Single Sign On Overview
Single Sign On (SSO) is the process of allowing end users to securely authenticate to multiple applications based on their authenticated identity on another application.
API Objects & Endpoints
API Resources | Description |
|---|---|
A top-level tenant that groups members, auth settings, roles, and other identity configurations. | |
Represents an authenticated user who is a member of a specific Organization. | |
Represents a SAML protocol-based connection with an identity provider. A SAML Connection is explicitly tied to an Organization, which can have multiple SAML Connections. | |
Represents an OIDC protocol-based connection with an identity provider. An OIDC Connection is explicitly tied to an Organization, which can have multiple OIDC Connections. | |
A managed session that tracks a Member's logged-in state using JWTs or session tokens. |
How It Works
SSO involves two parties:
- Service Provider (SP): the application the end user is trying to access (your application)
- Identity Provider (IdP): the application that is verifying the end user's identity
For B2B applications like yours, the Identity Provider in the SSO exchange refers to the workforce IdP that your customers use to centrally manage their employees access and identity information. When an end user authenticates through an Organization's SSO Connection this verifies both their identity as well as their authorization to access the Organization's instance on your application.
The standards for securely exchanging authentication and authorization data between the identity provider and the service providers are established by the protocol being used, typically SAML or OIDC -- but Stytch abstracts away those details for you, and the flow between you and Stytch will be the same regardless of the protocol used.
You can read more about how SSO works and why enterprise companies request SSO support here.