update Single Sign On


Single Sign On (SSO) simplifies identity and access management where users need only to log in once to access different application systems. EnOS SSO service is used to solve identify authentication issues between the EnOS system and different business applications, where users can use one login to access different applications.

Basic Concepts

  • Identification Provider (IdP): A service that creates, maintains, and manages user identities, such as identity verification, for example:

    • EnOS Identity Authentication Service

    • Microsoft Azure Active Directory

    • Microsoft Active Directory Federation Services

  • Client: Business service providers that use SSO applications or services.

Supported Protocols

SSO currently enables clients to connect through OpenID Connect1.0 and SAML2.0 protocols.

Applicable Scenarios

Depending on the IdP, the SSO service provided by EnOS is suitable for two types of application scenarios.

  • Enterprise-owned IdPs: EnOS can connect to enterprise-owned IdPs and log in to the Application Portal with an enterprise account.

  • EnOS as the IdP: An application owned by an enterprise uses the EnOS account to log in to and access applications that are owned by other enterprises through the EnOS SSO service.

Scenario 1: Enterprise-owned IdPs

EnOS Application Portal connects to the enterprise-owned IdPs such as Azure AD and ADFS through the EnOS SSO, achieving single sign on between EnOS Application Portal and the enterprise’s applications.

../../_images/sso_senario_1.png

Scenario 2: EnOS as the IdP

Identity authentication for EnOS Application Portal and EnOS Management Console can be configured through the EnOS SSO, after which the EnOS accounts can be used to log in to access different applications.

../../_images/sso_senario_2.png