Concept Guides
Single Sign-On
single sign on (sso) enables users to access multiple applications and platforms available within an ecosystem or a federation through a single authentication event at the raidiam connect platform raidiam connect enables trust framework participants docid\ zwoo4fno16xiy1mcodij5 and organisations docid\ sproag20ez4b y2pel7wz to set up single sign on to allow the users docid\ ijyftusvdonrn4rxsnsev to authenticate using their connect accounts and access multiple applications and platforms present within an ecosystem or federation flowchart td; id1(user) id2(raidiam connect) id3(api metrics platform) id4(service desk) id5(security dashboard) id1 authenticate >id2; id2 >id3; id2 >id4; id2 >id5; with sso configured, when users approach a domain necessitating authentication, they’re rerouted to the connect's login page for authentication if already authenticated there, they’re swiftly sent back to the initial domain without the need for another login in the context of sso, raidiam acts as an oidc compliant identity provider (idp), offering users a streamlined experience across the ecosystem's applications and services rather than juggling multiple sets of credentials for each service, a single login grants access to an entire array of applications organisations may utilize users docid\ ijyftusvdonrn4rxsnsev and their users docid\ ijyftusvdonrn4rxsnsev roles to enable different types of users to access applications while not enabling them to access the connect platform itself setting up sso capabilities single sign on can be set up by trust framework participants docid\ zwoo4fno16xiy1mcodij5 and utilized to enable external applications to leverage raidiam connect as an idp you can connect the raidiam platform to any application as you would connect any other openid connect compliant idp for this, all the administrator needs is access within the directory to register and generate a fapi compliant client and its credentials to start leveraging the platform for authentication with this method, users are redirected to the authorization server where they authenticate and give permission for the client application to access their resources the authorization server then issues the authorization code the client application can then use the authorization code to obtain an access token, which can be used to access the user's resources and also receives an id token to identify the user to enable users to authenticate with connect while accessing other applications but without giving them access to the connect platform, configure domain user system docid\ nklcuhtnevownecq41qbq and assign the needed permissions