Adding Single Sign On (SSO)
When you want some or all of your users to login with an external identity provider, that's when you have to configure Single Sign On (SSO).
Due to the sheer number of features Descope offers, it can sometimes be confusing on how you configure SSO or what the differences are between SSO, identity federation, custom providers and more. This guide aims to educate and demonstrate how you can easily add SSO to your Descope powered applications.
When adding Single Sign On (SSO) to your application, you streamline user authentication by allowing users to log in with a single set of credentials across multiple systems. This not only enhances user experience but also improves security by reducing the number of passwords a user needs to manage. In this guide, we'll walk you through the steps to configure SSO with Descope, including attribute and group mapping, and testing the SSO connection to ensure everything is set up correctly.
Synopsis of SSO
Single Sign On (SSO) is an authentication method that enables users to access multiple applications with one set of login credentials. With SSO, once a user is authenticated, they can access all authorized applications without needing to log in again. This is particularly useful in enterprise environments where employees need to access numerous systems and applications throughout their day. SSO helps reduce the risk of password fatigue, phishing attacks, and enhances productivity by simplifying the login process.
Security of SSO
If you are an enterprise customer, who wants to implement Descope flows as part of your B2B company-side authentication, we recommend using SAML SSO rather than OIDC or any other authentication method. The reason is because of the security advantages that SAML provides.
By using SSO, you're able to ensure that all of the users of a specific tenant adhere to the same authentication policies set by the identity provider.
In addition to this, using SAML SSO in particular provides a few other notable benefits, such as:
If you would like to read more about SAML and how it works, you can refer to our learning center article.
SSO for End Users
We refer to SSO for the purposes of end user authentication, not Descope Console login and management, as an SSO integration. We have an entire section in our docs about SSO Integrations you can refer to, if you're interested.
SSO for Descope Console Management
You can configure SSO for your organization, for the purpose of logging into the Descope Console, from the Company Settings page.
Other Related Documentation
To fully understand the SSO setup process, you may need to reference other components in the Descope documentation:
- How to Setup SSO from Scratch - Comprehensive guide on how to configure SSO from start to finish with Descope.
- Self Service Provisioning Widget - Comprehensive overview of the self-service SSO provisioning widget.
- Descope as an Identity Federation Broker - Informational page on using Descope as a federated identity broker.
By following this guide, you'll be able to configure SSO with Descope, ensuring a seamless and secure authentication experience for your users.
If you encounter any issues or need further assistance, refer to the linked documentation or reach out to our support team.