How to Streamline your Login Experience via Passwordless SSO

What is Single Sign-On?

Single Sign-On (SSO) is an authentication framework that allows users to authenticate in multiple applications using a single set of credentials.

SSO works based on a communication between the application where the user wants to login (the service provider) and an identity provider that will authenticate the user.

The login process usually takes the following steps:

1. The user goes to an application or website that requires authentication (the service provider).
2. Then they are redirected to the authentication domain (the identity provider) where they may be prompted to log in.
3. If the user is already logged in to their identity provider, they can be immediately redirected back to the original application without signing in again.
4. The identity provider will send a token back to the service provider that confirms a successful authentication.
5. The user has been granted access to the service provider.

OpenID Connect

Most consumer-facing SSO applications use an authentication protocol called OpenID Connect (OIDC). This protocol handles the authentication process through JSON Web Tokens and a central identity provider, using the steps described above. In this case, after the user logs in to the identity provider, they are asked to grant specific data access to the application (service provider). An ID Token with user information is generated and sent to the application.

To achieve a truly frictionless login experience, you can now use YooniK as an Identity Provider using the OIDC protocol. To log in with YooniK, you need a username and a selfie, and that's it! No more passwords to worry about. You can check here for a sample Python app using YooniK's OIDC server for logging in users.

YooniK as an Enterprise Identity Provider for Auth0

If you are already using an Identity Management service in your applications like Auth0 and would like to improve your user login experience, you can add YooniK SSO as a login option and enable passwordless authentication with zero effort. Ready? Follow the steps below:

Prerequisites

• Register Your Application with Auth0.
  • Select the appropriate Application Type.
  • Add an Allowed Callback URL to https://YOUR_APP/callback.
  • Make sure your Application's Grant Types include the appropriate flows.

Set up your app with YooniK SSO service

To allow users to log in using YooniK SSO, you must register your application with YooniK.

Find your Auth0 domain name and redirect URI

Usually, your Auth0 domain name is your tenant name, your regional subdomain (unless your tenant is in the US region and was created before June 2020), plus .auth0.com. For example, if your tenant name were exampleco-enterprises, your Auth0 domain name would be exampleco-enterprises.us.auth0.com and your redirect URI would be https://exampleco-enterprises.us.auth0.com/login/callback (if your tenant is in the US and was created before June 2020, then your domain name would be https://exampleco-enterprises.auth0.com).

If you are using custom domains, your redirect URI will have the following format: https://<YOUR CUSTOM DOMAIN>/login/callback.

Send a request to YooniK for setting up your app

To set up your app with YooniK, please send an e-mail to support@yoonik.me requesting an SSO service account and provide your app name, Auth0 domain, and redirect URI. You will receive a unique identifier for the registered app and also a secret (Client ID and Client Secret). Make note of these values, you will need them later.

Create an enterprise connection using Auth0 Dashboard

1. Navigate to Auth0 Dashboard > Authentication > Enterprise, locate Open ID Connect, and click its +.
2. Enter the details for your connection and select Create:

   • Connection name: Logical identifier for your connection: It must be unique to your tenant (e.g., "yoonik-oidc").

   • Issuer URL: https://accounts.yoonik.me/.well-known/openid-configuration

   • Client ID: Unique identifier for your registered application. Enter the saved value of the Client ID for the app you previously registered with YooniK.

   • Callback URL: URL to which Auth0 redirects users after they authenticate. Ensure that this was the value you previously provided to YooniK.

   • Sync user profile attributes at each login: When enabled, Auth0 automatically syncs user profile data with each user's login, thereby ensuring that changes made to the connection source are automatically updated to Auth0.

     
     

     

     
     

3. In the Settings view, make the following configuration adjustments, and then click Save Changes:
   • Type: Set to Back Channel.
   • Client Secret: Enter the saved value of the Client Secret for the app you previously registered with YooniK.
   • Scopes: Enter "openid profile".
4. In the Login Experience view, configure how users log in with this connection and then click Save:
   • Check the Display connection as a button box.
   • Button display name: YooniK.
   • Button logo URL: https://yk-website-images.s3.eu-west-1.amazonaws.com/logo.png.

5. In the Applications view, enable the applications that you want to use this connection.

And it's done! After these steps, your users can log in to your app by just using their faces!

For more information and free trial licenses, please contact us or join our Discord community.

Disclosure: I am currently working with YooniK as co-founder and VP of Engineering and I have an equity portion of the company.

Also published here.