Single sign-on (SSO)
Single sign-on (SSO) means a system that allows a user to log in with a single identity to multiple applications. 10Duke Enterprise allows you to build an SSO system and connect to your customers’ SSO systems.
The most common scenarios are the following:
-
10Duke Enterprise itself is an SSO system out of the box. A user can create a single user account and log in to all 10Duke Enterprise tools and applications such as 10Duke SysAdmin, 10Duke OrgAdmin, and user profile management.
-
You can use 10Duke Enterprise as the identity provider for your client application, and a user can log in to your application with 10Duke Enterprise. If you have multiple client applications, the user can log in to all of them with the same user account. There may be different kinds of client applications, including desktop, mobile, and web.
-
If you (the vendor) have your own identity provider for your end users, you can make 10Duke Enterprise use this provider for all user logins.
-
If your customer has their own identity provider, you can set up federation with them and allow their users to log in with their user account within the customer organization.
When creating the SSO system, each client application must be connected to 10Duke Enterprise, and the client application must be configured as a client in SysAdmin.
Each identity provider must be configured as an external identity provider in SysAdmin and connected to 10Duke Enterprise.
Single logout (SLO)
In an SSO system, there may be multiple applications sharing a login session. You can use single logout (SLO) to allow the end user to log out from multiple client applications with a single action.
If the user is logged in to multiple applications and a logout is started from one of them, 10Duke Enterprise logs the user out from all the applications.