Concept Guides

Single Sign-On

Single Sign-On (SSO) enables users to access multiple applications and platforms available within an ecosystem or a federation through a single authentication event at the Raidiam Connect platform.



Raidiam Connect enables Trust Framework Administrators and Organisations to set up Single Sign-On to allow the Users to authenticate using their Connect accounts and access multiple applications and platforms present within an ecosystem or federation.



With SSO configured, when users approach a domain necessitating authentication, they’re rerouted to the Connect's login page for authentication. If already authenticated there, they’re swiftly sent back to the initial domain without the need for another login.

In the context of SSO, Raidiam acts as an OIDC-compliant Identity Provider (IDP), offering users a streamlined experience across the ecosystem's applications and services. Rather than juggling multiple sets of credentials for each service, a single login grants access to an entire array of applications.

Organisations may utilize Domain Users and their Permissions -- Roles -- to enable different types of users to access applications while not enabling them to access the Connect platform itself.

Setting Up SSO Capabilities

Single Sign-On can be set up by Trust Framework Administrators and utilized to enable external applications to leverage Raidiam Connect as an IDP. You can connect the Raidiam Platform to any application as you would connect any other OpenID Connect compliant IDP.

For this, all the administrator needs is access within the directory to register and generate a FAPI-compliant client and its credentials to start leveraging the platform for authentication.

With this method, users are redirected to the authorization server where they authenticate and give permission for the client application to access their resources. The authorization server then issues the authorization code. The client application can then use the authorization code to obtain an access token, which can be used to access the user's resources and also receives an ID token to identify the user.

To enable users to authenticate with Connect while accessing other applications but without giving them access to the Connect platform, Create New Domain User System and assign the needed permissions.