Managing identities in a world of multiple software applications is a hard task to tackle and can severely affect the usability of a product. With every platform that is plugged into the ecosystem, there is also an increase in the amount of integrations, user correlations and permissions which need to be stored and managed. Single Sign On (SSO) helps alleviate some of these challenges by allowing clients to store user's credentials just one time and then, going forward, access many applications through this single secure integrationׁ.
Unfortunately, SSO requires a complex set of transactions between several entities in order to authenticate the user, which can make SSO implementation quite challenging.
With the Frontegg SSO solution, it is easy to provide a variety of SSO integration options for your customers. Frontegg provides the components and the complex “wiring” behind the scene so you can sit back and enjoy a plug-and-play experience with little to no code required on your end.
Your customer accesses a Frontegg component where he claims the domain by adding a TXT record (we are validating it for you so no worries there). Then he chooses the IDP, follows the instructions on the screen and configures it.
On the backend, before the login you can call the Frontegg SDK to check whether this customer's email is configured for SSO access. If so, we are returning redirect response with the signed SAML request.
When the IDP returns to your API with the SAML response, all you have to do it call the Frontegg SDK to validate the SAML response, extract the logged-in user and return it.
From that moment, you can continue with your usual login activities (such as generating the JWT, Auditing the login etc.).
The flow is described in the diagram below:
Updated 5 days ago