g

Single Sign On (SSO)

Single Sign On (SSO) provides a way for users to securely login to several applications and/or websites with a single account. Open Authorisation (OAuth) is a framework which uses the idea of SSO for authorising & granting access to users. Core dna implements OAuth 2.

Signing Into Your Website

You can sign in to your website using your local user account. When configured, you can also sign in using an external authenticator using OAuth.

Currently we support the following external authenticators:

To enable these, some configuration is needed which can be done in Accounts → OAuth → Configuration. Please refer to your external authenticator documentation regarding obtaining client ID & secret and setting up OAuth on their side.

Sample Configuration

User Experience

A typical user experience involving SSO with external authenticator would look like:

  1. A user wants to access restricted content. They are prompted by a login page.
  2. User decides to login using their company ID (hosted on Azure ID). This is done by clicking on ‘Sign in with Microsoft’.
  3. The user is redirected to Microsoft’s Azure login page. If the user is already logged in then they are immediately redirected back to the original site. Otherwise, they must authenticate with their Azure AD credentials. Usually this involves entering username/password & possibly MFA code.
  4. Once authenticated, user is redirected back to original site.

Workflow Integrations

With the use of Forms & Hooks modules, you can implement powerful & customised workflows for SSO.

Some basic examples include:

Using Core dna to Sign In

Your core dna website has built in ability to be an OAuth 2 authenticator, meaning that your users could sign in to other websites/applications (where supported) using their local account.

To set this up an OAuth client needs to be created in Accounts → Oauth → Clients → Add Client

Sample OAuth Client Configuration

Upon saving this form, a set of client ID & secret will be generated. Be sure to note this as the client secret fill not be visible after sometime. This set of credentials should be configured in the application/website.