SSO

From Joomla! Documentation

This page contains changes which are not marked for translation.


This document will guide you through the steps to configure SSO for your Joomla sites. Configuring Single Sign-On(SSO) will allow your users to log in to your Joomla website using External Identity Provider Credentials and vice versa.


Why Single Sign On[edit]

Single Sign-On is a technique of authentication that allows users to securely authenticate with numerous apps and websites using a single set of credentials(such as username and password). This eliminates the need for the user to log in and out of each application independently. Single Sign-On (SSO) solves the problem of having to remember the credentials for each application separately by simplifying the procedure of signing in without having to re-enter the password.

Other benefits of SSO include enforcing a better password policy, stronger passwords, easier user management, no need to remember multiple passwords, etc. If you want, you can also add Multi-Factor Authentication to further increase security.

Click here to learn more about SSO and the implementation of SSO on your website.

You can implement SSO to your Joomla site using multiple protocols like SAML, SAML SP, SAML IDP, OpenID ( OIDC ), LDAP, OAuth etc., If you want to implement SSO in your Joomla site, go to the browser and open extensions.joomla.org and search for extensions using keywords like SAML, LDAP, etc

What is SAML?[edit]

SAML stands for Security Assertion Markup Language. It is an open-standard XML-based protocol for exchanging identity data between two parties: an identity provider (IdP) and a service provider (SP).

What is SAML Identity Provider SSO (IDP) ?

An Identity Provider is a system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying on applications within a federation or distributed network.

Click here to know more.

What is SAML Service Provider SSO (SP) ?

A SAML Service Provider (SP) is a system entity that receives and accepts authentication assertions in conjunction with a Single Sign-On (SSO) profile of the Security Assertion Markup Language (SAML). It trusts the identity provider and authorizes the given user to access the requested resource.

Click here to know more.


What is IDP Initiated SSO?[edit]

The login request is initiated by the Identity Provider in IdP Initiated SSO - Single Sign-On. The end-user initially authenticates with IDP by logging in. Through the end-user dashboard, the end-user will be led to their application account.

Click here to see the workflow of IDP Initiated SSO !!!!


What is SP Initiated SSO?[edit]

The login request is initiated by the Service Provider in SP Initiated SSO. An Enduser attempts to access their account by logging in to the application, which redirects to your IdP. You will be logged in to your application after you have authenticated with IDP.

Click here to see the workflow of SP Initiated SSO !!!!

What is OAuth?[edit]

OAuth is an open-standard authorization protocol or framework that explains how unaffiliated servers and services can provide authorized access to their websites/apps/devices without exchanging credentials. Know more


What is OpenID Connect?[edit]

OpenID Connect 1.0 is a straightforward identity layer built on top of the OAuth 2.0 protocol. It enables Clients to validate the End-User's identity based on authentication conducted by an Authorization Server, as well as acquire basic profile information about the End-User in an interoperable and REST-like way.

Click here to know more about Oauth and OpenID connect.


What is LDAP?[edit]

LDAP (Lightweight Directory Access Protocol) is an open and cross-platform protocol for directory service authentication. LDAP has been the communication language that applications use to communicate with other directory services servers.

Click here to know more about LDAP !!!!


Customization[edit]

Click here to customize your extension as per your requirements