By using only one username and one password, the user can log in to all systems and applications to which he or she has legitimate access to.
Why Single Sign-On?
Single Sign-On aims to eliminate some of the disadvantages of using passwords. Firstly, users often find it frustrating to remember the username and corresponding password for each application or system. It also takes time to enter a separate username and password every time.
Yuki and SSO
Yuki supports several variants of Single Sign-On. Here we indicate which variants are currently supported and provide a brief explanation of the Single Sign-On principle. Currently, Yuki supports Pinkweb and BDO. You can change the login method yourself by using OpenID or GMail.
Broadly speaking, there are two types of Single Sign-On (SSO) solutions, which will be briefly explained below: both solutions allow users to log in to multiple applications and systems using a single username and password combination.. The difference between the two solutions mainly lies in the number of usernames and passwords that are actually used for authentication. With the pseudo-SSO solution, all separate combinations remain, while with a true-SSO solution only a username and password combination is used. Therefore, the latter is a true SSO solution.
Pseudo-SSO solutions offer the possibility of centrally storing all the user's different usernames and passwords. By using a standalone software component, the user can log in to different applications and systems to which he or she has legitimate access to with just one username and password. The fact is that a separate username and password is still required for each application or system the user wants to access.
In the case of a true-SSO solution, the user actually has only one identity in the form of a username and password for authentication. When the user logs in, a separate software component (the Authentication Service Provider) grants or denies access to all systems and applications to which the user has legitimate access.
Yuki believes that a Single Sign-On solution should be safe and reliable for the end user. Therefore, all data sent during the Single Sign-On process should be sufficiently encrypted (SSL 128-bit encryption).
Authentication: the process of verifying a user's identity. In practice, this is often done by checking login credentials such as username and password. Based on this process, access is granted or denied.
(End)user: the person using the service..
Third party: the end user uses the Yuki service through this party.
Software Component: a software programme that is used to to realise the Single Sign-On.
Token: set of unique digits or characters used for authentication.