Introduction: What is SSO? - HL Vanilla Community
<main> <article class="userContent"> <p><strong>SSO</strong> is an acronym for <strong>Single Sign-On</strong>, a user-authentication scheme that allows log-in credentials to be shared across multiple systems to reduce repeated log-in operations. A user can have one set of authentication credentials and personal data stored on one web property and these can be used to log in to other web properties.</p><p>In its most basic form, SSO requires:</p><ul><li>a <strong>Service Provider</strong> (like a forum) and</li><li>an <strong>Identity Provider</strong> (<strong>IDP</strong>), an application that has access to a database of user info and an authentication application.</li></ul><h2 data-id="sso-is-everywhere!">SSO is everywhere!</h2><p>Most of today's websites that require users to log in already present them an SSO option to sign in with third-party credentials. If you access any site by logging in with your Google, Facebook, or Twitter (to name just a few) credentials, then you are signing in via SSO authentication.</p><p>In the following example, users can log in to Vanilla by either:</p><ul><li>specifying their <strong>account-specific credentials</strong> (in the blue-box section) <strong>OR</strong></li><li>connecting via one of Vanilla's established <strong>SSO options</strong> (in the spotlight).</li></ul><div class="embedExternal embedImage display-large float-none"> <div class="embedExternal-content"> <a class="embedImage-link" href="https://us.v-cdn.net/6030677/uploads/8C8LXRDZKJUV/intro-sso-example.png" rel="nofollow noreferrer noopener ugc" target="_blank"> <img class="embedImage-img" src="https://us.v-cdn.net/6030677/uploads/8C8LXRDZKJUV/intro-sso-example.png" alt="Intro-SSO example.png" height="303" width="556" loading="lazy" data-display-size="large" data-float="none"></img></a> </div> </div> <h2 data-id="sso-in-vanilla">SSO in Vanilla</h2><p>If, in the above image, you click <strong>Sign In with LinkedIn</strong>:</p><ol><li>You are redirected to LinkedIn and prompted for your log-in credentials.</li><li>After your credentials are authenticated, you have to agree that LinkedIn can share your profile data with Vanilla.</li><li>After doing so, you are returned to Vanilla where you are now logged in.</li></ol><p>📝 <strong>NOTE</strong>: The above example is for <em>illustrative purposes</em>. The steps for each SSO authentication process (Google, Twitter, etc.) are <em>unique to that process</em>.</p><h3 data-id="what-just-happened">What just happened?</h3><p>The administrators of your Vanilla community have set up a connection of trust with LinkedIn using some kind of <em>shared secret token</em> and other parameters, such as agreed-upon URLs. When both parties follow the proper protocol, Vanilla trusts that (upon you being directed back from LinkedIn with your user data):</p><ul><li>the data really is coming from LinkedIn and</li><li>you are who you say you are.</li></ul><h2 data-id="sso-solutions">SSO solutions</h2><p>If you have an existing user base stored on one of your web properties, you should consider using one of our SSO solutions:</p><ul><li><strong>Security Assertion Markup Language</strong> (<strong>SAML</strong>): <a href="https://success.vanillaforums.com/kb/articles/32-saml-sso" rel="nofollow noreferrer ugc">SAML SSO</a> (cloud-only)</li><li><strong>Open Authorization</strong> (<strong>OAuth</strong>): <a href="https://success.vanillaforums.com/kb/articles/33-oauth2" rel="nofollow noreferrer ugc">OAuth 2.0</a></li><li><strong>JSON Web Tokens</strong> (<strong>JWT</strong>): <a href="https://success.vanillaforums.com/kb/articles/98-jwt-json-web-token-sso" rel="nofollow noreferrer ugc">JWT (JSON Web Token) SSO</a></li><li><a href="https://success.vanillaforums.com/kb/articles/34-jsconnect" rel="nofollow noreferrer ugc">jsConnect</a> (our in-house solution)</li></ul><p>To learn more about the SSO solutions in Vanilla, see:</p><div class="js-embed embedResponsive" data-embedjson="{"body":"Single Sign-on (SSO) is a feature that allows log-in credentials to be shared across multiple systems to reduce repeated log-in operations. For example, users can sign in to a Higher Logic Vanilla (Vanilla) forum and, from there, access a separate system (such as Twitter) without having to log in. The username and password…","photoUrl":"https:\/\/us.v-cdn.net\/6030677\/uploads\/VWGAXAF5OFCO\/microsoftteams-image.png","url":"https:\/\/success.vanillaforums.com\/kb\/articles\/31","embedType":"link","name":"SSO Overview - Vanilla Success"}"> <a href="https://success.vanillaforums.com/kb/articles/31" rel="nofollow noreferrer ugc"> https://success.vanillaforums.com/kb/articles/31 </a> </div><h2 data-id="social-connections">Social Connections</h2><p>Vanilla has a set of dedicated "connection" addons so that you can easily configure connections to your Facebook, Twitter, Google, LinkedIn, and other accounts.</p><ul><li>These are available in the Dashboard on the (<strong>Settings > Connections > Social Media</strong>) Social Connect Addons page.</li><li>On this page you can <strong>enable/disable</strong> the connection addons and <strong>manage the settings</strong> for each addon.</li></ul><p>To learn more about the Social Connection addons, see:</p><div class="js-embed embedResponsive" data-embedjson="{"body":"Higher Logic Vanilla (Vanilla) offers several addons that you can use to connect to other accounts that you have. These Social Connect Addons are listed below and some are described in more detail in dedicated sections. Manage your Social Media Connections 1. Access the Dashboard. 2. Navigate to Settings > Connections >…","photoUrl":"https:\/\/us.v-cdn.net\/6030677\/uploads\/VWGAXAF5OFCO\/microsoftteams-image.png","url":"https:\/\/success.vanillaforums.com\/kb\/articles\/360","embedType":"link","name":"Social Media Connections - Vanilla Success"}"> <a href="https://success.vanillaforums.com/kb/articles/360" rel="nofollow noreferrer ugc"> https://success.vanillaforums.com/kb/articles/360 </a> </div><p><br></p> </article> </main>