Single Sign-On (SSO) is a method of access control of multiple related, but independent software systems. With this method a user logs in once and gains access to all systems without being prompted to log in again at each of them.
It is important to note that while SSO once implemented is incredibly easy for end users, it is very complicated for technical staff to implement and requires high levels of resources and knowledge.
CompliSpace Fundamentals supports two methods of SSO suitable to different needs and in-house skill sets available for implementation.
CompliSpace supports the SAML 2.0 protocol.
CompliSpace Technology recommends that you engage Student Net for your identity requirements.
For those using Microsoft products, ADFS provides some level of SAML support.
Integrating with CompliSpace Fundamentals using SAML 2.0 allows your directory to tell CompliSpace details about the user such as name and email address. It also has the advantage that access permissions in Fundamentals are controlled by your directory, allowing a single 'source of truth' without having to manage permissions separately inside Fundamentals.
CompliSpace Fundamentals supports a mechanism where a URL to Fundamentals can be signed by a trusted source. The signature includes the user that is to be signed in along with an expiration that can be no more than 6 hours.
This method is good when you don't want to invest in the infrastructure of identity management, but already have a small portal or web page (often an intranet) where your users have already authenticated.
Referred sign in allows your portal page to create a unique link for each user such that when they follow it to Fundamentals they will be logged in automatically.
You must have server side web programming skills and access to your portal's server side scripting to implement Referred Sign In.
You should be familiar with concepts such as HMAC, SHA and BASE64 encoding.
Method | Skills | Implementation Skill | Single Source for Users and Permissions | 3rd Party Integration | Prerequisites |
---|---|---|---|---|---|
SAML 2.0 | Able to install and configure a SAML 2.0 IdP | Experienced SAML Administrator | Yes | Yes |
|
Referred Sign In | Able to program server side web scripts | Developer with medium crypto skills | No | No |
|