SSO Integrations
Single Sign-On (SSO) and Identity Federation is a key feature in modern authentication, enabling users to access multiple applications with a single set of credentials.
Descope offers flexible SSO integration options to cater to different organizational needs, whether you want Descope to be your Identity Provider (IdP), your Service Provider (SP), or both.
If you would like to learn more about the relationship between Identity Providers (IdPs) and Service Providers (SPs), you can look at our guide on this.
Descope as the Identity Provider (Applications)
When Descope is configured as the Identity Provider, it acts as the central authority for authentication, managing users, roles, and permissions across multiple applications.
This setup allows you to provide seamless access to various applications by leveraging Descope Flows, including auth methods like OAuth social login, passkeys, as well as multi-factor authentication and device fingerprinting.
Use Cases:
- Consolidate Authentication Across Apps: Be able to aggreate the authentication experience, sessions, and user identities in one central location while providing access to multiple internal or third-party applications.
- Hosted Application: Be able to utilize flows and authenticate users for applications using our Auth Hosting application, without having to embed our Descope components in your application.
- Augmentation: Be able to augment and integrate Descope authentication in existing auth implementations, such as AWS Cognito, Firebase, etc.
Learn More:
Descope as the Service Provider (Tenants / Custom Providers)
In this configuration, Descope integrates with external Identity Providers, allowing users from different organizations (or tenants) to access your application. This is particularly useful when you want to offer a single application to multiple clients, each with its own IdP, or when integrating with enterprise-level solutions like Azure AD or Okta.
Use Cases:
- Multi-Tenant Applications: Useful for SaaS providers who need to support multiple organizations with different IdPs.
- Custom Provider Integrations: Allows integration with custom identity providers for niche use cases.
Learn More:
Descope as Both IdP and SP (Identity Federation Broker)
In some cases, you might want Descope to act as both the IdP and SP. This setup is common in complex environments where an application needs to authenticate users both internally (using Descope as IdP) and externally (by accepting identities from other IdPs).
Use Cases:
- Hybrid Environments: Ideal for large organizations with a mix of internal users (authenticated via Descope) and external users (authenticated via their organization's IdP).
- Advanced Customization: Offers maximum flexibility for organizations with complex authentication requirements.
Learn More:
Relevant Sections
Conclusion
Descope’s versatile SSO capabilities enable you to tailor your authentication strategy to meet the specific needs of your organization.
Whether you’re centralizing user management, supporting multi-tenant applications, or implementing a hybrid approach, Descope provides the tools and flexibility to ensure secure and seamless access to your applications.