SSO, or Single Sign-On, is a user-authentication scheme that allows login credentials to be shared across multiple systems to reduce repeated log-in operations. A user can have one set of authentication credentials and personal data stored on one web property and these can be used to log in to other web properties.
In its most basic form, SSO requires:
- a Service Provider (like a community) and
- an Identity Provider (IDP), an application that has access to a database of user info and an authentication application.
SSO is everywhere
Most modern websites that require users to log in already present them an SSO option to sign in with third-party credentials. If you access any site by logging in with your Google, Facebook, or Twitter (to name just a few) credentials, then you are signing in via SSO authentication.
In the following example, users can log in to Vanilla by either:
- specifying their account-specific credentials (in the blue-box section) OR
- connecting via one of Vanilla's established SSO options (in the spotlight).
SSO in Vanilla
If, in the above image, you click Sign In with LinkedIn:
- You are redirected to LinkedIn and prompted for your login credentials.
- After your credentials are authenticated, you have to agree that LinkedIn can share your profile data with Vanilla.
- After doing so, you are returned to Vanilla where you are now logged in.
📝 NOTE: The above example is for illustrative purposes. The steps for each SSO authentication process (Google, Twitter, etc.) are unique to that process.
What just happened?
The administrators of your Vanilla community have set up a connection of trust with LinkedIn using some kind of shared secret token and other parameters, such as agreed-upon URLs. When both parties follow the proper protocol, Vanilla trusts that (upon you being directed back from LinkedIn with your user data):
- the data really is coming from LinkedIn and
- you are who you say you are.
If you have an existing user base stored on one of your web properties, you should consider using one of our SSO solutions:
To learn more about the SSO solutions in Vanilla, see:
Vanilla has a set of dedicated "connection" addons so that you can easily configure connections to your Facebook, Twitter, Google, LinkedIn, and other accounts.
- These are available in the Dashboard on the (Settings > Connections > Social Media) Social Connect Addons page.
- On this page you can enable/disable the connection addons and manage the settings for each addon.
To learn more about the Social Connection addons, see: