Nowadays, we sign in to many online services, applications or software that all require ID.
Single Sign-On (SSO) is a component of identity federation that allows users to authenticate only once to access multiple services. So, once you’re connected to the SSO service, it indicates to other applications that you’re already connected, therefore avoiding the need to repeat the manipulation each time.
All organizations that already have a user database and support one of the existing protocols can claim for identity federation.Identity federation allows the user to easily access the applications and services of their choice in full security and in compliance with the RGPD (Carmo V3, Article 16).
The implementation of identity federation in school authentication protocols highlights several practical advantages.
First of all, it makes it possible to establish a relationship of trust between 2 entities : the service provider (idruide) and the identity provider (ENT, G Suite, Microsoft Azur AD, etc.). Then, you can access the resources of the establishment simply and safely.
Identity federation makes it possible to use an existing identity in a third-party service, which increases the level of security for more simplicity for users. It is statistically proven that the same passwords are used for authentication on multiple applications. By avoiding creating new ones for each service or application, identity federation increases security.
The identity federation on Stonehenge concerns all users of different digital equipment (tablets, computers, etc.). Stonehenge, our administrator management interface for CIOs, supports a federation of Google, Microsoft and ENT identities.
idruide offers a variety of identity federation modes depending on whether you are working with an identity provider (ENT, Azure Ad, G Suite) or not.
You have an identity provider
The ENT is the identity provider for the users of the system. It’s still preferable to use the ENT so as not to multiply accounts and connection information.
You can also connect with other external identity providers : Azure AD, G Suite…
You do not have an identity provider
In this case, you can interconnect directly with idruide, which has its own nominative identity creation system. To do this, you will need to provide us with your list of users.
You can also interconnect without an identity provider and without a username or password. You can assign a user account remotely on any device without a login or password.
For the establishment of identity federation, we support the main federation protocols, namely CAS, SAML and OIDC.