Vanilla Forums Documentation Registration & SSO SSO Basics

Introduction: What is SSO?

SSO, or Single Sign-On, is a user-authentication scheme that allows login credentials to be shared across multiple systems to reduce repeated log-in operations. A user can have one set of authentication credentials and personal data stored on one web property and these can be used to log in to other web properties.

In its most basic form, SSO requires:

a Service Provider (like a community) and
an Identity Provider (IDP), an application that has access to a database of user info and an authentication application.

SSO is everywhere

Most websites that require users to log in already present them an SSO option to sign in with third-party credentials. If you access any site by logging in with your Google, Facebook, or other site's credentials, then you are signing in via SSO authentication.

In the following example, users can log in to Vanilla by either:

specifying their account-specific credentials (in the blue-box section) OR
connecting via one of Vanilla's established SSO options (in the spotlight).

SSO in Vanilla

If, in the above example, you click Sign In with LinkedIn:

You are redirected to LinkedIn and prompted for your login credentials.
After your credentials are authenticated, you have to agree that LinkedIn can share your profile data with Vanilla.
After doing so, you are returned to Vanilla where you are now logged in.

📝 NOTE: The above example is for illustrative purposes. The steps for each site's SSO authentication process are unique to that site.

What just happened?

The administrators of your Vanilla community have set up a connection of trust with LinkedIn using some kind of shared secret token and other parameters, such as agreed-upon URLs. When both parties follow the proper protocol, Vanilla trusts that (upon you being directed back from LinkedIn with your user data):

the data really is coming from LinkedIn and
you are who you say you are.

SSO solutions

If you have an existing user base stored on one of your web properties, you should consider using one of our SSO solutions:

Security Assertion Markup Language (SAML): SAML SSO (cloud-only)
Open Authorization (OAuth): OAuth 2.0
JSON Web Tokens (JWT): JWT (JSON Web Token) SSO
jsConnect (our in-house solution)

To learn more about the SSO solutions in Vanilla, see:

https://success.vanillaforums.com/kb/articles/31

Social Connection addons

Vanilla has a set of dedicated "connection" addons so that you can easily configure connections to your social-media and other accounts on external sites.

These are available in the Dashboard on the (Settings > Connections > Social Media) Social Connect Addons page.
On this page you can enable/disable the connection addons and manage the settings for each addon.

To learn more about the Social Connection addons, see:

https://success.vanillaforums.com/kb/articles/360