protocol built on OAuth 2.0 that enables secure sign-in using token-based authentication. Specops Authentication acts as the identity provider, verifying the user’s identity and issuing an ID token that the application uses to grant access.
-
Security Assertion Markup Language (SAML), an authentication standard used to exchange identity information between an identity provider and a service provider. Specops Authentication verifies the user’s identity and sends a signed SAML assertion to the application, which the application uses to confirm the user’s identity and grant access.
Enable Single Sign-On
To enable Single Sign-On (SSO) authentication, you must create an SSO application in Specops Authentication. You can use a Predefined application template with recommended settings and protocol-specific defaults for commonly used services, or create a Custom application to configure SSO for standards-compliant services that support OpenID Connect or SAML.
Choose Custom application when no predefined template is available or when advanced configuration is required, such as custom claims or attribute mappings.
To create an SSO application, follow the instructions in: